[go: up one dir, main page]

CN115442367A - Data transmission method, virtual private cloud, device, medium and product - Google Patents

Data transmission method, virtual private cloud, device, medium and product Download PDF

Info

Publication number
CN115442367A
CN115442367A CN202211010457.1A CN202211010457A CN115442367A CN 115442367 A CN115442367 A CN 115442367A CN 202211010457 A CN202211010457 A CN 202211010457A CN 115442367 A CN115442367 A CN 115442367A
Authority
CN
China
Prior art keywords
virtual
private cloud
gateway
data
dedicated gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211010457.1A
Other languages
Chinese (zh)
Inventor
张文
张轩辕
周健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN202211010457.1A priority Critical patent/CN115442367A/en
Publication of CN115442367A publication Critical patent/CN115442367A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a data transmission method, a virtual private cloud, a device, a medium and a product. The data transmission method is applied to a first virtual private cloud, wherein a first exclusive gateway is arranged in the first virtual private cloud, and the method comprises the following steps: under the condition that a first virtual machine in a first virtual private cloud needs to transmit first data to a second virtual machine in a second virtual private cloud, the first virtual machine sends the first data to a first exclusive gateway; the first exclusive gateway forwards the first data to a second exclusive gateway arranged in a second virtual private cloud, so that the second exclusive gateway forwards the first data to the second virtual machine. According to the embodiment of the application, the safety and the expandability can be improved, and the fault isolation control can be realized.

Description

数据传输方法、虚拟私有云、设备、介质及产品Data transmission method, virtual private cloud, equipment, medium and product

技术领域technical field

本申请属于云技术,尤其涉及一种数据传输方法、虚拟私有云、设备、介质及产品。The present application belongs to cloud technology, and in particular relates to a data transmission method, a virtual private cloud, equipment, media and products.

背景技术Background technique

随着云技术的不断发展,越来越多的数据被存储在云服务器中,而云上的租户,通常会基于业务数据,将不同业务部署在不同的VPC(Virtual Private Cloud,虚拟私有云)中,以实现不同业务之间的网络隔离。其中,VPC是存在于共享或公用云中的私有云,是一个基本的网络隔离域。With the continuous development of cloud technology, more and more data is stored in cloud servers, and tenants on the cloud usually deploy different services in different VPCs (Virtual Private Clouds) based on business data. In order to achieve network isolation between different services. Among them, VPC is a private cloud that exists in a shared or public cloud, and is a basic network isolation domain.

在现有的云计算网络架构中,实现不同VPC之间数据互通的方式主要是通过在公网上暴露VPC内的业务接口,由其他VPC通过公网暴露的业务接口进行通信,或是利用对等连接或云联网等产品,依赖集中式的网关节点进行通信。In the existing cloud computing network architecture, the way to realize data intercommunication between different VPCs is mainly by exposing the business interface in the VPC on the public network, and communicating with other VPCs through the service interface exposed on the public network, or using peer-to-peer Products such as connectivity or cloud networking rely on centralized gateway nodes for communication.

这样,现有技术中的不同VPC之间数据传输的方式至少存在安全性差、可扩展性差、以及无法实现故障隔离控制的问题。In this way, the way of data transmission between different VPCs in the prior art at least has the problems of poor security, poor scalability, and failure to implement fault isolation control.

发明内容Contents of the invention

本申请实施例提供一种数据传输方法、虚拟私有云、设备、介质及产品,能够提高安全性、可扩展性,并实现故障隔离控制。Embodiments of the present application provide a data transmission method, virtual private cloud, equipment, media, and products, which can improve security, scalability, and implement fault isolation control.

第一方面,本申请实施例提供一种数据传输方法,应用于第一虚拟私有云,所述第一虚拟私有云中设置有第一专属网关,该方法包括:In the first aspect, the embodiment of the present application provides a data transmission method applied to a first virtual private cloud, where a first dedicated gateway is set in the first virtual private cloud, and the method includes:

在所述第一虚拟私有云中的第一虚拟机需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,所述第一虚拟机将所述第一数据发送至所述第一专属网关;When the first virtual machine in the first virtual private cloud needs to transmit the first data to the second virtual machine in the second virtual private cloud, the first virtual machine sends the first data to the The first dedicated gateway;

所述第一专属网关向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据,以使所述第二专属网关将所述第一数据转发至所述第二虚拟机。The first dedicated gateway forwards the first data to a second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second virtual machine .

第二方面,本申请实施例提供了一种虚拟私有云,所述虚拟私有云中设置有第一专属网关,所述虚拟私有云中包括多个虚拟机,所述多个虚拟机中至少包括第一虚拟机;In the second aspect, the embodiment of the present application provides a virtual private cloud, the virtual private cloud is provided with a first dedicated gateway, the virtual private cloud includes a plurality of virtual machines, and the plurality of virtual machines include at least first virtual machine;

所述第一虚拟机,用于在需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,将所述第一数据发送至所述第一专属网关;The first virtual machine is configured to send the first data to the first dedicated gateway when the first data needs to be transmitted to the second virtual machine in the second virtual private cloud;

所述第一专属网关,用于向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据,以使所述第二专属网关将所述第一数据转发至所述第二虚拟机。The first dedicated gateway is configured to forward the first data to a second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second dedicated gateway. Two virtual machines.

第三方面,本申请实施例提供了一种电子设备,该电子设备包括:处理器以及存储有计算机程序指令的存储器;In a third aspect, an embodiment of the present application provides an electronic device, and the electronic device includes: a processor and a memory storing computer program instructions;

处理器执行所述计算机程序指令时实现如第一方面的任一项实施例中所述的数据传输方法的步骤。When the processor executes the computer program instructions, the steps of the data transmission method described in any one embodiment of the first aspect are implemented.

第四方面,本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序指令,计算机程序指令被处理器执行时实现如第一方面的任一项实施例中所述的数据传输方法的步骤。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which computer program instructions are stored, and when the computer program instructions are executed by a processor, the implementation as in any one of the embodiments of the first aspect The steps of the data transmission method.

第五方面,本申请实施例提供了一种计算机程序产品,计算机程序产品中的指令由电子设备的处理器执行时,使得所述电子设备执行如第一方面的任一项实施例中所述的数据传输方法的步骤。In the fifth aspect, the embodiment of the present application provides a computer program product. When the instructions in the computer program product are executed by the processor of the electronic device, the electronic device executes the computer program described in any one of the embodiments of the first aspect. The steps of the data transfer method.

本申请实施例中的数据传输方法、虚拟私有云、设备、介质及产品,通过在每个虚拟私有云中设置专属网关,在第一虚拟私有云中的第一虚拟机需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,由第一虚拟机将第一数据发送至所处第一虚拟私有云中设置的第一专属网关,由该第一专属网关将第一数据转发至第二虚拟私有云中设置的第二专属网关,以使第二专属网关将第一数据转发至第二虚拟机。这样,由于本申请实施例无需将各虚拟私有云中虚拟机的业务接口暴露在公网上,因此可提高数据传输的安全性。另外,由于每个虚拟私有云中都有自己的专属网关,且专属网关只承载本VPC相关的业务流量,因此可提高业务数据服务的可扩展性。同时,不同虚拟私有云之间不同享网关节点,相较于现有的依赖于集中式网关节点的通信方式,本申请实施例在专属网关节点故障时,只会影响本VPC的数据服务,因此可将故障的影响范围控制在本VPC中,实现故障隔离控制。In the data transmission method, virtual private cloud, equipment, medium and product in the embodiment of the present application, by setting a dedicated gateway in each virtual private cloud, the first virtual machine in the first virtual private cloud needs to transfer to the second virtual private cloud. When the second virtual machine in the cloud transmits the first data, the first virtual machine sends the first data to the first dedicated gateway set in the first virtual private cloud, and the first dedicated gateway sends the first The data is forwarded to the second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second virtual machine. In this way, since the embodiment of the present application does not need to expose the service interfaces of the virtual machines in each virtual private cloud to the public network, the security of data transmission can be improved. In addition, since each virtual private cloud has its own dedicated gateway, and the dedicated gateway only bears the business traffic related to the VPC, it can improve the scalability of business data services. At the same time, different virtual private clouds do not share gateway nodes. Compared with the existing communication methods that rely on centralized gateway nodes, the embodiment of this application only affects the data services of this VPC when the dedicated gateway node fails. Therefore, The impact range of the fault can be controlled within the VPC to realize fault isolation control.

附图说明Description of drawings

为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例中所需要使用的附图作简单的介绍,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following will briefly introduce the accompanying drawings that need to be used in the embodiments of the present application. Additional figures can be derived from these figures.

图1是本申请实施例提供的数据传输方法所适用的网络架构的结构示意图;FIG. 1 is a schematic structural diagram of a network architecture to which a data transmission method provided in an embodiment of the present application is applicable;

图2是本申请一个实施例提供的数据传输方法的流程示意图;FIG. 2 is a schematic flow diagram of a data transmission method provided by an embodiment of the present application;

图3是本申请一个实施例提供的数据传输装置的结构示意图;FIG. 3 is a schematic structural diagram of a data transmission device provided by an embodiment of the present application;

图4是本申请一个实施例提供的电子设备的结构示意图。Fig. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式detailed description

下面将详细描述本申请的各个方面的特征和示例性实施例,为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及具体实施例,对本申请进行进一步详细描述。应理解,此处所描述的具体实施例仅意在解释本申请,而不是限定本申请。对于本领域技术人员来说,本申请可以在不需要这些具体细节中的一些细节的情况下实施。下面对实施例的描述仅仅是为了通过示出本申请的示例来提供对本申请更好的理解。The characteristics and exemplary embodiments of various aspects of the application will be described in detail below. In order to make the purpose, technical solution and advantages of the application clearer, the application will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only intended to explain the present application rather than limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is only to provide a better understanding of the present application by showing examples of the present application.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. any such actual relationship or order exists between them. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or apparatus. Without further limitations, an element defined by the statement "comprising..." does not exclude the presence of additional same elements in the process, method, article or device comprising said element.

目前,在现有的云计算IAAS(Infrastructure as a Service,基础设施即服务)网络架构中,例如OpenStack等云架构,主要通过以下两种方式来实现不同VPC之间的互通。At present, in the existing cloud computing IAAS (Infrastructure as a Service, Infrastructure as a Service) network architecture, such as OpenStack and other cloud architectures, the intercommunication between different VPCs is mainly realized through the following two methods.

一是利用公网实现通信,VPC会将业务接口通过公网IP对外暴露,其他VPC通过公网暴露的业务接口进行通信。One is to use the public network to achieve communication. The VPC will expose the service interface through the public network IP, and other VPCs will communicate through the service interface exposed on the public network.

二是利用对等连接或云联网等产品实现通信,对等连接或是云联网产品会依赖集中式的网关节点,不同VPC之间互通需要建立对等连接或是加入云联网实例。需要传输的数据则通过路由表转发至网关节点,由网关节点进一步转发至其他VPC。The second is to use products such as peer-to-peer connections or cloud networking to achieve communication. Peer-to-peer connections or cloud networking products will rely on centralized gateway nodes. The intercommunication between different VPCs needs to establish peer-to-peer connections or join cloud networking instances. The data to be transmitted is forwarded to the gateway node through the routing table, and then further forwarded to other VPCs by the gateway node.

上述两种实现方式中,对于利用公网进行通信的方式,需要消耗公网IP资源,且会将业务暴露在公网之上,使得安全性较差,而且公网资源费用较高,且资源有限,存在可扩展性差的问题;另外,对于依赖集中式的网关节点进行转发的方式,不同数据流量之间会相互影响,并且若其中一个网关节点出现故障,则会影响所有VPC之间的通信,无法实现故障隔离控制,可靠性和稳定性较低。In the above two implementation methods, for the communication method using the public network, the public network IP resources need to be consumed, and the business will be exposed to the public network, which makes the security poor, and the resource cost of the public network is high, and the resource Limited, there is a problem of poor scalability; in addition, for the way of relying on centralized gateway nodes for forwarding, different data flows will affect each other, and if one of the gateway nodes fails, it will affect the communication between all VPCs , unable to achieve fault isolation control, low reliability and stability.

为了解决现有技术问题,本申请实施例提供了一种数据传输方法、虚拟私有云、设备、介质及产品。该数据传输方法可以应用于不同VPC之间进行数据传输的场景,下面首先对本申请实施例所提供的数据传输方法所适用的网络架构进行介绍。In order to solve the problems in the prior art, the embodiments of the present application provide a data transmission method, a virtual private cloud, equipment, media and products. The data transmission method can be applied to a scenario where data is transmitted between different VPCs. The network architecture to which the data transmission method provided by the embodiment of the present application is first introduced below.

图1是本申请实施例提供的数据传输方法所适用的网络架构的结构示意图。FIG. 1 is a schematic structural diagram of a network architecture to which a data transmission method provided in an embodiment of the present application is applicable.

如图1所示,该网络架构中可包括多个虚拟私有云,例如第一虚拟私有云11、第二虚拟私有云12和第三虚拟私有云13。其中,每个虚拟私有云中可包括多个虚拟机,且每个虚拟私有云中均设置有专属网关。例如,第一虚拟私有云11中可包括第一虚拟机111在内的多个虚拟机,且设置有第一专属网关112。又如,第二虚拟私有云12中可包括第二虚拟机121在内的多个虚拟机,且设置有第二专属网关122。As shown in FIG. 1 , the network architecture may include multiple virtual private clouds, such as a first virtual private cloud 11 , a second virtual private cloud 12 and a third virtual private cloud 13 . Wherein, each virtual private cloud may include multiple virtual machines, and each virtual private cloud is provided with a dedicated gateway. For example, the first virtual private cloud 11 may include multiple virtual machines including the first virtual machine 111 , and the first dedicated gateway 112 is set. As another example, the second virtual private cloud 12 may include multiple virtual machines including the second virtual machine 121 , and is provided with a second dedicated gateway 122 .

任意两个专属网关之间可建立信息传输隧道,基于此,任意两个虚拟私有云之间可通过各自设置的专属网关以及专属网关之间建立的信息传输隧道进行通信。An information transmission tunnel can be established between any two dedicated gateways. Based on this, any two virtual private clouds can communicate through their respective dedicated gateways and the information transmission tunnel established between the dedicated gateways.

另外,每个虚拟私有云的专属网关中可包括主网关和备用网关,例如第一专属网关112中可包括主网关1121和备用网关1122。其中,主网关和备用网关具有相同的功能,以在主网关故障时,及时启动备用网关,提高数据传输的稳定性和可靠性。In addition, the dedicated gateway of each virtual private cloud may include a main gateway and a backup gateway, for example, the first dedicated gateway 112 may include a main gateway 1121 and a backup gateway 1122 . Wherein, the main gateway and the standby gateway have the same function, so that when the main gateway fails, the standby gateway can be activated in time to improve the stability and reliability of data transmission.

示例性地,专属网关的创建过程可以是,在需要互相通信的VPC内分别创建两个虚拟机,且每个虚拟机中可至少设置两个网卡,一个网卡用于配置面向VPC内部的虚拟IP地址,以实现与当前VPC内部的其他虚拟机之间的通信,一个网卡用于配置面向VPC外部的虚拟IP地址,以实现与其他VPC中专属网关之间的通信,这两个虚拟机可构成一个专属网关。其中,两个虚拟机之间可配置keepalived软件,以保持心跳监控,确保在其中一个虚拟机故障时,另一个虚拟机能够及时启动。Exemplarily, the creation process of the dedicated gateway can be to create two virtual machines in the VPC that need to communicate with each other, and at least two network cards can be set in each virtual machine, and one network card is used to configure the virtual IP facing the inside of the VPC address to realize communication with other virtual machines inside the current VPC, and a network card is used to configure a virtual IP address facing outside the VPC to realize communication with dedicated gateways in other VPCs. These two virtual machines can form A dedicated gateway. Among them, keepalived software can be configured between the two virtual machines to maintain heartbeat monitoring and ensure that when one of the virtual machines fails, the other virtual machine can be started in time.

基于上述网络架构,下面对本申请实施例提供的数据传输方法进行详细介绍。Based on the foregoing network architecture, the data transmission method provided by the embodiment of the present application is introduced in detail below.

图2是本申请一个实施例提供的数据传输方法的流程示意图。该数据传输方法可以由图1中的任一虚拟私有云执行,例如由第一虚拟私有云11执行。Fig. 2 is a schematic flowchart of a data transmission method provided by an embodiment of the present application. The data transmission method may be executed by any virtual private cloud in FIG. 1 , for example, by the first virtual private cloud 11 .

如图2所示,该数据传输方法具体可以包括如下步骤:As shown in Figure 2, the data transmission method may specifically include the following steps:

S210、在第一虚拟私有云中的第一虚拟机需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,第一虚拟机将第一数据发送至第一专属网关;S210. When the first virtual machine in the first virtual private cloud needs to transmit the first data to the second virtual machine in the second virtual private cloud, the first virtual machine sends the first data to the first dedicated gateway;

S220、第一专属网关向第二虚拟私有云中设置的第二专属网关转发第一数据,以使第二专属网关将第一数据转发至第二虚拟机。S220. The first dedicated gateway forwards the first data to the second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second virtual machine.

由此,通过在每个虚拟私有云中设置专属网关,在第一虚拟私有云中的第一虚拟机需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,由第一虚拟机将第一数据发送至所处第一虚拟私有云中设置的第一专属网关,由该第一专属网关将第一数据转发至第二虚拟私有云中设置的第二专属网关,以使第二专属网关将第一数据转发至第二虚拟机。这样,由于本申请实施例无需将各虚拟私有云中虚拟机的业务接口暴露在公网上,因此可提高数据传输的安全性。另外,由于每个虚拟私有云中都有自己的专属网关,且专属网关只承载本VPC相关的业务流量,因此可提高业务数据服务的可扩展性。同时,不同虚拟私有云之间不同享网关节点,相较于现有的依赖于集中式网关节点的通信方式,本申请实施例在专属网关节点故障时,只会影响本VPC的数据服务,因此可将故障的影响范围控制在本VPC中,实现故障隔离控制。Thus, by setting a dedicated gateway in each virtual private cloud, when the first virtual machine in the first virtual private cloud needs to transmit the first data to the second virtual machine in the second virtual private cloud, the second A virtual machine sends the first data to the first dedicated gateway set in the first virtual private cloud, and the first dedicated gateway forwards the first data to the second dedicated gateway set in the second virtual private cloud, so that Make the second dedicated gateway forward the first data to the second virtual machine. In this way, since the embodiment of the present application does not need to expose the service interfaces of the virtual machines in each virtual private cloud to the public network, the security of data transmission can be improved. In addition, since each virtual private cloud has its own dedicated gateway, and the dedicated gateway only bears the business traffic related to the VPC, it can improve the scalability of business data services. At the same time, different virtual private clouds do not share gateway nodes. Compared with the existing communication methods that rely on centralized gateway nodes, the embodiment of this application only affects the data services of this VPC when the dedicated gateway node fails. Therefore, The impact range of the fault can be controlled within the VPC to realize fault isolation control.

下面介绍上述各个步骤的具体实现方式。The specific implementation of each of the above steps is introduced below.

在一些实施方式中,在S110中,参考图1所示的网络架构,若第一虚拟私有云11中的第一虚拟机111需要向第二虚拟私有云12中的第二虚拟机121传输第一数据,则先由第一虚拟机111将需要传输的第一数据发送至第一专属网关112。In some implementations, in S110, referring to the network architecture shown in FIG. 1, if the first virtual machine 111 in the first virtual private cloud 11 needs to transmit the second First, the first virtual machine 111 sends the first data to be transmitted to the first dedicated gateway 112 .

这里,第一专属网关112在创建时可预先配置有第一虚拟地址,该第一虚拟地址可以是第一专属网关112面向第一虚拟私有云11内部的虚拟IP地址。Here, the first dedicated gateway 112 may be pre-configured with a first virtual address when created, and the first virtual address may be a virtual IP address of the first dedicated gateway 112 facing inside the first virtual private cloud 11 .

基于此,在一些实施方式中,上述S210具体可以包括:Based on this, in some implementation manners, the above S210 may specifically include:

第一虚拟机将第一虚拟地址作为下一跳地址,将第一数据发送至第一专属网关。The first virtual machine uses the first virtual address as a next-hop address, and sends the first data to the first dedicated gateway.

这里,由于第一虚拟地址是第一专属网关在第一虚拟私有云中的内部IP地址,因此,当第一虚拟机需要向第一虚拟私有云之外的其他虚拟私有云中的虚拟机发送数据时,可先将第一专属网关配置的第一虚拟地址作为下一跳地址,进行数据发送,以将数据发送给第一专属网关。Here, since the first virtual address is the internal IP address of the first dedicated gateway in the first virtual private cloud, when the first virtual machine needs to send When sending data, the first virtual address configured by the first dedicated gateway can be used as the next hop address to send data, so as to send the data to the first dedicated gateway.

这样,通过将第一虚拟地址作为下一跳地址进行第一数据的发送,可以实现将第一数据由第一虚拟机发送至第一专属网关,进而基于该第一专属网关向第一虚拟私有云之外的其他虚拟私有云发送该第一数据。In this way, by using the first virtual address as the next hop address to send the first data, it is possible to send the first data from the first virtual machine to the first dedicated gateway, and then send the first virtual private gateway to the first virtual private gateway based on the first dedicated gateway. Other virtual private clouds other than the cloud send the first data.

在一些实施方式中,在S120中,参考图1所示的网络架构,在第一虚拟私有云11中的第一虚拟机111将需要传输的第一数据发送至第一专属网关112之后,第一专属网关112可通过查询路由表,找到第二虚拟机121所在第二虚拟私有云12中的第二专属网关122,进而第一专属网关112可将接收的第一数据转发给第二专属网关122,以便第二专属网关122最终将第一数据转发给所属第二虚拟私有云12中对应的虚拟机,也即第二虚拟机121。In some implementations, in S120, referring to the network architecture shown in FIG. 1 , after the first virtual machine 111 in the first virtual private cloud 11 sends the first data to be transmitted to the first dedicated gateway 112, the second A dedicated gateway 112 can find the second dedicated gateway 122 in the second virtual private cloud 12 where the second virtual machine 121 is located by querying the routing table, and then the first dedicated gateway 112 can forward the received first data to the second dedicated gateway 122, so that the second dedicated gateway 122 finally forwards the first data to the corresponding virtual machine in the second virtual private cloud 12, that is, the second virtual machine 121.

另外,第二专属网关122在创建时可预先配置有第二虚拟地址,该第二虚拟地址可以是第二专属网关122面向第二虚拟私有云12外部的虚拟IP地址。In addition, the second dedicated gateway 122 may be pre-configured with a second virtual address when it is created, and the second virtual address may be a virtual IP address of the second dedicated gateway 122 facing outside the second virtual private cloud 12 .

基于此,在一些实施方式中,上述S220具体可以包括:Based on this, in some implementation manners, the above S220 may specifically include:

第一专属网关将第二虚拟地址作为下一跳地址,将第一数据发送至第二专属网关。The first dedicated gateway uses the second virtual address as a next-hop address, and sends the first data to the second dedicated gateway.

这里,由于第二虚拟地址是第二专属网关在各个专属网关之间的IP地址,因此,当第一专属网关需要向第二虚拟私有云中的虚拟机发送数据时,可先将第二专属网关配置的第二虚拟地址作为下一跳地址,进行数据发送,以将数据发送给第二专属网关。Here, since the second virtual address is the IP address of the second dedicated gateway between the dedicated gateways, when the first dedicated gateway needs to send data to the virtual machine in the second virtual private cloud, the second dedicated The second virtual address configured by the gateway is used as the next hop address to send data, so as to send the data to the second dedicated gateway.

这样,通过将第二虚拟地址作为下一跳地址进行第一数据的发送,可以实现将第一数据由第一专属网关发送至第二专属网关,进而使得第二专属网关可以将第一数据转发给所属第二虚拟私有云中相应的虚拟机,实现第一虚拟私有云和第二虚拟私有云之间的通信。In this way, by using the second virtual address as the next hop address to send the first data, the first data can be sent from the first dedicated gateway to the second dedicated gateway, so that the second dedicated gateway can forward the first data For corresponding virtual machines in the second virtual private cloud, communication between the first virtual private cloud and the second virtual private cloud is realized.

需要说明的是,上述实施例中第二虚拟私有云中的虚拟机也可按照与上述过程相似的过程,将数据发送至第一虚拟私有云中的虚拟机,同理,第一虚拟私有云和第二虚拟私有云中的虚拟机也可按照与上述过程相似的过程向其他虚拟私有云中的虚拟机发送数据,从而实现多个虚拟私有云中任意两个虚拟私有云之间的互通。It should be noted that, in the above embodiment, the virtual machine in the second virtual private cloud can also send data to the virtual machine in the first virtual private cloud according to a process similar to the above process. Similarly, the first virtual private cloud And the virtual machine in the second virtual private cloud can also send data to the virtual machine in other virtual private clouds according to the process similar to the above process, so as to realize the intercommunication between any two virtual private clouds in the multiple virtual private clouds.

另外,在一些实施方式中,第一专属网关中还可以配置有第三虚拟地址,该第三虚拟地址可以是第一专属网关面向第一虚拟私有云外部的虚拟IP地址。In addition, in some implementation manners, a third virtual address may also be configured in the first dedicated gateway, and the third virtual address may be a virtual IP address of the first dedicated gateway facing outside the first virtual private cloud.

基于此,在上述第一专属网关将第二虚拟地址作为目的地址,将第一数据发送至第二专属网关的步骤之前,本申请实施例提供的数据传输方法还可以包括:Based on this, before the first dedicated gateway uses the second virtual address as the destination address and sends the first data to the second dedicated gateway, the data transmission method provided by the embodiment of the present application may further include:

基于第三虚拟地址和第二虚拟地址,在第一专属网关与第二专属网关之间构建信息传输隧道。An information transmission tunnel is constructed between the first dedicated gateway and the second dedicated gateway based on the third virtual address and the second virtual address.

相应地,上述第一专属网关将第二虚拟地址作为下一跳地址,将第一数据发送至第二专属网关的步骤,具体可以包括:Correspondingly, the above-mentioned first dedicated gateway uses the second virtual address as the next hop address, and the step of sending the first data to the second dedicated gateway may specifically include:

第一专属网关将第二虚拟地址作为下一跳地址,基于信息传输隧道将第一数据发送至第二专属网关。The first dedicated gateway uses the second virtual address as the next-hop address, and sends the first data to the second dedicated gateway based on the information transmission tunnel.

这里,在利用专属网关传输数据之前,需要在各个专属网关之间构建信息传输隧道。其中,信息传输隧道例如可以是VXLAN(Virtual Extensible Local Area Network,虚拟扩展局域网)隧道。Here, before using the dedicated gateways to transmit data, it is necessary to build information transmission tunnels between the dedicated gateways. Wherein, the information transmission tunnel may be, for example, a VXLAN (Virtual Extensible Local Area Network, virtual extended local area network) tunnel.

示例性地,可利用专属网关中配置的面向所属虚拟私有云外部的虚拟IP地址,两两构建VXLAN隧道,并分配VNI(VXLAN Network Identifier,VXLAN网络标识符),以使任意两个专属网关之间可通过该VXLAN隧道进行数据传输,并在传输之前利用分配的VNI进行相应的数据封装,保证数据传输时不同隧道数据之间的隔离性。这样,通过构建隧道可完成不同虚拟私有云之间FullMesh的全互联的网络结构。Exemplarily, the virtual IP addresses configured in the dedicated gateway facing outside the virtual private cloud to which it belongs can be used to construct VXLAN tunnels two by two, and assign VNI (VXLAN Network Identifier, VXLAN network identifier), so that any two dedicated gateways Data can be transmitted between the VXLAN tunnels, and the allocated VNI can be used to perform corresponding data encapsulation before transmission, so as to ensure the isolation between data in different tunnels during data transmission. In this way, the fully interconnected network structure of FullMesh between different virtual private clouds can be completed by building tunnels.

具体地,以第一专属网关和第二专属网关为例,可利用第一专属网关中配置的第三虚拟地址与第二专属网关中配置的第二虚拟地址,在第一专属网关和第二专属网关之间构建VXLAN隧道,并分配与该VXLAN隧道对应的VNI。如此,第一专属网关可通过与第二专属网关之间的VXLAN隧道,向第二专属网关发送第一数据,以便第二专属网关在第二虚拟私有云内部将第一数据转发至第二虚拟机,从而最终实现第一虚拟私有云与第二虚拟私有云之间的互通。Specifically, taking the first dedicated gateway and the second dedicated gateway as an example, the third virtual address configured in the first dedicated gateway and the second virtual address configured in the second dedicated gateway can be used to connect the first dedicated gateway and the second dedicated gateway. Build a VXLAN tunnel between the dedicated gateways, and allocate the VNI corresponding to the VXLAN tunnel. In this way, the first dedicated gateway can send the first data to the second dedicated gateway through the VXLAN tunnel with the second dedicated gateway, so that the second dedicated gateway can forward the first data to the second virtual private cloud inside the second virtual private cloud. machine, so as to finally realize the intercommunication between the first virtual private cloud and the second virtual private cloud.

另外,为了准确找到第二虚拟机所处的虚拟私有云中对应设置的专属网关,在一些实施方式中,在上述S220之前,本申请实施例提供的数据传输方法还可以包括:In addition, in order to accurately find the corresponding dedicated gateway in the virtual private cloud where the second virtual machine is located, in some implementations, before the above S220, the data transmission method provided by the embodiment of the present application may further include:

根据第一目的地址,获取第一虚拟机与第二虚拟机之间的目标路由信息,其中,第一目的地址为第二虚拟机在第二虚拟私有云中的虚拟机地址;Obtaining target routing information between the first virtual machine and the second virtual machine according to the first destination address, where the first destination address is a virtual machine address of the second virtual machine in the second virtual private cloud;

基于目标路由信息,确定与第一目的地址对应的第二专属网关。Based on the destination routing information, a second dedicated gateway corresponding to the first destination address is determined.

这里,在VPC加入网络之后,与网络中的其他VPC进行通信之前,还可在加入的VPC中的专属网关内启动BGP(Border Gateway Protocol,边界网关协议),并发布本VPC的路由信息,更新路由表,完成专属网关之间的路由发布和学习。Here, after the VPC joins the network and before communicating with other VPCs in the network, BGP (Border Gateway Protocol) can also be started in the dedicated gateway of the joined VPC, and the routing information of this VPC can be published to update The routing table completes the routing publishing and learning between dedicated gateways.

基于此,第一虚拟机在发送第一数据之前,可设置第一数据对应的要发送的目的地址,也即第一目的地址,其具体可以是第二虚拟机在第二虚拟私有云中的虚拟机地址。如此,第一专属网关在将第一数据转发至第二专属网关之前,可首先根据该第一目的地址查询路由表,获取第一虚拟机与第二虚拟机之间的目标路由信息,通过该目标路由信息可确定该第一目的地址所属的VPC,也即第二虚拟私有云,进而可查询到该第二虚拟私有云对应的第二专属网关,第一专属网关即可以该第二专属网关对应的对外虚拟IP地址为下一跳地址,准确地将向第一数据发送至第二虚拟机所在的VPC中的专属网关。Based on this, before the first virtual machine sends the first data, it can set the destination address corresponding to the first data to be sent, that is, the first destination address, which can specifically be the address of the second virtual machine in the second virtual private cloud. virtual machine address. In this way, before the first dedicated gateway forwards the first data to the second dedicated gateway, it can first query the routing table according to the first destination address to obtain the target routing information between the first virtual machine and the second virtual machine, and through the The target routing information can determine the VPC to which the first destination address belongs, that is, the second virtual private cloud, and then the second dedicated gateway corresponding to the second virtual private cloud can be queried, and the first dedicated gateway can be the second dedicated gateway The corresponding external virtual IP address is a next-hop address, which accurately sends the first data to the dedicated gateway in the VPC where the second virtual machine is located.

另外,在一些实施方式中,在上述根据第一目的地址,获取第一虚拟机与第二虚拟机之间的目标路由信息的步骤之前,本申请实施例还可以包括:In addition, in some implementation manners, before the above step of obtaining the target routing information between the first virtual machine and the second virtual machine according to the first destination address, this embodiment of the present application may further include:

基于边界网关协议BGP,利用第一虚拟私有云和第二虚拟私有云中多个虚拟机分别对应的虚拟机地址,在第一虚拟私有云中的任一虚拟机与第二虚拟私有云中的任一虚拟机之间构建BGP对等体,得到第一虚拟私有云中的任一虚拟机与第二虚拟私有云中的任一虚拟机之间的路由信息。Based on the Border Gateway Protocol BGP, using the virtual machine addresses corresponding to the virtual machines in the first virtual private cloud and the second virtual private cloud, any virtual machine in the first virtual private cloud and the virtual machine in the second virtual private cloud A BGP peer is established between any virtual machines to obtain routing information between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud.

相应地,上述根据第一目的地址,获取第一虚拟机与第二虚拟机之间的目标路由信息的步骤,具体可以包括:Correspondingly, the above-mentioned step of obtaining target routing information between the first virtual machine and the second virtual machine according to the first destination address may specifically include:

根据第一目的地址,从路由信息中获取第一虚拟机与第二虚拟机之间的目标路由信息。According to the first destination address, the destination routing information between the first virtual machine and the second virtual machine is obtained from the routing information.

这里,在第一虚拟私有云加入网络时,还需在第一专属网关内启动BGP,利用隧道两端的内部地址,例如第一虚拟私有云中任一虚拟机与第二虚拟私有云中任一虚拟机分别对应的虚拟机地址,构建BGP对等体,进而可以得到第一虚拟私有云中任一虚拟机与第二虚拟私有云中任一虚拟机之间的路由信息。Here, when the first virtual private cloud joins the network, it is also necessary to start BGP in the first dedicated gateway, using the internal addresses at both ends of the tunnel, for example, any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud The virtual machine addresses corresponding to the virtual machines respectively construct BGP peers, and then the routing information between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud can be obtained.

这样,基于生成的路由信息,可查询得到第一虚拟机对应的虚拟机地址至第一目的地址的目标路由信息,进而利用该目标路由信息即可确定第二虚拟机所属的虚拟私有云的专属网关。In this way, based on the generated routing information, the target routing information from the virtual machine address corresponding to the first virtual machine to the first destination address can be queried, and then the target routing information can be used to determine the private virtual private cloud to which the second virtual machine belongs. gateway.

需要说明的是,第一虚拟私有云除了可以与第二虚拟私有云之间建立路由信息,还可以相同方式与其他虚拟私有云之间建立路由信息,以便与其他虚拟私有云进行互通。It should be noted that, in addition to establishing routing information with the second virtual private cloud, the first virtual private cloud can also establish routing information with other virtual private clouds in the same manner, so as to communicate with other virtual private clouds.

此外,在一些实施方式中,在上述得到第一虚拟私有云中的任一虚拟机与第二虚拟私有云中的任一虚拟机之间的路由信息之后,本申请实施例提供的数据传输方法还可以包括:In addition, in some implementations, after obtaining the routing information between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud, the data transmission method provided in the embodiment of the present application Can also include:

发布路由信息。Publish routing information.

这里,第一专属网关在生成路由信息之后,还可以基于BGP,向其他虚拟私有云发布该路由信息,完成专属网关之间的路由发布和学习。Here, after the first dedicated gateway generates the routing information, it can also publish the routing information to other virtual private clouds based on BGP, so as to complete the routing publishing and learning between the dedicated gateways.

另外,为了进一步提高VPC之间通信的可靠性和稳定性,在一些实施方式中,上述第一虚拟私有云中还可以包括主网关和备用网关,例如图1中第一虚拟私有云11中的第一专属网关112内可包括主网关1121和备用网关1122。In addition, in order to further improve the reliability and stability of communication between VPCs, in some implementations, the above-mentioned first virtual private cloud may also include a main gateway and a backup gateway, such as the first virtual private cloud 11 in FIG. 1 The first dedicated gateway 112 may include a main gateway 1121 and a standby gateway 1122 .

基于此,本申请实施例提供的数据传输方法还可以包括:Based on this, the data transmission method provided in the embodiment of the present application may also include:

确定主网关通信是否正常;Determine whether the main gateway communication is normal;

在主网关通信正常的情况下,将主网关作为第一专属网关;When the main gateway communicates normally, use the main gateway as the first dedicated gateway;

在主网关通信不正常的情况下,将备用网关作为第一专属网关。When the communication of the main gateway is abnormal, the backup gateway is used as the first dedicated gateway.

这里,主网关与备用网关之间可配置有keepalived软件,以保持心跳监控,如此,当备用网关监测到主网关通信正常的情况下,可不启动网关功能,继续使用主网关作为第一虚拟私有云对应的第一专属网关,而当备用网关监测到主网关通信不正常的情况下,可启动网关功能,进而使用备用网关作为第一虚拟私有云对应的第一专属网关。其中,通信不正常的情况例如可以包括网速过慢、掉电、断网等异常情况。Here, keepalived software can be configured between the main gateway and the backup gateway to maintain heartbeat monitoring. In this way, when the backup gateway detects that the communication of the main gateway is normal, the gateway function can not be activated, and the main gateway can continue to be used as the first virtual private cloud corresponding to the first dedicated gateway, and when the standby gateway detects that the communication of the main gateway is abnormal, the gateway function can be activated, and then the standby gateway can be used as the first dedicated gateway corresponding to the first virtual private cloud. Wherein, the situation of abnormal communication may include, for example, abnormal situations such as too slow network speed, power failure, and network disconnection.

另外,在启动备用网关之后,主网关通信正常后可实时监控备用网关通信是否正常,以便在备用网关通信不正常时再切换回主网关。In addition, after the standby gateway is started, the communication of the main gateway can be monitored in real time to see if the communication of the standby gateway is normal, so as to switch back to the main gateway when the communication of the standby gateway is abnormal.

这样,通过主备网关之间的切换,可尽可能地确保第一专属网关通信正常,从而可以进一步提高VPC之间通信的可靠性和稳定性。In this way, through the switching between the active and standby gateways, the normal communication of the first dedicated gateway can be ensured as much as possible, so that the reliability and stability of the communication between VPCs can be further improved.

除此之外,第一虚拟私有云还可接收其他虚拟私有云发送的数据,在一些实施方式中,本申请实施例提供的数据传输方法还可以包括:In addition, the first virtual private cloud can also receive data sent by other virtual private clouds. In some implementations, the data transmission method provided by the embodiment of the present application can also include:

在第一专属网关接收到其他专属网关发送的第二数据的情况下,第一专属网关根据第二数据对应的第二目的地址,将第二数据发送至第一虚拟私有云中与第二目的地址对应的虚拟机。When the first dedicated gateway receives the second data sent by other dedicated gateways, the first dedicated gateway sends the second data to the first virtual private cloud according to the second destination address corresponding to the second data. The virtual machine corresponding to the address.

示例性地,当第一专属网关接收到其他虚拟私有云中的专属网关发送的第二数据时,可获取其中携带的第二数据对应的第二目的地址,也即需要接收该第二数据的虚拟机IP地址,由于该第二目的地址为第一虚拟私有云中的内部地址,因此,第一专属网关可直接将该第二目的地址作为下一跳地址,在第一虚拟私有云内部将第二数据转发至相应的虚拟机。For example, when the first dedicated gateway receives the second data sent by the dedicated gateway in other virtual private clouds, it can obtain the second destination address corresponding to the second data carried therein, that is, the address that needs to receive the second data virtual machine IP address, because the second destination address is the internal address in the first virtual private cloud, therefore, the first dedicated gateway can directly use the second destination address as the next-hop address, and use the second destination address in the first virtual private cloud The second data is forwarded to the corresponding virtual machine.

综上,通过本申请实施例提供的数据传输方法,可实现不同VPC之间的互通。To sum up, through the data transmission method provided by the embodiment of the present application, the intercommunication between different VPCs can be realized.

需要说明的是,上述本申请实施例描述的应用场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着新应用场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。It should be noted that the application scenarios described in the above embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. Those of ordinary skill in the art know that, With the emergence of new application scenarios, the technical solutions provided by the embodiments of the present application are also applicable to similar technical problems.

基于相同的发明构思,本申请还提供了一种虚拟私有云。具体结合图3进行详细说明。Based on the same inventive concept, the present application also provides a virtual private cloud. It will be described in detail with reference to FIG. 3 .

图3是本申请一个实施例提供的虚拟私有云的结构示意图。Fig. 3 is a schematic structural diagram of a virtual private cloud provided by an embodiment of the present application.

如图3所示,该虚拟私有云300中可以包括多个虚拟机,该多个虚拟机中至少包括第一虚拟机301,虚拟私有云300中设置有第一专属网关302。As shown in FIG. 3 , the virtual private cloud 300 may include multiple virtual machines, the multiple virtual machines include at least a first virtual machine 301 , and a first dedicated gateway 302 is set in the virtual private cloud 300 .

其中,第一虚拟机301,用于在需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,将所述第一数据发送至所述第一专属网关302;Wherein, the first virtual machine 301 is configured to send the first data to the first dedicated gateway 302 when the first data needs to be transmitted to the second virtual machine in the second virtual private cloud;

第一专属网关302,用于向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据,以使所述第二专属网关将所述第一数据转发至所述第二虚拟机。The first dedicated gateway 302 is configured to forward the first data to the second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second virtual machine.

下面对上述数据传输装置300进行详细说明,具体如下所示:The above-mentioned data transmission device 300 will be described in detail below, specifically as follows:

在其中一些实施例中,所述第一专属网关302中配置有第一虚拟地址;In some of these embodiments, the first dedicated gateway 302 is configured with a first virtual address;

第一虚拟机301还用于将所述第一虚拟地址作为下一跳地址,将所述第一数据发送至所述第一专属网关。The first virtual machine 301 is further configured to use the first virtual address as a next-hop address, and send the first data to the first dedicated gateway.

在其中一些实施例中,所述第二专属网关中配置有第二虚拟地址;In some of these embodiments, the second dedicated gateway is configured with a second virtual address;

第一专属网关302,还用于将所述第二虚拟地址作为下一跳地址,将所述第一数据发送至所述第二专属网关。The first dedicated gateway 302 is further configured to use the second virtual address as a next-hop address, and send the first data to the second dedicated gateway.

在其中一些实施例中,所述第一专属网关中配置有第三虚拟地址;In some of these embodiments, a third virtual address is configured in the first dedicated gateway;

第一专属网关302,还用于在将所述第二虚拟地址作为目的地址,将所述第一数据发送至所述第二专属网关之前,基于所述第三虚拟地址和所述第二虚拟地址,在所述第一专属网关与所述第二专属网关之间构建信息传输隧道;The first dedicated gateway 302 is further configured to, before sending the first data to the second dedicated gateway using the second virtual address as the destination address, based on the third virtual address and the second virtual address, constructing an information transmission tunnel between the first dedicated gateway and the second dedicated gateway;

第一专属网关302,还用于将所述第二虚拟地址作为下一跳地址,基于所述信息传输隧道将所述第一数据发送至所述第二专属网关。The first dedicated gateway 302 is further configured to use the second virtual address as a next-hop address, and send the first data to the second dedicated gateway based on the information transmission tunnel.

在其中一些实施例中,第一专属网关302还用于在向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据之前,根据第一目的地址,获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息,其中,所述第一目的地址为所述第二虚拟机在所述第二虚拟私有云中的虚拟机地址;In some of these embodiments, the first dedicated gateway 302 is further configured to obtain the first Destination routing information between a virtual machine and the second virtual machine, wherein the first destination address is a virtual machine address of the second virtual machine in the second virtual private cloud;

第一专属网关302,还用于基于所述目标路由信息,确定与所述第一目的地址对应的所述第二专属网关。The first dedicated gateway 302 is further configured to determine the second dedicated gateway corresponding to the first destination address based on the target routing information.

在其中一些实施例中,第一专属网关302还用于在根据第一目的地址,获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息之前,基于边界网关协议BGP,利用所述第一虚拟私有云和所述第二虚拟私有云中多个虚拟机分别对应的虚拟机地址,在所述第一虚拟私有云中的任一虚拟机与所述第二虚拟私有云中的任一虚拟机之间构建BGP对等体,得到所述第一虚拟私有云中的任一虚拟机与所述第二虚拟私有云中的任一虚拟机之间的路由信息;In some of these embodiments, the first dedicated gateway 302 is further configured to, based on Border Gateway Protocol BGP, before obtaining the target routing information between the first virtual machine and the second virtual machine according to the first destination address, Using the virtual machine addresses corresponding to the virtual machines in the first virtual private cloud and the second virtual private cloud, any virtual machine in the first virtual private cloud and the second virtual private cloud Build a BGP peer between any virtual machine in the virtual private cloud to obtain routing information between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud;

第一专属网关302,还用于根据第一目的地址,从所述路由信息中获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息。The first dedicated gateway 302 is further configured to obtain destination routing information between the first virtual machine and the second virtual machine from the routing information according to the first destination address.

在其中一些实施例中,第一专属网关302还用于在得到所述第一虚拟私有云中的任一虚拟机与所述第二虚拟私有云中的任一虚拟机之间的路由信息之后,发布所述路由信息。In some of these embodiments, the first dedicated gateway 302 is further configured to obtain routing information between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud , publish the routing information.

在其中一些实施例中,所述第一虚拟私有云中包括主网关和备用网关;In some of these embodiments, the first virtual private cloud includes a main gateway and a backup gateway;

备用网关,用于确定所述主网关通信是否正常;在所述主网关通信正常的情况下,将所述主网关作为所述第一专属网关;在所述主网关通信不正常的情况下,将所述备用网关作为所述第一专属网关。The standby gateway is used to determine whether the communication of the main gateway is normal; if the communication of the main gateway is normal, use the main gateway as the first dedicated gateway; if the communication of the main gateway is abnormal, The standby gateway is used as the first dedicated gateway.

在其中一些实施例中,第一专属网关302还用于在接收到其他专属网关发送的第二数据的情况下,根据所述第二数据对应的第二目的地址,将所述第二数据发送至所述第一虚拟私有云中与所述第二目的地址对应的虚拟机。In some of these embodiments, the first dedicated gateway 302 is further configured to, when receiving second data sent by other dedicated gateways, send the second data to to the virtual machine corresponding to the second destination address in the first virtual private cloud.

由此,通过在每个虚拟私有云中设置专属网关,在第一虚拟私有云中的第一虚拟机需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,由第一虚拟机将第一数据发送至所处第一虚拟私有云中设置的第一专属网关,由该第一专属网关将第一数据转发至第二虚拟私有云中设置的第二专属网关,以使第二专属网关将第一数据转发至第二虚拟机。这样,由于本申请实施例无需将各虚拟私有云中虚拟机的业务接口暴露在公网上,因此可提高数据传输的安全性。另外,由于每个虚拟私有云中都有自己的专属网关,且专属网关只承载本VPC相关的业务流量,因此可提高业务数据服务的可扩展性。同时,不同虚拟私有云之间不同享网关节点,相较于现有的依赖于集中式网关节点的通信方式,本申请实施例在专属网关节点故障时,只会影响本VPC的数据服务,因此可将故障的影响范围控制在本VPC中,实现故障隔离控制。Thus, by setting a dedicated gateway in each virtual private cloud, when the first virtual machine in the first virtual private cloud needs to transmit the first data to the second virtual machine in the second virtual private cloud, the second A virtual machine sends the first data to the first dedicated gateway set in the first virtual private cloud, and the first dedicated gateway forwards the first data to the second dedicated gateway set in the second virtual private cloud, so that Make the second dedicated gateway forward the first data to the second virtual machine. In this way, since the embodiment of the present application does not need to expose the service interfaces of the virtual machines in each virtual private cloud to the public network, the security of data transmission can be improved. In addition, since each virtual private cloud has its own dedicated gateway, and the dedicated gateway only bears the business traffic related to the VPC, it can improve the scalability of business data services. At the same time, different virtual private clouds do not share gateway nodes. Compared with the existing communication methods that rely on centralized gateway nodes, the embodiment of this application only affects the data services of this VPC when the dedicated gateway node fails. Therefore, The impact range of the fault can be controlled within the VPC to realize fault isolation control.

图4是本申请一个实施例提供的电子设备的结构示意图。Fig. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

在电子设备400可以包括处理器401以及存储有计算机程序指令的存储器402。The electronic device 400 may include a processor 401 and a memory 402 storing computer program instructions.

具体地,上述处理器401可以包括中央处理器(CPU),或者特定集成电路(Application Specific Integrated Circuit,ASIC),或者可以被配置成实施本申请实施例的一个或多个集成电路。Specifically, the above-mentioned processor 401 may include a central processing unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured to implement one or more integrated circuits of the embodiments of the present application.

存储器402可以包括用于数据或指令的大容量存储器。举例来说而非限制,存储器402可包括硬盘驱动器(Hard Disk Drive,HDD)、软盘驱动器、闪存、光盘、磁光盘、磁带或通用串行总线(Universal Serial Bus,USB)驱动器或者两个或更多个以上这些的组合。在合适的情况下,存储器402可包括可移除或不可移除(或固定)的介质。在合适的情况下,存储器402可在综合网关容灾设备的内部或外部。在特定实施例中,存储器402是非易失性固态存储器。Memory 402 may include mass storage for data or instructions. By way of example and not limitation, memory 402 may include a hard disk drive (Hard Disk Drive, HDD), a floppy disk drive, a flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a Universal Serial Bus (Universal Serial Bus, USB) drive or two or more Combinations of multiple of the above. Storage 402 may include removable or non-removable (or fixed) media, where appropriate. Under appropriate circumstances, the storage 402 can be inside or outside the comprehensive gateway disaster recovery device. In a particular embodiment, memory 402 is a non-volatile solid-state memory.

在特定实施例中,存储器可包括只读存储器(ROM),随机存取存储器(RAM),磁盘存储介质设备,光存储介质设备,闪存设备,电气、光学或其他物理/有形的存储器存储设备。因此,通常,存储器包括一个或多个编码有包括计算机可执行指令的软件的有形(非暂态)计算机可读存储介质(例如,存储器设备),并且当该软件被执行(例如,由一个或多个处理器)时,其可操作来执行参考根据本申请的一方面的方法所描述的操作。In particular embodiments, memory may include read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions, and when the software is executed (e.g., by one or multiple processors) operable to perform the operations described with reference to the method according to an aspect of the present application.

处理器401通过读取并执行存储器402中存储的计算机程序指令,以实现上述实施例中的任意一种数据传输方法。The processor 401 reads and executes the computer program instructions stored in the memory 402 to implement any data transmission method in the foregoing embodiments.

在一些示例中,电子设备400还可包括通信接口403和总线410。其中,如图4所示,处理器401、存储器402、通信接口403通过总线410连接并完成相互间的通信。In some examples, the electronic device 400 may further include a communication interface 403 and a bus 410 . Wherein, as shown in FIG. 4 , the processor 401 , the memory 402 , and the communication interface 403 are connected through a bus 410 to complete mutual communication.

通信接口403主要用于实现本申请实施例中各模块、装置、单元和/或设备之间的通信。The communication interface 403 is mainly used to implement communication between various modules, devices, units and/or devices in the embodiments of the present application.

总线410包括硬件、软件或两者,将在线数据流量计费设备的部件彼此耦接在一起。举例来说而非限制,总线410可包括加速图形端口(AGP)或其他图形总线、增强工业标准架构(EISA)总线、前端总线(FSB)、超传输(HT)互连、工业标准架构(ISA)总线、无限带宽互连、低引脚数(LPC)总线、存储器总线、微信道架构(MCA)总线、外围组件互连(PCI)总线、PCI-Express(PCI-X)总线、串行高级技术附件(SATA)总线、视频电子标准协会局部(VLB)总线或其他合适的总线或者两个或更多个以上这些的组合。在合适的情况下,总线410可包括一个或多个总线。尽管本申请实施例描述和示出了特定的总线,但本申请考虑任何合适的总线或互连。The bus 410 includes hardware, software or both, and couples the components of the online data traffic charging device to each other. By way of example and not limitation, bus 410 may include Accelerated Graphics Port (AGP) or other graphics bus, Enhanced Industry Standard Architecture (EISA) bus, Front Side Bus (FSB), HyperTransport (HT) interconnect, Industry Standard Architecture (ISA ) bus, InfiniBand Interconnect, Low Pin Count (LPC) bus, memory bus, Micro Channel Architecture (MCA) bus, Peripheral Component Interconnect (PCI) bus, PCI-Express (PCI-X) bus, Serial Advanced A Technology Attachment (SATA) bus, a Video Electronics Standards Association Local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 410 may comprise one or more buses, where appropriate. Although the embodiments of this application describe and illustrate a particular bus, this application contemplates any suitable bus or interconnect.

示例性的,电子设备400可以为手机、平板电脑、笔记本电脑、掌上电脑、车载电子设备、超级移动个人计算机(ultra-mobile personal computer,UMPC)、上网本或者个人数字助理(personal digital assistant,PDA)等。Exemplarily, the electronic device 400 may be a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a vehicle electronic device, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook or a personal digital assistant (personal digital assistant, PDA) Wait.

该电子设备400可以执行本申请实施例中的数据传输方法,从而实现结合图1和图3描述的数据传输方法和装置。The electronic device 400 can execute the data transmission method in the embodiment of the present application, so as to implement the data transmission method and apparatus described in conjunction with FIG. 1 and FIG. 3 .

另外,结合上述实施例中的数据传输方法,本申请实施例可提供一种计算机可读存储介质来实现。该计算机可读存储介质上存储有计算机程序指令;该计算机程序指令被处理器执行时实现上述实施例中的任意一种数据传输方法。计算机可读存储介质的示例包括非暂态计算机可读存储介质,如便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件等。In addition, in combination with the data transmission method in the foregoing embodiments, the embodiments of the present application may provide a computer-readable storage medium for implementation. The computer-readable storage medium stores computer program instructions; when the computer program instructions are executed by a processor, any one of the data transmission methods in the above-mentioned embodiments is implemented. Examples of computer readable storage media include non-transitory computer readable storage media such as portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory) ), portable compact disc read-only memory (CD-ROM), optical storage devices, magnetic storage devices, etc.

需要明确的是,本申请并不局限于上文所描述并在图中示出的特定配置和处理。为了简明起见,这里省略了对已知方法的详细描述。在上述实施例中,描述和示出了若干具体的步骤作为示例。但是,本申请的方法过程并不限于所描述和示出的具体步骤,本领域的技术人员可以在领会本申请的精神后,作出各种改变、修改和添加,或者改变步骤之间的顺序。It is to be understood that the application is not limited to the specific configurations and processes described above and shown in the figures. For conciseness, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of the present application is not limited to the specific steps described and shown, and those skilled in the art may make various changes, modifications and additions, or change the order of the steps after understanding the spirit of the present application.

以上所述的结构框图中所示的功能块可以实现为硬件、软件、固件或者它们的组合。当以硬件方式实现时,其可以例如是电子电路、专用集成电路(ASIC)、适当的固件、插件、功能卡等等。当以软件方式实现时,本申请的元素是被用于执行所需任务的程序或者代码段。程序或者代码段可以存储在机器可读介质中,或者通过载波中携带的数据信号在传输介质或者通信链路上传送。“机器可读介质”可以包括能够存储或传输信息的任何介质。机器可读介质的例子包括电子电路、半导体存储器设备、ROM、闪存、可擦除ROM(EROM)、软盘、CD-ROM、光盘、硬盘、光纤介质、射频(RF)链路,等等。代码段可以经由诸如因特网、内联网等的计算机网络被下载。The functional blocks shown in the structural block diagrams described above may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an application specific integrated circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the present application are the programs or code segments employed to perform the required tasks. Programs or code segments can be stored in machine-readable media, or transmitted over transmission media or communication links by data signals carried in carrier waves. "Machine-readable medium" may include any medium that can store or transmit information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, and the like. Code segments may be downloaded via a computer network such as the Internet, an Intranet, or the like.

还需要说明的是,本申请中提及的示例性实施例,基于一系列的步骤或者装置描述一些方法或系统。但是,本申请不局限于上述步骤的顺序,也就是说,可以按照实施例中提及的顺序执行步骤,也可以不同于实施例中的顺序,或者若干步骤同时执行。It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above steps, that is, the steps may be performed in the order mentioned in the embodiment, or may be different from the order in the embodiment, or several steps may be performed simultaneously.

上面参考根据本申请的实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本申请的各方面。应当理解,流程图和/或框图中的每个方框以及流程图和/或框图中各方框的组合可以由计算机程序指令实现。这些计算机程序指令可被提供给通用计算机、专用计算机、或其它可编程数据处理装置的处理器,以产生一种机器,使得经由计算机或其它可编程数据处理装置的处理器执行的这些指令使能对流程图和/或框图的一个或多个方框中指定的功能/动作的实现。这种处理器可以是但不限于是通用处理器、专用处理器、特殊应用处理器或者现场可编程逻辑电路。还可理解,框图和/或流程图中的每个方框以及框图和/或流程图中的方框的组合,也可以由执行指定的功能或动作的专用硬件来实现,或可由专用硬件和计算机指令的组合来实现。Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the present application. It will be understood that each block of the flowchart and/or block diagrams, and combinations of blocks in the flowchart and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine such that execution of these instructions via the processor of the computer or other programmable data processing apparatus enables Implementation of the functions/actions specified in one or more blocks of the flowchart and/or block diagrams. Such processors may be, but are not limited to, general purpose processors, special purpose processors, application specific processors, or field programmable logic circuits. It can also be understood that each block in the block diagrams and/or flowcharts and combinations of blocks in the block diagrams and/or flowcharts can also be realized by dedicated hardware for performing specified functions or actions, or can be implemented by dedicated hardware and combination of computer instructions.

以上所述,仅为本申请的具体实施方式,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的系统、模块和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。应理解,本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。The above is only a specific implementation of the present application, and those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described systems, modules and units can refer to the foregoing method embodiments The corresponding process in , will not be repeated here. It should be understood that the protection scope of the present application is not limited thereto, and any person familiar with the technical field can easily think of various equivalent modifications or replacements within the technical scope disclosed in the application, and these modifications or replacements should cover all Within the protection scope of this application.

Claims (13)

1.一种数据传输方法,其特征在于,应用于第一虚拟私有云,所述第一虚拟私有云中设置有第一专属网关,所述方法包括:1. A data transmission method, characterized in that it is applied to a first virtual private cloud, and a first dedicated gateway is set in the first virtual private cloud, and the method comprises: 在所述第一虚拟私有云中的第一虚拟机需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,所述第一虚拟机将所述第一数据发送至所述第一专属网关;When the first virtual machine in the first virtual private cloud needs to transmit the first data to the second virtual machine in the second virtual private cloud, the first virtual machine sends the first data to the The first dedicated gateway; 所述第一专属网关向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据,以使所述第二专属网关将所述第一数据转发至所述第二虚拟机。The first dedicated gateway forwards the first data to a second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second virtual machine . 2.根据权利要求1所述的方法,其特征在于,所述第一专属网关中配置有第一虚拟地址;2. The method according to claim 1, wherein a first virtual address is configured in the first dedicated gateway; 所述第一虚拟机将所述第一数据发送至所述第一专属网关,包括:The sending of the first data to the first dedicated gateway by the first virtual machine includes: 所述第一虚拟机将所述第一虚拟地址作为下一跳地址,将所述第一数据发送至所述第一专属网关。The first virtual machine uses the first virtual address as a next-hop address, and sends the first data to the first dedicated gateway. 3.根据权利要求1所述的方法,其特征在于,所述第二专属网关中配置有第二虚拟地址;3. The method according to claim 1, wherein a second virtual address is configured in the second dedicated gateway; 所述第一专属网关向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据,包括:The first dedicated gateway forwards the first data to the second dedicated gateway set in the second virtual private cloud, including: 所述第一专属网关将所述第二虚拟地址作为下一跳地址,将所述第一数据发送至所述第二专属网关。The first dedicated gateway uses the second virtual address as a next-hop address, and sends the first data to the second dedicated gateway. 4.根据权利要求3所述的方法,其特征在于,所述第一专属网关中配置有第三虚拟地址;4. The method according to claim 3, wherein a third virtual address is configured in the first dedicated gateway; 在所述第一专属网关将所述第二虚拟地址作为目的地址,将所述第一数据发送至所述第二专属网关之前,所述方法还包括:Before the first dedicated gateway sends the first data to the second dedicated gateway using the second virtual address as a destination address, the method further includes: 基于所述第三虚拟地址和所述第二虚拟地址,在所述第一专属网关与所述第二专属网关之间构建信息传输隧道;Building an information transmission tunnel between the first dedicated gateway and the second dedicated gateway based on the third virtual address and the second virtual address; 所述第一专属网关将所述第二虚拟地址作为下一跳地址,将所述第一数据发送至所述第二专属网关,包括:The first dedicated gateway uses the second virtual address as a next-hop address, and sends the first data to the second dedicated gateway, including: 所述第一专属网关将所述第二虚拟地址作为下一跳地址,基于所述信息传输隧道将所述第一数据发送至所述第二专属网关。The first dedicated gateway uses the second virtual address as a next-hop address, and sends the first data to the second dedicated gateway based on the information transmission tunnel. 5.根据权利要求1所述的方法,其特征在于,在所述第一专属网关向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据之前,所述方法还包括:5. The method according to claim 1, wherein before the first dedicated gateway forwards the first data to the second dedicated gateway set in the second virtual private cloud, the method further comprises : 根据第一目的地址,获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息,其中,所述第一目的地址为所述第二虚拟机在所述第二虚拟私有云中的虚拟机地址;Obtain destination routing information between the first virtual machine and the second virtual machine according to the first destination address, where the first destination address is the second virtual machine in the second virtual private cloud The address of the virtual machine in; 基于所述目标路由信息,确定与所述第一目的地址对应的所述第二专属网关。Based on the target routing information, determine the second dedicated gateway corresponding to the first destination address. 6.根据权利要求5所述的方法,其特征在于,在根据第一目的地址,获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息之前,所述方法还包括:6. The method according to claim 5, wherein before obtaining the target routing information between the first virtual machine and the second virtual machine according to the first destination address, the method further comprises: 基于边界网关协议BGP,利用所述第一虚拟私有云和所述第二虚拟私有云中多个虚拟机分别对应的虚拟机地址,在所述第一虚拟私有云中的任一虚拟机与所述第二虚拟私有云中的任一虚拟机之间构建BGP对等体,得到所述第一虚拟私有云中的任一虚拟机与所述第二虚拟私有云中的任一虚拟机之间的路由信息;Based on the border gateway protocol BGP, using the virtual machine addresses corresponding to the virtual machines in the first virtual private cloud and the second virtual private cloud, any virtual machine in the first virtual private cloud and the Build a BGP peer between any virtual machine in the second virtual private cloud to obtain a connection between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud routing information; 所述根据第一目的地址,获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息,包括:The acquiring destination routing information between the first virtual machine and the second virtual machine according to the first destination address includes: 根据第一目的地址,从所述路由信息中获取所述第一虚拟机与所述第二虚拟机之间的目标路由信息。Obtain destination routing information between the first virtual machine and the second virtual machine from the routing information according to the first destination address. 7.根据权利要求6所述的方法,其特征在于,在得到所述第一虚拟私有云中的任一虚拟机与所述第二虚拟私有云中的任一虚拟机之间的路由信息之后,所述方法还包括:7. The method according to claim 6, wherein after obtaining the routing information between any virtual machine in the first virtual private cloud and any virtual machine in the second virtual private cloud , the method also includes: 发布所述路由信息。Publish the routing information. 8.根据权利要求1所述的方法,其特征在于,所述第一虚拟私有云中包括主网关和备用网关;8. The method according to claim 1, wherein the first virtual private cloud includes a master gateway and a backup gateway; 所述方法还包括:The method also includes: 确定所述主网关通信是否正常;Determine whether the main gateway communication is normal; 在所述主网关通信正常的情况下,将所述主网关作为所述第一专属网关;When the master gateway communicates normally, use the master gateway as the first dedicated gateway; 在所述主网关通信不正常的情况下,将所述备用网关作为所述第一专属网关。When the primary gateway communicates abnormally, the backup gateway is used as the first dedicated gateway. 9.根据权利要求1所述的方法,其特征在于,所述方法还包括:9. The method according to claim 1, further comprising: 在所述第一专属网关接收到其他专属网关发送的第二数据的情况下,所述第一专属网关根据所述第二数据对应的第二目的地址,将所述第二数据发送至所述第一虚拟私有云中与所述第二目的地址对应的虚拟机。When the first dedicated gateway receives the second data sent by other dedicated gateways, the first dedicated gateway sends the second data to the A virtual machine corresponding to the second destination address in the first virtual private cloud. 10.一种虚拟私有云,其特征在于,所述虚拟私有云中设置有第一专属网关,所述虚拟私有云中包括多个虚拟机,所述多个虚拟机中至少包括第一虚拟机;10. A virtual private cloud, characterized in that the virtual private cloud is provided with a first dedicated gateway, the virtual private cloud includes a plurality of virtual machines, and the plurality of virtual machines includes at least the first virtual machine ; 所述第一虚拟机,用于在需要向第二虚拟私有云中的第二虚拟机传输第一数据的情况下,将所述第一数据发送至所述第一专属网关;The first virtual machine is configured to send the first data to the first dedicated gateway when the first data needs to be transmitted to the second virtual machine in the second virtual private cloud; 所述第一专属网关,用于向所述第二虚拟私有云中设置的第二专属网关转发所述第一数据,以使所述第二专属网关将所述第一数据转发至所述第二虚拟机。The first dedicated gateway is configured to forward the first data to a second dedicated gateway set in the second virtual private cloud, so that the second dedicated gateway forwards the first data to the second dedicated gateway. Two virtual machines. 11.一种电子设备,其特征在于,所述设备包括:处理器以及存储有计算机程序指令的存储器;11. An electronic device, characterized in that the device comprises: a processor and a memory storing computer program instructions; 所述处理器执行所述计算机程序指令时实现如权利要求1-9任意一项所述的数据传输方法的步骤。The steps of the data transmission method according to any one of claims 1-9 are implemented when the processor executes the computer program instructions. 12.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序指令,所述计算机程序指令被处理器执行时实现如权利要求1-9任意一项所述的数据传输方法的步骤。12. A computer-readable storage medium, characterized in that computer program instructions are stored on the computer-readable storage medium, and when the computer program instructions are executed by a processor, the computer program instructions described in any one of claims 1-9 are implemented. The steps of the data transfer method. 13.一种计算机程序产品,其特征在于,所述计算机程序产品中的指令由电子设备的处理器执行时,使得所述电子设备执行如权利要求1-9任意一项所述的数据传输方法的步骤。13. A computer program product, characterized in that, when the instructions in the computer program product are executed by the processor of the electronic device, the electronic device executes the data transmission method according to any one of claims 1-9 A step of.
CN202211010457.1A 2022-08-23 2022-08-23 Data transmission method, virtual private cloud, device, medium and product Pending CN115442367A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211010457.1A CN115442367A (en) 2022-08-23 2022-08-23 Data transmission method, virtual private cloud, device, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211010457.1A CN115442367A (en) 2022-08-23 2022-08-23 Data transmission method, virtual private cloud, device, medium and product

Publications (1)

Publication Number Publication Date
CN115442367A true CN115442367A (en) 2022-12-06

Family

ID=84244622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211010457.1A Pending CN115442367A (en) 2022-08-23 2022-08-23 Data transmission method, virtual private cloud, device, medium and product

Country Status (1)

Country Link
CN (1) CN115442367A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115913824A (en) * 2023-02-10 2023-04-04 中航金网(北京)电子商务有限公司 VPC-crossing virtual server communication method and system
CN116112511A (en) * 2022-12-28 2023-05-12 中国人寿保险股份有限公司上海数据中心 A Distributed Storage System Based on Multiple Gateways
CN116582516A (en) * 2023-07-12 2023-08-11 腾讯科技(深圳)有限公司 Data transmission method, device, system, medium and program product
CN116599900A (en) * 2023-05-15 2023-08-15 阿里巴巴(中国)有限公司 Cloud environment access method and device
CN118869395A (en) * 2024-07-01 2024-10-29 北京志凌海纳科技股份有限公司 A high availability implementation method and system for vpc gateway

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200028758A1 (en) * 2018-07-17 2020-01-23 Cisco Technology, Inc. Multi-cloud connectivity using srv6 and bgp
WO2021136311A1 (en) * 2019-12-30 2021-07-08 华为技术有限公司 Method and device for communication between vpcs
CN113783781A (en) * 2021-08-13 2021-12-10 济南浪潮数据技术有限公司 Method and device for interworking between virtual private clouds

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200028758A1 (en) * 2018-07-17 2020-01-23 Cisco Technology, Inc. Multi-cloud connectivity using srv6 and bgp
WO2021136311A1 (en) * 2019-12-30 2021-07-08 华为技术有限公司 Method and device for communication between vpcs
CN113783781A (en) * 2021-08-13 2021-12-10 济南浪潮数据技术有限公司 Method and device for interworking between virtual private clouds

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王琛: "跨域虚拟私有云互通场景的Peer容灾设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》, no. 6, 15 June 2020 (2020-06-15), pages 13 - 14 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116112511A (en) * 2022-12-28 2023-05-12 中国人寿保险股份有限公司上海数据中心 A Distributed Storage System Based on Multiple Gateways
CN115913824A (en) * 2023-02-10 2023-04-04 中航金网(北京)电子商务有限公司 VPC-crossing virtual server communication method and system
CN115913824B (en) * 2023-02-10 2023-07-25 中航金网(北京)电子商务有限公司 Virtual server communication method and system crossing VPC
CN116599900A (en) * 2023-05-15 2023-08-15 阿里巴巴(中国)有限公司 Cloud environment access method and device
CN116582516A (en) * 2023-07-12 2023-08-11 腾讯科技(深圳)有限公司 Data transmission method, device, system, medium and program product
CN116582516B (en) * 2023-07-12 2023-09-19 腾讯科技(深圳)有限公司 Data transmission method, device, system, medium and program product
CN118869395A (en) * 2024-07-01 2024-10-29 北京志凌海纳科技股份有限公司 A high availability implementation method and system for vpc gateway
CN118869395B (en) * 2024-07-01 2025-04-22 北京志凌海纳科技股份有限公司 High availability implementation method and system of vpc gateway

Similar Documents

Publication Publication Date Title
CN115442367A (en) Data transmission method, virtual private cloud, device, medium and product
US8144593B2 (en) Method and apparatus for efficient routing in communication networks
CN114143283B (en) Tunnel self-adaptive configuration method and device, central terminal equipment and communication system
CN110971516B (en) Method and device for processing routing information
US20230308445A1 (en) Continuing a media access control security (macsec) key agreement (mka) session upon a network device becoming temporarily unavailable
CN108243114B (en) Method, equipment and system for forwarding message
WO2020173424A1 (en) Message processing method, and gateway device
CN110932876B (en) A communication system, method and device
CN103067277A (en) Method of building control channel, forwarding point (FP) and controller
CN114615179A (en) Message transmission method, device and system
WO2022083563A1 (en) Link detection method, link detection apparatus, terminal device and storage medium
CN103780467A (en) Communication connection method, communication device and communication system
CN104468304B (en) A kind of method of pond elementary state synchronizing information, pond Register and pond element
CN108900422B (en) Multicast forwarding method and device and electronic equipment
CN114640615A (en) Route notification method, route generation method and equipment
CN114374666B (en) A message forwarding method, device, electronic device and storage medium
CN104348737B (en) The transmission method and interchanger of a kind of multicast message
CN104579809B (en) The detection method and equipment of a kind of stacking splitting
CN112995027B (en) Route publishing method and VTEP node
WO2020029928A1 (en) Method for establishing bgp session and sending interface address and alias, and network device
CN113645072B (en) Master-slave gateway deployment method and device
CN118075193A (en) Data transmission method, system, device, equipment, medium and product
CN118827532B (en) A method, apparatus, device, storage medium, and program product for path selection.
CN107276792B (en) Integrated gateway disaster tolerance method, device, equipment and computer readable storage medium
CN107086958A (en) A data transmission method, WAP gateway and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination