[go: up one dir, main page]

CN119561946A - Cloud load balancing security group automatic configuration method, system, device and storage medium - Google Patents

Cloud load balancing security group automatic configuration method, system, device and storage medium Download PDF

Info

Publication number
CN119561946A
CN119561946A CN202411751832.7A CN202411751832A CN119561946A CN 119561946 A CN119561946 A CN 119561946A CN 202411751832 A CN202411751832 A CN 202411751832A CN 119561946 A CN119561946 A CN 119561946A
Authority
CN
China
Prior art keywords
load balancing
security group
end server
protocol
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411751832.7A
Other languages
Chinese (zh)
Inventor
张小凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Resources Digital Technology Co Ltd
Original Assignee
China Resources Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Resources Digital Technology Co Ltd filed Critical China Resources Digital Technology Co Ltd
Priority to CN202411751832.7A priority Critical patent/CN119561946A/en
Publication of CN119561946A publication Critical patent/CN119561946A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1008Server selection for load balancing based on parameters of servers, e.g. available memory or workload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a cloud load balancing security group automatic configuration method, a system, equipment and a storage medium, wherein the cloud load balancing security group automatic configuration method comprises the steps of responding to a back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule, and obtaining information of the back-end server to be added; and according to the obtained actual physical IP of the load balancing instance, the protocol and the port which allow the communication to be communicated, the corresponding security group ID is automatically communicated and configured to realize the security access of the back-end server to be added. The invention can automatically configure the security group of the back-end server after adding the back-end server so as to efficiently release the traffic and realize the automatic connection configuration of the back-end server and the cloud load balance.

Description

Cloud load balancing security group automatic configuration method, system, equipment and storage medium
Technical Field
The present invention relates to the field of load balancing technologies, and in particular, to a cloud load balancing security group automatic configuration method, system, device, and storage medium.
Background
Cloud load balancing is a technique that distributes access traffic of users to multiple servers according to a specific load balancing algorithm. The method distributes the request from the client to the servers in the back-end server pool according to the balanced configuration rule by setting the Virtual service address (Virtual IPADDRESS, VIP), thereby improving the service capability and availability of the whole business system.
After the client accesses the virtual service address flow to reach the load balancing instance in the cloud load balancing application scene, address conversion and flow distribution are carried out by using the actual physical IP on the load balancing instance through the load policy on the load balancing instance, namely, the actual physical IP of the load balancing instance is used as a source IP to reach the back-end server, and at the moment, the back-end server is required to safely put through the actual physical IP of the load balancing instance, so that normal communication can be carried out. The current mode of load balancing back-end communication is that after the back-end server is added, a user manually puts the physical IP of a load balancing instance into a security access component (security group) of the back-end server to realize communication, and when the user creates different load balancing instances to realize different load balancing services or adds different back-end servers in a load balancing manner, the steps of carrying out manual operation are complicated, the service implementation is slow, and great inconvenience is brought to service users.
Disclosure of Invention
The invention aims to solve the technical problem of providing a cloud load balancing security group automatic configuration method, a cloud load balancing security group automatic configuration system, cloud load balancing security group equipment and a cloud load balancing security group storage medium, so that the purposes of automatically configuring a back-end server security group, realizing high-efficiency communication of corresponding traffic and enabling service implementation to be rapid are achieved.
The invention provides a cloud load balancing security group automatic configuration method, which comprises the steps of responding to a back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule, acquiring information of the back-end server to be added, acquiring an actual physical IP of a corresponding load balancing instance and a protocol and a port allowing communication according to the load balancing ID, acquiring a corresponding security group ID according to the information of the back-end server, and carrying out automatic communication configuration on the corresponding security group ID according to the acquired actual physical IP of the load balancing instance and the protocol and the port allowing communication so as to realize security access of the back-end server to be added.
The invention further provides a cloud load balancing security group automatic configuration system, which comprises a monitoring acquisition unit, an access configuration unit and an access configuration unit, wherein the monitoring acquisition unit is used for monitoring service information, responding to the back-end server adding operation instruction if the service information is the back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule and acquiring information of the back-end server to be added, the access configuration unit is used for acquiring an actual physical IP of a corresponding load balancing instance and a protocol and a port allowing access according to the load balancing ID, and acquiring a corresponding security group ID according to the information of the back-end server, and the access configuration unit is used for carrying out automatic access configuration on the corresponding security group ID according to the acquired actual physical IP of the load balancing instance, the protocol and the port allowing access so as to realize security of the back-end server to be added.
The invention further provides a cloud load balancing security group automatic configuration system, which comprises a control node, a computing node and a back-end server, wherein the control node comprises a load balancer and a security group control plug-in, the load balancer is used for searching a corresponding load balancing ID based on a preset balancing configuration rule and acquiring information of the back-end server to be added in response to the back-end server adding operation instruction when monitoring the back-end server adding operation instruction, the security group control plug-in is used for acquiring an actual physical IP of a corresponding load balancing instance and a security group ID which corresponds to the back-end server according to the load balancing ID, and a protocol and a port which allow the back-end server to pass through, and writing RDMAbuffer the security group rule which consists of the actual physical IP of the load balancing instance which corresponds to the security group ID, the protocol and the port which allow the back-end server to pass through, and the back-end server automatically carries out the releasing configuration on the corresponding security group ID according to the security group rule read by the computing node and writes RDMAbuffer so as to realize the connection configuration of the back-end server and the load balancing device.
In a third aspect, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the cloud load balancing security group auto-configuration method described above when executing the computer program.
In a fourth aspect, a computer readable storage medium is provided, where a computer program is stored, and the computer program when executed by a processor implements the steps of the cloud load balancing security group automatic configuration method described above.
Compared with the prior art, the method and the device for automatically releasing the corresponding security group ID based on the preset balance configuration rule in response to the adding operation instruction of the back-end server, acquire the information of the back-end server to be added, acquire the actual physical IP of the corresponding load balance instance and the release-allowed protocol and port according to the load balance ID, acquire the corresponding security group ID according to the information of the back-end server, and finally automatically releasing the corresponding security group ID according to the acquired actual physical IP of the load balance instance and the release-allowed protocol and port so as to realize the security access of the back-end server to be added.
Drawings
Fig. 1 is a schematic diagram of an application environment of a cloud load balancing security group auto-configuration method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a cloud load balancing security group automatic configuration method according to a first embodiment of the present invention;
fig. 3 is a schematic sub-flowchart of a cloud load balancing security group automatic configuration method according to a first embodiment of the present invention;
fig. 4 is a schematic flow chart of a cloud load balancing security group automatic configuration method according to a second embodiment of the present invention;
FIG. 5 is a schematic block diagram of a cloud load balancing security group auto-configuration system provided by a first embodiment of the present invention;
FIG. 6 is a schematic block diagram of a cloud load balancing security group auto-configuration system provided by a second embodiment of the present invention;
FIG. 7 is a schematic diagram of a computer device according to an embodiment of the invention;
Fig. 8 is a schematic diagram of another structure of a computer device according to an embodiment of the invention.
Detailed Description
The present invention will be further described with reference to the drawings and examples below in order to more clearly understand the objects, technical solutions and advantages of the present invention to those skilled in the art.
The cloud load balancing security group automatic configuration method provided by the embodiment of the invention can be applied to an application environment as shown in fig. 1, wherein a client communicates with a server through a network. The method comprises the steps that a server side can receive a back-end server adding operation instruction through a client side, respond to the back-end server adding operation instruction, search a corresponding load balancing ID based on a preset balancing configuration rule, acquire information of a back-end server to be added, acquire an actual physical IP of a corresponding load balancing instance and a protocol and a port allowing communication according to the load balancing ID, acquire a corresponding security group ID according to the information of the back-end server, and finally automatically carry out communication configuration on the corresponding security group ID according to the acquired actual physical IP of the load balancing instance and the protocol and the port allowing communication so as to realize safe access of the back-end server to be added. The clients may be, but are not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server may be implemented by a stand-alone server or a server cluster formed by a plurality of servers.
It should be noted that, only one client is illustrated in fig. 1, and in an actual operation process, the server may perform data interaction with multiple clients. The present invention will be described in detail with reference to specific examples.
Referring to fig. 2, fig. 2 is a flow chart of a cloud load balancing security group automatic configuration method according to a first embodiment of the present invention. As shown, the method includes the following steps S110-S140:
S110, responding to a back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added.
In the step, when the adding operation instruction of the back-end server is monitored, the information of the back-end server to be added is obtained by analyzing the adding operation instruction of the back-end server, and the corresponding load balancing ID is searched based on a preset balancing configuration rule.
The method comprises the step of adding a back-end server to cloud load balancing, wherein the cloud load balancing is used for completing the establishment of balanced configuration rules, the configuration of a monitor, a back-end server resource pool, health check and the like in advance before monitoring.
In this embodiment, the information of the backend server includes the backend server ID and IP to be added.
S120, acquiring an actual physical IP of a corresponding load balancing instance, a protocol and a port allowing communication according to the load balancing ID, and acquiring a corresponding security group ID according to the information of the back-end server.
According to the invention, a security group rule of a security group corresponding to the back-end server to be added is obtained according to the load balancing ID and the information of the back-end server to be added.
The method specifically comprises the steps of obtaining a back-end server resource pool ID from a load balancing database according to the load balancing ID, further obtaining a protocol and a port allowing release according to the back-end server resource pool ID, inquiring a corresponding load balancing instance from the load balancing database according to the load balancing ID, obtaining an actual physical IP of the load balancing instance, obtaining a port ID from the load balancing database according to the back-end server ID and the IP in the information of the back-end server, and further obtaining a bound security group ID according to the port ID inquiry.
In this embodiment, the load balancing database includes a load balancing data table, a back-end server resource pool data table, a back-end server data table, a port table, an instance data table and the like, and each entry in the database is associated with each other, where the load balancing data table includes information such as a listener ID corresponding to the load balancing ID, a back-end server resource pool ID and the like, each back-end server resource pool ID is associated with the back-end server resource pool data table, the back-end server resource pool data table includes protocol and port information that the back-end server is allowed to access, the back-end server data table includes port IDs and IPs corresponding to the back-end server IDs and IPs, the port table includes information such as a security group ID and IPs bound to the port IDs, and the instance data table includes information such as the load balancing IDs and the load balancing instances associated with the load balancing instances and actual physical IPs of the load balancing instances. The information required for configuring the corresponding security group can be automatically queried from different pre-stored association tables of the load balancing database according to the load balancing ID and the back-end server ID and the IP, namely in this embodiment, the back-end server resource pool ID can be obtained from the load balancing data table of the load balancing database according to the load balancing ID, the corresponding protocol and port allowing release can be obtained from the associated back-end server resource pool data table according to the back-end server resource pool ID, the corresponding load balancing instance can be queried in the instance data table of the load balancing database according to the load balancing ID, the actual physical IP can be obtained, the port ID corresponding to the back-end server can be obtained from the back-end server data table according to the back-end server ID and the IP, and thus the security group ID corresponding to the port table can be queried.
S130, according to the obtained actual physical IP of the load balancing instance, the protocol and the port allowing the communication to be conducted, conducting automatic communication configuration on the corresponding security group ID so as to achieve the security access of the back-end server to be added.
As shown in fig. 3, this step specifically includes:
S131, the actual physical IP of the load balancing instance corresponding to the security group ID, the protocol allowing the communication and the port form the security group rule.
In this step, the actual physical IP of the load balancing instance, the protocol allowing the communication, and the port are formed into a security group rule for configuring the corresponding security group ID.
S132, writing RDMAbuffer the security group ID and the corresponding security group rule.
In the step, the security group ID and the corresponding security group rule are written into a memory buffer, the RDMA hardware network card is informed of reading data through a work task, and the read data is sent to a specific RDMAbuffer for storage, so that the subsequent use of the security group configuration is facilitated.
S133, the control computing node reads RDMAbuffer the written security group ID and the corresponding security group rule, so that automatic release configuration is carried out on the security group ID according to the security group rule.
In the step, the control computing node reads the security group ID written in RDMAbuffer and the corresponding security group rule, and issues the security group ID to the corresponding security group of the back-end server to be added, so that the security group ID can be automatically put through according to the security group rule, and the security access of the back-end server to be added is realized.
In the automatic configuration process, RDMA (Remote Direct MemoryAccess ) technology is used as a basis of service communication, and a large number of data copies of a traditional kernel protocol stack are bypassed through direct writing and reading of data, so that CPU preemption can be avoided, and response efficiency and stability of automatic security group configuration are greatly improved.
And S140, monitoring the access flow, and distributing the access flow to the corresponding back-end server according to a preset balanced configuration rule.
In the invention, after the cloud load balancing and the automatic connection configuration between the back-end servers to be added are completed, the cloud load balancing realizes the dynamic distribution of the flow data through the balancing configuration rule.
According to the invention, after the back-end server is added each time, the security group rule can be formed by automatically inquiring information required by configuring the corresponding security group from the load balancing database according to the load balancing ID and the back-end server ID and the IP, so that the security group rule is issued to automatically configure the security group of the back-end server to be added, the security access of the back-end server to be added is realized, the corresponding flow is effectively released, the automatic connection configuration of the back-end server and the cloud load balancing is realized, the manual configuration is not needed, the service implementation is more rapid, meanwhile, misoperation caused by manual reasons can be avoided, the configuration security is improved, RDMA technology is adopted as the basis of service communication in the automatic configuration process, the transmission of the security group rule is not influenced by a system protocol stack and a cpu, and the configuration response is more efficient and stable.
Referring to fig. 4, fig. 4 is a flow chart of a cloud load balancing security group automatic configuration method according to a second embodiment of the present invention. As shown, the method includes the following steps S210-S280:
S210, monitoring service information, if the monitored service information is the back-end server added operation instruction, executing steps S220-S240 and S280, and if the monitored service information is the load balancing instance fault information, executing steps S250-S280.
S220, responding to the adding operation instruction of the back-end server, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added.
This step is similar to step S110 and will not be described again here.
S230, acquiring the actual physical IP of the corresponding load balancing instance, the protocol and the port allowing the communication according to the load balancing ID, and acquiring the corresponding security group ID according to the information of the back-end server.
This step is similar to step S120 and will not be described again.
S240, according to the obtained actual physical IP of the load balancing instance, the protocol and the port allowing the communication to be conducted, conducting automatic communication configuration on the corresponding security group ID so as to achieve the security access of the back-end server to be added.
This step is similar to step S130 and will not be described again here.
S250, acquiring the actual physical IP of the new load balancing instance and the protocol and the port allowing the communication according to the load balancing ID corresponding to the load balancing instance.
In the step, a new back-end server resource pool ID is acquired from a load balancing database according to a load balancing ID corresponding to a failed load balancing instance, a new protocol and a port which are allowed to be put through are acquired according to the new back-end server resource pool ID, and a new load balancing instance is inquired from the load balancing database according to the load balancing ID, and the actual physical IP of the new load balancing instance is acquired. That is, new configuration information is queried again when the load balancing instance fails, and a new security group rule is composed.
S260, inquiring the actual physical IP of the failed load balancing instance, the corresponding protocol and port allowing the release and the security group ID.
In this step, the old actual physical IP of the failed load balancing instance and the protocol and port allowed to be released are queried, and at the same time, the security group ID of the corresponding backend server is also queried, so as to update the security group rule issued to the security group.
S270, according to the actual physical IP of the new load balancing instance and the protocol and the port allowing the communication, the security group ID is automatically communicated and configured, and the actual physical IP of the failed load balancing instance and the corresponding protocol and port allowing the communication are deleted.
In the step, the new security group rule is utilized to carry out automatic pass configuration on the security group ID, meanwhile, old security group rules (including an actual physical IP corresponding to the security group ID before failure and a protocol and a port allowing pass) are deleted, the failure is timely perceived, a new load balancing instance can be automatically established in the failure, and meanwhile, the old security group rules can be deleted, so that the traffic cannot be passed due to the fact that the actual physical IP is changed after the new load balancing instance is established in the security group of the rear end server, namely, the cloud load balancing security group automatic configuration method can timely perceive the change of the load balancing instance, and ensures the real-time circulation of the traffic after the failure.
S280, monitoring access traffic, and distributing the access traffic to a corresponding back-end server according to a preset balanced configuration rule.
This step is similar to step S140 and will not be described again here.
As can be seen from the above, the embodiment realizes that the cloud load balance adds the back-end server and then automatically obtains and issues the security group rule, so as to realize the automatic configuration of the back-end server security group in the cloud load balance without manual configuration, and automatically obtains the new security group rule according to the load balance ID corresponding to the failed load balance instance when the fault occurs, inquires the old security group rule, automatically releases the corresponding security group ID by using the new security group rule, and simultaneously deletes the old security group rule, thereby realizing the purposes that the back-end server can sense and identify the change of the load balance instance in real time, update the configuration of the corresponding back-end server security group, ensure the real-time circulation of the traffic after the fault, and does not need to wait for the operation and maintenance to discover the fault and then manually configure, and the automatic configuration process in both cases relies on the RDMA technology to carry out message transmission, compared with the message monitoring mechanism commonly used in the industry, the processing response speed is faster.
Referring to fig. 5, fig. 5 is a schematic block diagram of a cloud load balancing security group automatic configuration system 300 according to a first embodiment of the present invention. As shown in fig. 5, the present invention provides a cloud load balancing security group automatic configuration system 300, and the cloud load balancing security group automatic configuration system 300 may be configured in a server. Specifically, referring to fig. 5, the cloud load balancing security group automatic configuration system 300 includes a listening obtaining unit 301, a query obtaining unit 302, an admission configuring unit 303, and a deleting unit 304.
The monitoring obtaining unit 301 is configured to monitor service information, if the service information is a back-end server adding operation instruction, then respond to the back-end server adding operation instruction, find a corresponding load balancing ID based on a preset balancing configuration rule, and obtain information of the back-end server to be added, and if the service information is load balancing instance fault information, obtain an actual physical IP of a new load balancing instance and a protocol and a port that allow for release according to the load balancing ID corresponding to the load balancing instance. In this embodiment, the information of the backend server includes a backend server ID and an IP to be added, and the monitoring obtaining unit 301 responds to the addition of the backend server in the cloud load balancing and when the cloud load balancing fails, and obtains corresponding information. Understandably, cloud load balancing has previously completed the creation of balanced configuration rules, the configuration of listeners, backend server resource pools and health checks, etc. prior to listening.
The query obtaining unit 302 is configured to obtain, according to the load balancing ID, an actual physical IP of a corresponding load balancing instance, and a protocol and a port that allow for release, and obtain, according to information of the backend server, a security group ID corresponding to the backend server. The method comprises the steps of obtaining a resource pool ID of a rear end server from a load balancing database according to the load balancing ID, further obtaining a protocol and a port allowing release according to the resource pool ID of the rear end server, inquiring a corresponding load balancing instance from the load balancing database according to the load balancing ID, obtaining an actual physical IP of the load balancing instance, obtaining a port ID of the rear end server from the load balancing database according to the rear end server ID and the IP in the information of the rear end server, and further obtaining a bound security group ID according to the port ID inquiry.
Further, the query obtaining unit 302 is further configured to query, when a load balancing instance fails, an actual physical IP of the failed load balancing instance, a corresponding allowed-to-put protocol and port, and a security group ID. The old actual physical IP of the failed load balancing instance and the allowed-to-pass protocol and port are queried from the load balancing database, and meanwhile, the security group ID of the corresponding back-end server is queried, so that the security group rule issued to the security group is updated.
The admission configuration unit 303 is configured to automatically perform the communication configuration on the corresponding security group ID according to the actual physical IP of the load balancing instance, the communication-allowed protocol and the port. In this embodiment, the admission configuration unit 303 is configured to automatically perform the release configuration on the corresponding security group ID according to the actual physical IP of the load balancing instance, the protocol and the port that allow release, whether the backend server is added or the cloud balancing load fails. Specifically, the admission configuration unit 303 composes the actual physical IP of the load balancing instance corresponding to the security group ID, the protocol allowing the communication and the port into its security group rule, and writes RDMAbuffer the security group ID and the corresponding security group rule, so that the computing node reads the security group ID and the corresponding security group rule written in RDMAbuffer, thereby performing automatic communication configuration on the security group ID according to the security group rule.
The deleting unit 304 is configured to delete the actual physical IP of the failed load balancing instance and the corresponding protocol and port that allow the release. The invention utilizes the new security group rule to carry out automatic release configuration on the security group ID, and simultaneously deletes the old security group rule of the security group ID, so that the traffic cannot be released due to the change of the actual physical IP after the new load balancing instance is established by the security group of the back-end server, and the real-time flow of the traffic after the fault is ensured.
As can be seen from the above, the cloud load balancing security group automatic configuration system 300 of the present embodiment not only can realize the automatic release configuration of the security group when adding the back-end server, but also can automatically update the security group rule of the security group corresponding to the failed load balancing instance when the cloud load balancing fails, so as to realize the automatic reconfiguration, ensure the automatic connection between the back-end server and the cloud load balancing, and the automatic configuration process is all based on the RDMA technology for message transmission, so that the configuration response is more efficient and stable.
Referring to fig. 6, fig. 6 is a schematic block diagram of a cloud load balancing security group automatic configuration system 400 according to a second embodiment of the present invention. As shown in fig. 6, the cloud load balancing security group automatic configuration system 400 of the present embodiment includes a control node 401, a computing node 402, and at least one backend server 403, where the control node 401 includes a load balancer 4011 and a security group control plug-in 4012. Wherein,
The load balancer 4011 is configured to, when monitoring a back-end server addition operation instruction, respond to the back-end server addition operation instruction and search for a corresponding load balancing ID based on a preset balancing configuration rule, and obtain information of the back-end server to be added, the security group control plug-in 4012 is configured to obtain an actual physical IP of a corresponding load balancing instance and a protocol and a port that allow for releasing according to the load balancing ID, obtain a security group ID corresponding to the back-end server according to the information of the back-end server, and write RDMAbuffer a security group rule composed of the actual physical IP of the load balancing instance corresponding to the security group ID, the protocol and the port that allow for releasing, wherein the computing node 402 is configured to read the security group ID and the corresponding security group rule in the write RDMAbuffer and send the security group rule to the back-end server to be added, and the back-end server 403 automatically releases the corresponding security group ID according to the security group rule in the write RDMAbuffer read by the computing node 402, so as to implement automatic configuration of the connection 4011 between the back-end server 403 and the load balancer.
The security group control plug-in 4012 is further configured to, when the load balancer 4011 listens to the fault information of the load balancing instance, obtain the actual physical IP of the new load balancing instance and the allowed-to-pass protocol and port, i.e. the new security group rule, and query the actual physical IP of the faulty load balancing instance, the corresponding allowed-to-pass protocol and port, and the security group ID, i.e. query the old security group rule, and write RDMAbuffer the new security group rule and the old security group rule, and the backend server 403 re-performs the automatic configuration of the corresponding security group ID according to the new security group rule written RDMAbuffer read by the computing node 402, and delete the corresponding actual physical IP, the allowed-to-pass protocol and port before the security group ID fault according to the old security group rule, so as to implement the automatic stable connection between the backend server 403 and the load balancer 4011.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the cloud load balancing security group automatic configuration system and each unit or component may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, the description is omitted here.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes non-volatile and/or volatile storage media and internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is for communicating with an external client via a network connection. The computer program, when executed by the processor, implements functions or steps of a server side of the cloud load balancing security group automatic configuration method.
In one embodiment, a computer device is provided, which may be a client, the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is for communicating with an external server via a network connection. The computer program, when executed by a processor, implements functions or steps of a cloud load balancing security group auto-configuration method client side.
In one embodiment, a computer device is provided comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of when executing the computer program:
responding to a back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added;
acquiring an actual physical IP of a corresponding load balancing instance, a protocol and a port allowing communication according to the load balancing ID, and acquiring a corresponding security group ID according to the information of the back-end server;
And according to the obtained actual physical IP of the load balancing instance, the protocol and the port allowing the communication to be conducted, conducting automatic communication configuration on the corresponding security group ID so as to realize the security access of the back-end server to be added.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
responding to a back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added;
acquiring an actual physical IP of a corresponding load balancing instance, a protocol and a port allowing communication according to the load balancing ID, and acquiring a corresponding security group ID according to the information of the back-end server;
And according to the obtained actual physical IP of the load balancing instance, the protocol and the port allowing the communication to be conducted, conducting automatic communication configuration on the corresponding security group ID so as to realize the security access of the back-end server to be added.
It should be noted that, the functions or steps implemented by the computer readable storage medium or the computer device may correspond to the relevant descriptions of the server side and the client side in the foregoing method embodiments, and are not described herein for avoiding repetition.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
And in several embodiments provided by the present invention, it should be understood that the disclosed systems and methods may be implemented in other ways. For example, the system embodiments described above for the first embodiment are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
It should be further noted that, in the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments. While, for the purposes of simplicity of explanation, the methodologies are shown and described as a series of acts, it is to be understood and appreciated by one of ordinary skill in the art that the present invention is not limited by the order of acts, as some acts may, in accordance with the present invention, occur in other orders and concurrently. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present invention.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention.

Claims (10)

1. The cloud load balancing security group automatic configuration method is characterized by comprising the following steps of:
responding to a back-end server adding operation instruction, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added;
acquiring an actual physical IP of a corresponding load balancing instance, a protocol and a port allowing communication according to the load balancing ID, and acquiring a corresponding security group ID according to the information of the back-end server;
And according to the obtained actual physical IP of the load balancing instance, the protocol and the port allowing the communication to be conducted, conducting automatic communication configuration on the corresponding security group ID so as to realize the security access of the back-end server to be added.
2. The cloud load balancing security group automatic configuration method of claim 1, the cloud load balancing security group automatic configuration method is characterized by further comprising the following steps:
monitoring whether the load balancing instance fails, if so, acquiring the actual physical IP of the new load balancing instance and the protocol and the port which allow the communication according to the corresponding load balancing ID;
Inquiring the actual physical IP of the load balancing instance of the fault, the corresponding protocol and port allowing the communication and the security group ID;
And carrying out automatic release configuration on the security group ID according to the actual physical IP of the new load balancing instance and the release-allowed protocol and port, and deleting the actual physical IP of the failed load balancing instance and the corresponding release-allowed protocol and port.
3. The cloud load balancing security group automatic configuration method according to claim 1 or 2, wherein the automatic putting configuration of the corresponding security group ID is performed according to the obtained actual physical IP of the load balancing instance, the protocol allowing putting through, and the port, specifically including:
The actual physical IP of the load balancing instance corresponding to the security group ID, the protocol allowing the communication and the port form a security group rule;
writing RDMAbuffer the security group ID and corresponding security group rules;
And the control computing node reads RDMAbuffer the written security group ID and the corresponding security group rule so as to automatically release and configure the security group ID according to the security group rule.
4. The method for automatically configuring the cloud load balancing security group according to claim 1, wherein the acquiring the actual physical IP of the corresponding load balancing instance and the protocol and the port allowing the communication according to the load balancing ID specifically comprises:
acquiring a back-end server resource pool ID from a load balancing database according to the load balancing ID, and further acquiring a protocol and a port which allow release according to the back-end server resource pool ID;
and inquiring a corresponding load balancing instance from a load balancing database according to the load balancing ID, and acquiring the actual physical IP of the load balancing instance.
5. The method for automatically configuring the cloud load balancing security group according to claim 1, wherein the obtaining the corresponding security group ID according to the information of the backend server specifically includes:
and acquiring the port ID of the back-end server from a load balancing database according to the back-end server ID and the IP in the information of the back-end server, and further acquiring the bound security group ID according to the port ID inquiry.
6. The cloud load balancing security group automatic configuration method according to claim 1, further comprising monitoring access traffic after the security access of the backend server to be added is achieved, and distributing the access traffic to the corresponding backend server according to a preset balancing configuration rule.
7. A cloud load balancing security group auto-configuration system, comprising:
The monitoring acquisition unit is used for monitoring service information, responding to the adding operation instruction of the back-end server if the service information is the adding operation instruction of the back-end server, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added;
The query acquisition unit is used for acquiring the actual physical IP of the corresponding load balancing instance, the protocol and the port which are allowed to be put through according to the load balancing ID, and acquiring the corresponding security group ID according to the information of the back-end server;
And the admission configuration unit is used for carrying out automatic communication configuration on the corresponding security group ID according to the acquired actual physical IP of the load balancing instance, the communication-allowed protocol and the port so as to realize the security admission of the back-end server to be added.
8. The cloud load balancing security group automatic configuration system is characterized by comprising a control node, a computing node and a back-end server, wherein the control node comprises a load balancer and a security group control plug-in,
The load balancer is used for responding to the adding operation instruction of the back-end server when monitoring the adding operation instruction of the back-end server, searching a corresponding load balancing ID based on a preset balancing configuration rule, and acquiring information of the back-end server to be added;
The security group control plug-in is used for acquiring the actual physical IP of the corresponding load balancing instance and the protocol and the port allowing the communication according to the load balancing ID, acquiring the corresponding security group ID according to the information of the back-end server, and writing RDMAbuffer the security group rule consisting of the actual physical IP of the load balancing instance corresponding to the security group ID, the protocol and the port allowing the communication;
And the back-end server automatically releases and configures the corresponding security group ID according to the security group rule read by the computing node and written into RDMAbuffer so as to realize the automatic connection configuration of the back-end server and the load balancer.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the cloud load balancing security group auto-configuration method according to any of claims 1 to 6 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the cloud load balancing security group auto-configuration method according to any of claims 1 to 6.
CN202411751832.7A 2024-12-02 2024-12-02 Cloud load balancing security group automatic configuration method, system, device and storage medium Pending CN119561946A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411751832.7A CN119561946A (en) 2024-12-02 2024-12-02 Cloud load balancing security group automatic configuration method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411751832.7A CN119561946A (en) 2024-12-02 2024-12-02 Cloud load balancing security group automatic configuration method, system, device and storage medium

Publications (1)

Publication Number Publication Date
CN119561946A true CN119561946A (en) 2025-03-04

Family

ID=94747226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411751832.7A Pending CN119561946A (en) 2024-12-02 2024-12-02 Cloud load balancing security group automatic configuration method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN119561946A (en)

Similar Documents

Publication Publication Date Title
CN108052675B (en) Log management method, system and computer readable storage medium
CN113268308B (en) Information processing method, device and storage medium
CN106790758B (en) Method and device for accessing network object in NAT network
US20140006578A1 (en) Device, system, and method for client-governed session persistency between one or more clients and servers of a data center
CN113572831B (en) Communication method, computer equipment and medium between Kubernetes clusters
CN109151025B (en) Load balancing method and device based on URL, computer storage medium and equipment
WO2018058998A1 (en) Data loading method, terminal and computing cluster
CN109445988B (en) Heterogeneous disaster recovery method, device, system, server and disaster recovery platform
CN107666493B (en) Database configuration method and equipment thereof
CA3138764A1 (en) Data processing method, device, computer equipment and storage medium
CN110324184B (en) Service expansion and migration method, apparatus, system, device and readable storage medium
US9390156B2 (en) Distributed directory environment using clustered LDAP servers
CN111225003B (en) NFS node configuration method and device
CN106302640A (en) Data request processing method and device
CN111752681A (en) Request processing method, apparatus, server, and computer-readable storage medium
US20230161541A1 (en) Screen projection method and system
CN109951543A (en) Data search method, device and network device for CDN node
CN113242299A (en) Disaster recovery system, method, computer device and medium for multiple data centers
CN114745413A (en) Access control method, device, computer equipment and storage medium for server
US10545667B1 (en) Dynamic data partitioning for stateless request routing
CN114301872B (en) Domain name based access method and device, electronic equipment and storage medium
US11070614B2 (en) Load balancing method and related apparatus
WO2020252724A1 (en) Log processing method and device, and computer-readable storage medium
US9537941B2 (en) Method and system for verifying quality of server
WO2017049959A1 (en) Service processing method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination