CN118200131A - Method, system and SDN controller for realizing multi-network plane EIP function - Google Patents
Method, system and SDN controller for realizing multi-network plane EIP function Download PDFInfo
- Publication number
- CN118200131A CN118200131A CN202310945763.2A CN202310945763A CN118200131A CN 118200131 A CN118200131 A CN 118200131A CN 202310945763 A CN202310945763 A CN 202310945763A CN 118200131 A CN118200131 A CN 118200131A
- Authority
- CN
- China
- Prior art keywords
- network
- eip
- virtual
- identifier
- plane
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000006870 function Effects 0.000 claims description 50
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 9
- 238000002955 isolation Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 21
- 101100301524 Drosophila melanogaster Reg-5 gene Proteins 0.000 description 7
- 230000009471 action Effects 0.000 description 5
- 235000014510 cooky Nutrition 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- RJKFOVLPORLFTN-LEKSSAKUSA-N Progesterone Chemical compound C1CC2=CC(=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H](C(=O)C)[C@@]1(C)CC2 RJKFOVLPORLFTN-LEKSSAKUSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/40—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a method, a system and an SDN controller for realizing multi-network plane EIP function, comprising the following steps: the SDN controller transmits configuration information to the virtual switch, the virtual network element and the physical switch according to the EIP request, and the virtual switch writes the identifier of the EIP network plane in the reserved field of the VXLAN message and transmits the identifier to the virtual network element through the virtual switch flow table; the virtual network element acquires the identification, determines a network outlet corresponding to the virtual machine flow, and the physical switch determines a virtual routing forwarding table corresponding to the network outlet, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table. According to the embodiment of the invention, the network plane identifier is bound with the network outlet by deploying virtual network element equipment in the cloud and utilizing the multi-flow table isolation capability of the virtual switch, and the network outlet is bound with the virtual private network routing table, so that the EIP is bound to a plurality of external network planes, and the function of intercommunication of different types of service network flows is realized.
Description
Technical Field
The present invention relates to the field of data communications technologies, and in particular, to a method for implementing a multi-network plane EIP function, a system for implementing a multi-network plane EIP function, and an SDN controller.
Background
And a cloud platform based on a cloud computing management platform openstack architecture supports multi-availability zone (AvailableZone, AZ) resource layout, ultra-large scale cluster scale and soft and hard coordination. The resource pool core capability meets the requirements of ultra-large scale, high-performance, safe and reliable cloud service, can promote the ultra-large scale resource pool management and scheduling capability of an Infrastructure as a service (IaaS) platform, supports ultra-large scale data center networking and multi-AZ architecture, has the resource pool network management capability of 5000 node scale, supports 5000 server scale by single AZ, and promotes regional scale (Region) by more than 10 times, thereby reaching the advanced level of industry and meeting the service requirements of enterprise application two-place three-center multi-activity disaster recovery and the like.
However, the cloud platform based on openstack architecture at present, whether it is public cloud or private cloud, can only bind and fix an elastic public internet Protocol (EIP) address of an external network plane attribute, generally an EIP address of an internet plane attribute when binding a virtual machine.
However, in addition to interfacing to the internet network plane, EIP interfaces to data communications networks (Datacommunication network, DCN), internet second plane (Chinatelecom Next CarrierNetwork, CN) networks, bearer networks, including virtual private network (VirtualPrivate Network, VPN) networks, etc., that are carried on each network. In addition, in a large network service provider (Internet ServiceProvider, ISP) network, there are network planes with various service attributes, and it is also necessary to bind the virtual machine to the corresponding EIP address.
Therefore, how to implement the multi-network plane EIP function in the cloud network becomes a technical problem that the skilled person in the art urgent solves.
Disclosure of Invention
Aiming at the defects in the prior art, the embodiment of the invention provides a method for realizing the multi-network plane EIP function, a system for realizing the multi-network plane EIP function and an SDN controller.
In a first aspect, an embodiment of the present invention provides a method for implementing a multi-network plane EIP function, including:
receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes;
According to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table;
According to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol;
And issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
The method as above, optionally:
Issuing the first configuration information and the second configuration information through a virtual switch control ovsctl protocol;
The third configuration information is issued via an XML-based network configuration netconf protocol.
The method as above, optionally, further comprising:
And issuing security group function configuration information to the physical network equipment, wherein the security group function configuration information comprises an EIP security group which is released, so that the physical network equipment releases the flow of the EIP security group according to the security group function configuration information.
The method as above, optionally, further comprising:
And transmitting QOS function configuration information of service quality to the physical network equipment, wherein the QOS function configuration information comprises an EIP address of speed limit and a speed limit value, so that the physical network equipment sets a speed limit meter table according to the QOS function configuration information, and discarding data packets exceeding the speed limit value and corresponding to the EIP address of speed limit through the meter table.
In a second aspect, an embodiment of the present invention provides a method for implementing a multi-network plane EIP function, including:
The virtual switch receives virtual machine traffic sent by a virtual machine, determines an identifier of an elastic public network (EIP) network plane corresponding to the virtual machine traffic according to first configuration information issued by an SDN controller and a preset plurality of network planes and an identifier relation table, writes the identifier in a reserved field of an extensible virtual local area network (VXLAN) message in the virtual machine traffic, and sends the identifier to a virtual network element through a virtual switch flow table, wherein the EIP network plane is at least one of the preset plurality of network planes;
the virtual network element obtains the identifier according to the second configuration information issued by the SDN controller, determines a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converts the network outlet into elastic public network EIP flow, and sends the elastic public network EIP flow to a physical switch through a border gateway protocol;
And the physical switch determines a virtual route forwarding table corresponding to the network outlet according to third configuration information issued by the SDN controller and a preset network outlet and virtual route forwarding relation table, and forwards the EIP traffic to a corresponding network plane through the virtual route forwarding table.
In a third aspect, an embodiment of the present invention provides an SDN controller, including:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving an elastic public network EIP request issued by a virtual machine, the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes;
the first configuration module is used for issuing first configuration information to the virtual switch according to the elastic public network EIP request so that the virtual switch receives virtual machine flow sent by the virtual machine, determining an identifier corresponding to the EIP network plane according to a plurality of preset network planes and an identifier relation table, writing the identifier in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine flow, and sending the identifier to a virtual network element through a virtual switch flow table;
the second configuration module is used for issuing second configuration information to the virtual network element according to the elastic public network EIP request so that the virtual network element can acquire the identifier, determining a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converting the network outlet into the elastic public network EIP flow, and transmitting the elastic public network EIP flow to the physical switch through a border gateway protocol;
and the third configuration module is used for issuing third configuration information to the physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual route forwarding table corresponding to the network outlet according to a preset network outlet and virtual route forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual route forwarding table.
In a fourth aspect, an embodiment of the present invention provides a system for implementing a multi-network plane EIP function, including:
Virtual machines, virtual switches, virtual network elements and physical switches and SDN controllers as described above;
the virtual machine is used for determining an EIP network plane and issuing an EIP request for creating an elastic public network, wherein the EIP request for creating the elastic public network comprises the EIP network plane, and the EIP network plane is at least one of a plurality of preset network planes;
The virtual switch is used for receiving virtual machine traffic sent by a virtual machine, determining an identifier of an elastic public network (EIP) network plane corresponding to the virtual machine traffic according to first configuration information issued by an SDN controller and a preset plurality of network planes and identifier relation tables, writing the identifier in a reserved field of an extensible virtual local area network (VXLAN) message in the virtual machine traffic, and sending the identifier to a virtual network element through a virtual switch flow table, wherein the EIP network plane is at least one of the preset plurality of network planes;
the virtual network element is used for acquiring the identifier according to the second configuration information issued by the SDN controller, determining a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converting the network outlet into an elastic public network EIP flow, and transmitting the elastic public network EIP flow to the physical switch through a border gateway protocol;
The physical switch is configured to determine a virtual routing forwarding table corresponding to the network outlet according to third configuration information issued by the SDN controller and a preset network outlet and virtual routing forwarding relation table, and forward the EIP traffic to a corresponding network plane through the virtual routing forwarding table.
As in the above system, optionally, the virtual network element includes: virtual access gateway AGW.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including:
the device comprises a memory and a processor, wherein the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions capable of performing the method of: receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes; according to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table; according to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol; and issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
In a sixth aspect, an embodiment of the present invention provides a storage medium having stored thereon a computer program which, when executed by a processor, performs the method of: receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes; according to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table; according to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol; and issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
According to the method for realizing the multi-network plane EIP function, virtual network element equipment in the cloud is deployed, network plane identifiers are written in reserved fields of message headers of the extensible virtual local area network by utilizing the multi-flow table isolation capability of the virtual switch, the network plane identifiers are bound with network outlets, and the network outlets are bound with virtual private network routing tables of physical networks of a data center, so that EIP is bound to multiple external network planes, traffic intercommunication of different types of service networks is realized, and network configuration work is simplified.
Drawings
FIG. 1 is a flow chart of steps of an embodiment of a method for implementing multi-network plane EIP functions in accordance with the present invention;
fig. 2 is a block diagram of a virtual network controlled by an SDN controller in an embodiment of a method for implementing multi-network plane EIP functions in accordance with the present invention;
FIG. 3 is a schematic diagram of an EIP page created in an embodiment of a method for implementing multi-network plane EIP functions of the present invention;
Fig. 4 is a schematic diagram of VXLAN message format in an embodiment of a method for implementing multi-network plane EIP functions according to the present invention;
FIG. 5 is a schematic diagram of the mapping relationship between AGW and B-LEAF in an embodiment of a method for implementing multi-network plane EIP functions according to the present invention;
FIG. 6 is a schematic diagram of a binding page between a virtual machine and an EIP in an embodiment of a method for implementing multi-network plane EIP functions according to the present invention;
FIG. 7 is a flow chart of steps of another embodiment of a method of implementing multi-network plane EIP functions in accordance with the present invention;
FIG. 8 is a block diagram of an embodiment of an SDN controller of the present invention;
FIG. 9 is a block diagram of an embodiment of a system implementing multi-network plane EIP functions in accordance with the present invention;
fig. 10 is a block diagram of an embodiment of an electronic device of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a method for implementing multi-network plane EIP functions of the present invention, applied to a controller side of a software defined network (Software Defined Network, SDN), may specifically include the following steps:
step S110, receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes;
specifically, referring to fig. 2, a structural block diagram of a virtual network controlled by an SDN controller in an embodiment of a method for implementing multi-network plane EIP functions of the present invention is shown, where the virtual network controlled by the SDN controller is divided into three layers:
The first layer is a transit center (TRANSIT CENTER, TC) area, responsible for accessing external networks including external network traffic, network attached storage (Network Attached Storage, NAS) traffic, private line access switches, inter-cloud high-speed devices, VPN devices and the like, which are all multi-active access, virtual network elements deployed in the area are provided with an access gateway (ACCESS GATEWAY, AGW) and a service gateway (SERVINGGATEWAY, SGW), AGW is responsible for issuing public network non-category inter-domain routes (CLASSLESS INTER-DomainRouting, CIDR), and SGW is responsible for speed limiting.
The second layer is a network element service area, and the service area in the area provides 3-layer to 7-layer network services for tenants, including private lines, interconnection gateways (IGW International Gateway, IGW), network address translation (Network Address Translation, NAT), VPN access, load balancing (Loadbalancing, LB), and the like.
The third layer is a resource access layer, and is responsible for providing Virtual network access services for Virtual Machines (VM), containers and bare machines, wherein the network element types are distributed Virtual routers (Distributevirtual router, DVR) and intelligent network cards (SmartNIC), and Virtual switches (OVS) can be set on the intelligent network cards.
SDN control logic configures the OVS, the virtual network element nodes and the physical underley switch, wherein the physical underley switch (such as B-LEAF) is configured and issued through an XML-based network configuration protocol (netconf), and the OVS and the virtual network element nodes (such as IGW, SGW, AGW) are configured and issued through a virtual switch control protocol (ovsctl).
When a user needs to apply for an elastic public network (EIP), relevant parameter information of a VM distributed to the user is input on a provided EIP creation page, for example, the user selects an EIP binding network plane for each VM from a plurality of network planes, after clicking and submitting, the VM generates an EIP creation request according to the information submitted by the user, wherein the EIP request comprises an EIP network plane corresponding to a virtual machine, the EIP network plane is the network plane selected by the user, and the network plane is one or more of a plurality of preset network planes, namely, the user can select to bind one EIP network plane or can select to bind a plurality of EIP network planes.
For example, cloud tenant a multiple virtual machines VM1, VM2 … … VMn need to access multiple networks. Scene 1: VM1 accesses the second plane of Internet (ChinaNet Next Carrying Network, CN 2), VM2 accesses the data communication network (Data communication network, DCN), then cloud tenant A selects a binding CN2 network for VM1 and a binding DCN network for VM2 in the page; scene 2: and the VM1 needs to access the CN2 network and the DCN network at the same time, and then the cloud tenant A selects and binds the CN2 network and the DCN network for the VM1 in the page.
Referring to fig. 3, an embodiment of a method for implementing multi-network plane EIP functions of the present invention is shown, where an EIP page is created schematically, when a user creates an EIP, the user may select a different network plane according to a network type, for example, CN2-1124, which is a DCN network plane of a telecommunications internal office, and may see an address range 136.29.0.0-136.29.2.254 of the EIP, and after the user selects binding, the VM generates an EIP creation request according to information submitted by the user.
Step S120, according to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine flow sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a plurality of preset network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine flow, and the identifier is sent to a virtual network element through a virtual switch flow table;
Specifically, after receiving an EIP creation request sent by a VM, the SDN controller sends configuration information to the OVS through a ovsctl protocol, and records the configuration information as first configuration information, after receiving the first configuration information sent by the SDN controller, the OVS determines an EIP network plane corresponding to the VM, after receiving VM traffic sent by the VM, determines an identifier of the EIP network plane according to a preset plurality of network planes and an identifier relationship table, writes the identifier in a reserved field of an extensible virtual local area network (Virtual eXtensible LAN, VXLAN) message in the VM traffic, and sends the identifier to a virtual network element through an OVS flow table.
Referring to fig. 4, a schematic diagram of a VXLAN message format in an embodiment of a method for implementing multi-network plane EIP functions of the present invention is shown, where a Reserved field (Reserved) in a VXLAN message header in the VXLAN message has 8 bits and may be used to carry an EIP network plane identifier, and the Reserved field has 8 bits and may have 256-1=255 EIP network planes that may be identified, and enough identifiers are used. For example, if the OVS is identified as 0 in the reserved field in the header of VXLAN, the corresponding EIP network plane is the default network plane of the system, and if the corresponding EIP network plane is the default network plane of the system, the corresponding OVS is forwarded using the default address pool of the system for the traffic. The OVS is identified in the field as 1, then the corresponding EIP network plane is the first network plane, and then the first EIP address pool is used for forwarding for that traffic. The OVS identifies 2 in the field, and the corresponding EIP network plane is the second network plane, and a second address pool is selected for the flow.
Step S130, according to the elastic public network EIP request, a second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol;
specifically, after receiving an EIP creation request sent by a VM, the SDN controller sends configuration information to the virtual network element through a ovsctl protocol, and records the configuration information as second configuration information, after receiving the second configuration information sent by the SDN controller, the virtual network element obtains an identifier of a reserved field in a header of a VXLAN message in the VM traffic after receiving the VM traffic sent by the OVS traffic, determines a network outlet corresponding to the VM traffic according to a preset relationship table between the identifier and the network outlet, converts the VM traffic into the EIP traffic, and sends the EIP traffic to the physical switch through a border gateway protocol (Border Gateway Protocol, BGP). Wherein the virtual network element may be an AGW.
In practical application, when VM traffic enters OVS, the timing of VXLAN identifier addition is to make an identifier for a reserved field of VXLAN header, for example, virtual machine IP address is bound with EIP address pool 2, then 2 identifiers are added to the VXLAN reserved field of the traffic on the flow table of OVS, after the traffic is forwarded to AGW, AGW determines that the exit corresponding to the traffic is CN2-1124 according to identifier 2 reserved by VXLAN, then converts VM traffic into EIP traffic, and sends the EIP traffic to a physical switch through BGP protocol.
Step S140, according to the elastic public network EIP request, third configuration information is issued to the physical switch, so that the physical switch determines a virtual route forwarding table corresponding to the network outlet according to a preset network outlet and virtual route forwarding relation table, and forwards the EIP traffic to a corresponding network plane through the virtual route forwarding table.
Specifically, after receiving the EIP creation request sent by the VM, the SDN controller sends configuration information to a physical switch, for example, a B-LEAF through an XML-based network configuration protocol (netconf), and records the configuration information as third configuration information, and after receiving the third configuration information, the physical switch determines a virtual routing forwarding table corresponding to the network egress according to a preset network egress and virtual reason forwarding relation table, and forwards EIP traffic to a corresponding network plane through the virtual routing forwarding table.
In practical application, a configuration Option of a network type is newly added in a virtual network element AGW, meanwhile, a VPN routing table (Virtual Routing andRorwarding, VRF) is newly added in a physical switch B-LEAF, and the AGW and the B-LEAF broadcast EIP addresses in a BGP Option A mode to realize route release of a virtual network and a physical network. The B-LEAF then publishes the route to the large network in a conventional manner. Wherein the cross-domain VPN-OptionA (Inter-Provider Backbones Option A) approach requires that the cross-domain VPN manage its own VPN routes, also known as VRF-to-VRF, between autonomous system border routers (Autonomous System border Router, ASBR) through dedicated interfaces.
Referring to fig. 5, a schematic diagram of a correspondence between AGW and B-LEAF in a method embodiment for implementing multi-network plane EIP functions of the present invention is shown, in which a virtual network element AGW adds new network type configuration options, and simultaneously adds a VRF routing table in a physical device B-LEAF, AGW distinguishes different outlets and converts them into corresponding EIPs and issues them through BGP, a physical network VRF isolates different networks and passes BGP delivery routes, after traffic is forwarded to AGW normally, AGW enters CN2-1124 outlets according to identifier 2 reserved by VXLAN, that is, interfaces to which the next hop of B-LEAF is DCN-VRF, so that different traffic can enter VRFs in different B-LEAF to achieve the purpose of multiple outlets of traffic.
Referring to fig. 6, a schematic diagram of a binding page between a virtual machine and an EIP in an embodiment of a method for implementing multi-network plane EIP functions is shown, where one virtual machine binds a public network IP address 61.186.X.x, and another virtual machine binds 136.29.X.x, so as to implement the purpose that the virtual machine binds multiple external networks through the EIP.
According to the method for realizing the multi-network plane EIP function, virtual network element equipment in the cloud is deployed, network plane identifiers are written in reserved fields of message headers of the extensible virtual local area network by utilizing the multi-flow table isolation capability of the virtual switch, the network plane identifiers are bound with network outlets, and the network outlets are bound with virtual private network routing tables of physical networks of a data center, so that EIP is bound to multiple external network planes, traffic intercommunication of different types of service networks is realized, and network configuration work is simplified.
On the basis of the above embodiment, further, the method further includes:
And issuing security group function configuration information to the physical network equipment, wherein the security group function configuration information comprises an EIP security group which is released, so that the physical network equipment releases the flow of the EIP security group according to the security group function configuration information.
Specifically, the SDN controller may issue security group function configuration information for the virtual IP of the EIP-bound network plane, so as to release the EIP security group, and intercept other traffic without release. The EIP network plane and the security access control policy are synchronized as needed between a physical network control module in the SDN controller and physical network devices such as LEAF switches, firewalls and the like and terminals such as servers, VMs and the like.
For example, the SDN controller may issue a security group function for virtual IP 136.29.X.x of the CN2-1124 network plane, where the following is a security group implementing release 136.0.0.0/8, and other traffic is not released, and the specific corresponding flow table is as follows:
Outgoing security group:
[root@test-env-gz03-compute-11e50e37e63~]#ovs-ofctl-O openflow13dump-flows br-int table=71,reg5=121
cookie=0x0,duration=7430643.029s,table=71,n_packets=127360,n_bytes=10952960,priority=200,ip,reg5=0x79 actions=goto_table:73
[root@test-env-gz03-compute-11e50e37e63~]#
[root@test-env-gz03-compute-11e50e37e63~]#
an incoming security group:
[root@test-env-gz03-compute-11e50e37e63~]#ovs-ofctl-O openflow13dump-flows br-int table=81,reg5=121
cookie=0x0,duration=7430651.100s,table=81,n_packets=0,n_bytes=0,priority=200,tcp,reg5=0x79,tp_dst=22actions=goto_table:83
cookie=0x0,duration=7430651.099s,table=81,n_packets=0,n_bytes=0,priority=200,tcp,reg5=0x79,tp_dst=3389actions=goto_table:83
cookie=0x0,duration=7430651.096s,table=81,n_packets=0,n_bytes=0,priority=200,ip,reg5=0x79,nw_src=10.1.1.252actions=goto_table:83
cookie=0x0,duration=7430651.097s,table=81,n_packets=0,n_bytes=0,priority=200,icmp,reg5=0x79 actions=goto_table:83
through the steps, the flow forwarding of the CN2-1124 network plane can be realized through the flow table mode of the OVS on the intelligent network card, and the security group function can be provided for the EIP136.29.X.x of the CN2-1124 network plane.
On the basis of the above embodiment, further, the method further includes:
And transmitting QOS function configuration information of service quality to the physical network equipment, wherein the QOS function configuration information comprises an EIP address of speed limit and a speed limit value, so that the physical network equipment sets a speed limit meter table according to the QOS function configuration information, and discarding data packets exceeding the speed limit value and corresponding to the EIP address of speed limit through the meter table.
Specifically, the SDN controller may issue QOS function configuration information to a physical network device, where the QOS function configuration information is used to limit an EIP address traffic, and the physical network device sets a speed limit meter table according to the QOS function configuration information, and discards, by using the meter table, a packet exceeding a speed limit value corresponding to an EIP address that limits a speed.
For example, the SDN controller performs QOS function delivery on EIP 136.29.X.x of CN2-1124 network plane, and performs speed-limiting 500,000kbps processing on virtual IP. Here, an IP address corresponds to a meter table, and in order to limit the bandwidth under the user datagram protocol (User Datagram Protocol, UDP) and the transmission control protocol (Transmission Control Protocol, TCP) by bps, a meter table is set on the server x86, where the meter table 1 is set to discard all packets with bps exceeding 500,000 kbps. The specific commands are as follows:
ovs-ofctl add-meter br-int meter=1,kbps,band=type=drop,rate=500000-OOpenFlow13。
Through the steps, the flow forwarding of the CN2-1124 network plane can be realized through the flow table mode of the OVS on the intelligent network card, and the functions of providing a security group and QOS for the EIP136.29.X.x of the CN2-1124 network plane can be realized.
According to the embodiment of the invention, through deploying virtual network element equipment in the cloud, the virtual network element equipment is bound with the VPN routing table of the data center physical network by utilizing the OVS multi-flow table isolation capability, so that the EIP is bound to a plurality of external network planes, and the traffic intercommunication of different types of service networks is realized. Meanwhile, the configuration of different EIP network plane information and security access control strategies of the virtual network element is realized through the SDN controller, and the EIP network plane and the security access control strategies are synchronized as required between a physical network control module and physical network equipment and terminals in the SDN controller.
Referring to fig. 7, a flowchart illustrating steps of another embodiment of a method for implementing multi-network plane EIP functions according to the present invention may specifically include the following steps:
Step S710, a virtual switch receives virtual machine traffic sent by a virtual machine, determines an identifier of an elastic public network (EIP) network plane corresponding to the virtual machine traffic according to first configuration information issued by an SDN controller and a preset plurality of network planes and an identifier relation table, writes the identifier in a reserved field of an extensible virtual local area network (VXLAN) message in the virtual machine traffic, and sends the identifier to a virtual network element through a virtual switch flow table, wherein the EIP network plane is at least one of the preset plurality of network planes;
Step S720, the virtual network element acquires the identifier according to the second configuration information issued by the SDN controller, determines a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converts the network outlet into an elastic public network EIP flow, and sends the elastic public network EIP flow to a physical switch through a border gateway protocol;
Step S730, the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to third configuration information issued by the SDN controller and a preset network outlet and virtual routing forwarding relation table, and forwards the EIP traffic to a corresponding network plane through the virtual routing forwarding table.
Specifically, when a user needs to apply for an elastic public network EIP, relevant parameter information of a VM allocated to the user is input on a provided page for creating the EIP, and the VM generates an EIP request for creating the elastic public network according to information submitted by the user, where the EIP request includes an EIP network plane corresponding to a virtual machine, and the EIP network plane is a network plane selected by the user, and the network plane is one or more of a plurality of preset network planes.
After receiving the EIP creation request sent by the VM, the SDN controller sends first configuration information to the OVS and the virtual network element through ovsctl protocol, and sends third configuration information to the physical switch through netconf. After receiving the first configuration information sent by the SDN controller, the OVS determines an EIP network plane corresponding to the VM, after receiving VM traffic sent by the VM, determines an identifier of the EIP network plane according to a preset plurality of network planes and identifier relation tables, writes the identifier in a reserved field of a VXLAN message in the VM traffic, and sends the identifier to a virtual network element through the OVS flow table.
After receiving the second configuration information sent by the SDN controller and receiving the VM traffic sent by the OVS traffic, the virtual network element obtains the identifier of the reserved field in the header of the VXLAN message in the VM traffic, determines the network outlet corresponding to the VM traffic according to the preset relationship table of the identifier and the network outlet, converts the VM traffic into EIP traffic, and sends the EIP traffic to the physical switch by the BGP protocol. Wherein the virtual network element may be an AGW.
After the physical switch receives the third configuration information, determining a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual reason forwarding relation table, and forwarding EIP traffic to a corresponding network plane through the virtual routing forwarding table.
According to the method for realizing the multi-network plane EIP function, virtual network element equipment in the cloud is deployed, network plane identifiers are written in reserved fields of message headers of the extensible virtual local area network by utilizing the multi-flow table isolation capability of the virtual switch, the network plane identifiers are bound with network outlets, and the network outlets are bound with virtual private network routing tables of physical networks of a data center, so that EIP is bound to multiple external network planes, traffic intercommunication of different types of service networks is realized, and network configuration work is simplified.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Referring to fig. 8, a block diagram of an embodiment of an SDN controller of the present invention is shown, which may specifically include the following modules:
A receiving module 810, configured to receive an elastic public network EIP request issued by a virtual machine, where the elastic public network EIP request includes an EIP network plane corresponding to the virtual machine, where the EIP network plane is at least one of a plurality of preset network planes;
A first configuration module 820, configured to issue first configuration information to a virtual switch according to the elastic public network EIP request, so that the virtual switch receives a virtual machine flow sent by the virtual machine, determine an identifier corresponding to the EIP network plane according to a preset relationship table of a plurality of network planes and identifiers, write the identifier in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine flow, and send the identifier to a virtual network element through a virtual switch flow table;
the second configuration module 830 is configured to send second configuration information to a virtual network element according to the elastic public network EIP request, so that the virtual network element obtains the identifier, determines a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converts the network outlet into an elastic public network EIP flow, and sends the elastic public network EIP flow to a physical switch through a border gateway protocol;
And the third configuration module 840 is configured to issue third configuration information to the physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual route forwarding table corresponding to the network outlet according to a preset network outlet and virtual route forwarding relation table, and forwards the EIP traffic to a corresponding network plane through the virtual route forwarding table.
For the SDN controller embodiment, since the SDN controller is substantially similar to the method embodiment, the description is relatively simple, and the relevant points only need to be referred to in the description of the method embodiment, which is not repeated here.
Referring to fig. 9, a block diagram illustrating an embodiment of a system for implementing multi-network plane EIP functions according to the present invention may specifically include:
Virtual machine 910, virtual switch 920, virtual network element 930, and physical switch 940 and SDN controller 950;
The virtual machine 910 is configured to determine an EIP network plane, and issue an EIP creation request, where the EIP creation request includes the EIP network plane, and the EIP network plane is at least one of a plurality of preset network planes;
The virtual switch 920 is configured to receive a virtual machine flow sent by the virtual machine 910, determine an identifier of an elastic public network EIP network plane corresponding to the virtual machine flow according to first configuration information and a preset plurality of network planes and an identifier relation table sent by the SDN controller 950, write the identifier in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine flow, and send the identifier to a virtual network element through a virtual switch flow table, where the EIP network plane is at least one of the preset plurality of network planes;
The virtual network element 930 is configured to obtain the identifier according to the second configuration information issued by the SDN controller 950, determine a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relationship table, convert the network outlet to an elastic public network EIP flow, and send the elastic public network EIP flow to the physical switch 940 through a border gateway protocol;
The physical switch 940 is configured to determine a virtual routing forwarding table corresponding to the network outlet according to third configuration information and a preset network outlet and virtual routing forwarding relation table issued by the SDN controller 950, and forward the EIP traffic to a corresponding network plane through the virtual routing forwarding table.
For the system embodiment, since the system embodiment is substantially similar to the method embodiment, the description is relatively simple, and the relevant points only need to be referred to the part of the description of the method embodiment, which is not repeated herein.
Referring to fig. 10, there is shown a block diagram of an embodiment of an electronic device of the present invention, the device comprising: a processor (processor) 1010, a memory (memory) 1020, and a bus 1030;
wherein the processor 1010 and the memory 1020 communicate with each other via the bus 1030;
The processor 1010 is configured to invoke program instructions in the memory 1020 to perform the methods provided by the method embodiments described above, including, for example: receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes; according to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table; according to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol; and issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
Embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the method embodiments described above, for example comprising: receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes; according to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table; according to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol; and issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
Embodiments of the present invention provide a non-transitory computer readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above-described method embodiments, for example, including: receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes; according to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table; according to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol; and issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or terminal device that comprises the element.
The above description of a method for implementing the multi-network plane EIP function, a system for implementing the multi-network plane EIP function and an SDN controller provided by the present invention applies specific examples to illustrate the principles and embodiments of the present invention, and the above description of the examples is only used to help understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (10)
1. A method for implementing multi-network plane EIP functions, comprising:
receiving an elastic public network EIP (Ethernet over coax) request issued by a virtual machine, wherein the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes;
According to the elastic public network EIP request, first configuration information is issued to a virtual switch so that the virtual switch receives virtual machine traffic sent by the virtual machine, an identifier corresponding to the EIP network plane is determined according to a preset plurality of network planes and an identifier relation table, the identifier is written in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine traffic, and the identifier is sent to a virtual network element through a virtual switch flow table;
According to the elastic public network EIP request, second configuration information is issued to a virtual network element so that the virtual network element can acquire the identifier, a network outlet corresponding to the virtual machine flow is determined according to a preset identifier and network outlet relation table, and the network outlet is converted into the elastic public network EIP flow, and the elastic public network EIP flow is sent to a physical switch through a border gateway protocol;
And issuing third configuration information to a physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual routing forwarding table corresponding to the network outlet according to a preset network outlet and virtual routing forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual routing forwarding table.
2. The method according to claim 1, characterized in that:
Issuing the first configuration information and the second configuration information through a virtual switch control ovsctl protocol;
The third configuration information is issued via an XML-based network configuration netconf protocol.
3. The method as recited in claim 1, further comprising:
And issuing security group function configuration information to the physical network equipment, wherein the security group function configuration information comprises an EIP security group which is released, so that the physical network equipment releases the flow of the EIP security group according to the security group function configuration information.
4. The method as recited in claim 1, further comprising:
And transmitting QOS function configuration information of service quality to the physical network equipment, wherein the QOS function configuration information comprises an EIP address of speed limit and a speed limit value, so that the physical network equipment sets a speed limit meter table according to the QOS function configuration information, and discarding data packets exceeding the speed limit value and corresponding to the EIP address of speed limit through the meter table.
5. A method for implementing multi-network plane EIP functions, comprising:
The virtual switch receives virtual machine traffic sent by a virtual machine, determines an identifier of an elastic public network (EIP) network plane corresponding to the virtual machine traffic according to first configuration information issued by an SDN controller and a preset plurality of network planes and an identifier relation table, writes the identifier in a reserved field of an extensible virtual local area network (VXLAN) message in the virtual machine traffic, and sends the identifier to a virtual network element through a virtual switch flow table, wherein the EIP network plane is at least one of the preset plurality of network planes;
the virtual network element obtains the identifier according to the second configuration information issued by the SDN controller, determines a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converts the network outlet into elastic public network EIP flow, and sends the elastic public network EIP flow to a physical switch through a border gateway protocol;
And the physical switch determines a virtual route forwarding table corresponding to the network outlet according to third configuration information issued by the SDN controller and a preset network outlet and virtual route forwarding relation table, and forwards the EIP traffic to a corresponding network plane through the virtual route forwarding table.
6. An SDN controller, comprising:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving an elastic public network EIP request issued by a virtual machine, the elastic public network EIP request comprises an EIP network plane corresponding to the virtual machine, and the EIP network plane is at least one of a plurality of preset network planes;
the first configuration module is used for issuing first configuration information to the virtual switch according to the elastic public network EIP request so that the virtual switch receives virtual machine flow sent by the virtual machine, determining an identifier corresponding to the EIP network plane according to a plurality of preset network planes and an identifier relation table, writing the identifier in a reserved field of an extensible virtual local area network VXLAN message in the virtual machine flow, and sending the identifier to a virtual network element through a virtual switch flow table;
the second configuration module is used for issuing second configuration information to the virtual network element according to the elastic public network EIP request so that the virtual network element can acquire the identifier, determining a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converting the network outlet into the elastic public network EIP flow, and transmitting the elastic public network EIP flow to the physical switch through a border gateway protocol;
and the third configuration module is used for issuing third configuration information to the physical switch according to the elastic public network EIP request, so that the physical switch determines a virtual route forwarding table corresponding to the network outlet according to a preset network outlet and virtual route forwarding relation table, and forwards the EIP flow to a corresponding network plane through the virtual route forwarding table.
7. A system for implementing multi-network plane EIP functions, comprising:
virtual machines, virtual switches, virtual network elements and physical switches and SDN controller as claimed in claim 6;
the virtual machine is used for determining an EIP network plane and issuing an EIP request for creating an elastic public network, wherein the EIP request for creating the elastic public network comprises the EIP network plane, and the EIP network plane is at least one of a plurality of preset network planes;
The virtual switch is used for receiving virtual machine traffic sent by a virtual machine, determining an identifier of an elastic public network (EIP) network plane corresponding to the virtual machine traffic according to first configuration information issued by an SDN controller and a preset plurality of network planes and identifier relation tables, writing the identifier in a reserved field of an extensible virtual local area network (VXLAN) message in the virtual machine traffic, and sending the identifier to a virtual network element through a virtual switch flow table, wherein the EIP network plane is at least one of the preset plurality of network planes;
the virtual network element is used for acquiring the identifier according to the second configuration information issued by the SDN controller, determining a network outlet corresponding to the virtual machine flow according to a preset identifier and network outlet relation table, converting the network outlet into an elastic public network EIP flow, and transmitting the elastic public network EIP flow to the physical switch through a border gateway protocol;
The physical switch is configured to determine a virtual routing forwarding table corresponding to the network outlet according to third configuration information issued by the SDN controller and a preset network outlet and virtual routing forwarding relation table, and forward the EIP traffic to a corresponding network plane through the virtual routing forwarding table.
8. The system of claim 7, wherein the virtual network element comprises: virtual access gateway AGW.
9. An electronic device, comprising:
the device comprises a memory and a processor, wherein the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1-5.
10. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310945763.2A CN118200131A (en) | 2023-07-28 | 2023-07-28 | Method, system and SDN controller for realizing multi-network plane EIP function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310945763.2A CN118200131A (en) | 2023-07-28 | 2023-07-28 | Method, system and SDN controller for realizing multi-network plane EIP function |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118200131A true CN118200131A (en) | 2024-06-14 |
Family
ID=91405022
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310945763.2A Pending CN118200131A (en) | 2023-07-28 | 2023-07-28 | Method, system and SDN controller for realizing multi-network plane EIP function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118200131A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119232677A (en) * | 2024-11-28 | 2024-12-31 | 北京火山引擎科技有限公司 | Edge switch control method and device, server and edge switch cluster |
| CN119324863A (en) * | 2024-09-23 | 2025-01-17 | 浪潮网络科技(山东)有限公司 | Multi-center network external connection export method, equipment and medium based on SDN |
| CN119449434A (en) * | 2024-11-12 | 2025-02-14 | 中移(苏州)软件技术有限公司 | Security protection methods, cloud access methods, network architectures, devices and equipment |
| CN120856650A (en) * | 2025-09-23 | 2025-10-28 | 中移(苏州)软件技术有限公司 | Network speed limiting method, device, equipment, storage medium and computer program product |
-
2023
- 2023-07-28 CN CN202310945763.2A patent/CN118200131A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119324863A (en) * | 2024-09-23 | 2025-01-17 | 浪潮网络科技(山东)有限公司 | Multi-center network external connection export method, equipment and medium based on SDN |
| CN119449434A (en) * | 2024-11-12 | 2025-02-14 | 中移(苏州)软件技术有限公司 | Security protection methods, cloud access methods, network architectures, devices and equipment |
| CN119232677A (en) * | 2024-11-28 | 2024-12-31 | 北京火山引擎科技有限公司 | Edge switch control method and device, server and edge switch cluster |
| CN120856650A (en) * | 2025-09-23 | 2025-10-28 | 中移(苏州)软件技术有限公司 | Network speed limiting method, device, equipment, storage medium and computer program product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11431526B2 (en) | Deterministic forwarding across L2 and L3 networks | |
| CN118200131A (en) | Method, system and SDN controller for realizing multi-network plane EIP function | |
| US9634929B2 (en) | Using context labels to scale MAC tables on computer network edge devices | |
| US9900263B2 (en) | Non-overlay resource access in datacenters using overlay networks | |
| US8351329B2 (en) | Universal load-balancing tunnel encapsulation | |
| US20170250906A1 (en) | Name-based routing system and method | |
| JP2021530912A (en) | Network slice control method and device, computer readable storage medium | |
| US20040223498A1 (en) | Communications network with converged services | |
| CN104468384A (en) | System and method for achieving multi-service priorities | |
| EP3154229B1 (en) | Device, system and method for providing quality of service (qos) for service packet | |
| CN112714071B (en) | A method and device for transmitting data | |
| CN112202930B (en) | Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network | |
| EP4236251A2 (en) | Label management method and device for processing data stream | |
| US12107704B2 (en) | Method for network slices to share uplink port, apparatus, and storage medium | |
| EP3440810B1 (en) | Quality of service (qos) support for tactile traffic | |
| US10193800B2 (en) | Service label routing in a network | |
| CN114258109B (en) | Method and device for transmitting routing information | |
| EP3836487B1 (en) | Internet access behavior management system and device | |
| Jeuk et al. | Tenant-id: Tagging tenant assets in cloud environments | |
| Kamizuru et al. | Dynamic IP-VPN architecture for cloud computing | |
| CN115460155A (en) | SDWAN application flow control method, device, equipment and storage medium | |
| EP3907935A1 (en) | Customer control of their mobile assets | |
| WO2025073086A1 (en) | Qos class reduction for bursty flows | |
| CN120750869A (en) | Message transmission method, device and system | |
| CN106936681A (en) | A kind of data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |