CN105099779A - Multi-tenant cloud platform architecture - Google Patents
Multi-tenant cloud platform architecture Download PDFInfo
- Publication number
- CN105099779A CN105099779A CN201510454198.5A CN201510454198A CN105099779A CN 105099779 A CN105099779 A CN 105099779A CN 201510454198 A CN201510454198 A CN 201510454198A CN 105099779 A CN105099779 A CN 105099779A
- Authority
- CN
- China
- Prior art keywords
- address
- packet
- access control
- media access
- main frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000004044 response Effects 0.000 claims abstract description 54
- 238000004891 communication Methods 0.000 claims description 61
- 238000000034 method Methods 0.000 claims description 28
- 230000007246 mechanism Effects 0.000 claims description 9
- 238000013519 translation Methods 0.000 claims description 5
- 230000000875 corresponding effect Effects 0.000 description 74
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000001276 controlling effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000002955 isolation Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- RJKFOVLPORLFTN-LEKSSAKUSA-N Progesterone Chemical compound C1CC2=CC(=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H](C(=O)C)[C@@]1(C)CC2 RJKFOVLPORLFTN-LEKSSAKUSA-N 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 210000004556 brain Anatomy 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000007634 remodeling Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/58—Association of routers
- H04L45/586—Association of routers of virtual routers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a host machine in a cloud platform architecture, and the host machine comprises at least one cloud host, an ARP response proxy, an internal switcher, a virtual router, and an external switcher. The host machine provided by the invention can achieve data package routing at a scene of a different network segment and different host machine type, a scene of a different segment and identical host machine type, a scene of an identical network segment and different host machine type and a scene of an identical network segment and identical host machine type in the multi-tenant cloud platform architecture.
Description
Technical field
The present invention relates to system for cloud computing, more specifically, relate to many tenants cloud platform architecture.
Background technology
Along with the fast development of the Internet and cloud computing technology, a lot of IT company is all faced with the problem how efficiently managing own hardware resource.Special for the network management of the large-scale machine room of cloud computing, physical network framework is owing to cannot arbitrarily change on the one hand, cannot the demand of fine adaptive upper-layer service development; On the other hand, in the face of the demand of cloud computing many tenants scene, purely realize Network Isolation and divide then wasting time and energy by physical equipment.Such as, in the prior art scheme, realize the network service isolation between different tenant mainly through VLAN mode, and realize the whole controls to network data by machine room physical network device.But the network architecture is coupled with hardware device height, cannot arbitrarily change, underaction in autgmentability.Particularly cannot meet the diverse requirements of many tenants scene to network, and machine room maintenance work amount is large, operation maintenance personnel needs to take out more time maintenance network hardware setting.
Summary of the invention
In order to solve the problem that physical network device cannot change flexibly, software defined network (SDN) and network virtualization (NFV) flourish in recent years, NFV realizes forwarding and the controlling functions of network packet based on the x86 platform of current extensive use, SDN is a kind of implementation of network virtualization, its core technology network equipment chain of command and data surface is separated by agreements such as OpenFlow, and be the important directions of future network development.The present invention proposes a kind of cloud computing many tenants scene overall network solution realized based on SDN.
In a first aspect of the present invention, propose the host in a kind of cloud platform architecture, comprising:
At least one cloud main frame, be configured to: if described cloud main frame does not have the object MAC address of packet, then described cloud main frame sends ARP broadcast by internal switch to ARP response agent, receive from described arp response agency the target MAC (Media Access Control) address matched with the object internet protocol address of packet by described internal switch, described packet is encapsulated with received target MAC (Media Access Control) address, and by described Packet Generation to described internal switch;
Described arp response agency, be configured to when receiving the ARP broadcast from cloud main frame from internal switch, the object IP address of the packet in the ARP broadcast received is sent to management server, receive the target MAC (Media Access Control) address with the object IP addresses match of packet from described management server, and send described target MAC (Media Access Control) address by described internal switch to described cloud main frame;
Described internal switch, be configured to from described cloud host receiving data bag, if from the MAC Address that the target MAC (Media Access Control) address of the packet of described cloud main frame reception is not the first gateway of virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC then sending the packet received to software defined network SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to external switch,
Virtual router, has the first gateway and the second gateway; And
Described external switch, is configured to when receiving packet from described internal switch, by network tunnel by described Packet Generation to another host.
Preferably, described cloud main frame is further configured to: if do not receive the target MAC (Media Access Control) address of described packet from described arp response agency, then do not send packet.
Preferably, described internal switch is further configured to: if the target MAC (Media Access Control) address of the packet received from described cloud main frame is the MAC Address of the first gateway of described virtual router, then directly by the first gateway, described packet is transmitted to described virtual router;
Wherein, described virtual router is configured to: receive described packet by the first gateway from described internal switch, the second gateway with the object IP addresses match of described packet is found according to routing table, the target MAC (Media Access Control) address of described packet is changed into the target MAC (Media Access Control) address corresponding with described object IP address, the source MAC of described packet is changed into the MAC Address of described second gateway, and pass through described second gateway by described Packet Generation to described internal switch; And
Described internal switch is further configured to: receive described packet from described virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC sending the packet received to described SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to described external switch.
Preferably, described virtual router is further configured to: if do not find the second gateway with the object IP addresses match of described packet according to routing table, then do not send described packet.
Preferably, described internal switch is further configured to: abandon instruction if do not receive to indicate the forwarding instruction of described source MAC and described target MAC (Media Access Control) address or receive message from described SDN controller after receiving described packet from described virtual router, then do not send described packet.
Preferably, described internal switch is further configured to: when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to the second cloud main frame matched with described target MAC (Media Access Control) address.
Preferably, described internal switch is further configured to: when receiving the instruction cloud main frame corresponding with described source MAC from described SDN controller and the cloud main frame corresponding with described target MAC (Media Access Control) address does not possess the message of communication authority, do not forward described packet.
Preferably, described virtual router is set up by Linux NameSpace mechanism.
Preferably, in described virtual router, firewall protection is achieved.
Preferably, in described virtual router, network address translation nat feature is achieved.
In a second aspect of the present invention, propose a kind of method for the host routing data bag in cloud platform architecture, comprising:
If at least one cloud main frame does not have the object MAC address of packet, then described cloud main frame sends ARP broadcast by internal switch to ARP response agent;
Described arp response agency is when receiving the ARP broadcast from cloud main frame from internal switch, the object IP address of the packet in the ARP broadcast received is sent to management server, receive the target MAC (Media Access Control) address matched with the object internet protocol address of packet from described management server, and send described target MAC (Media Access Control) address by described internal switch to described cloud main frame;
Described cloud main frame receives the target MAC (Media Access Control) address with the IP addresses match of packet by described internal switch from described arp response agency, encapsulates described packet with the target MAC (Media Access Control) address received, and by described Packet Generation to described internal switch;
Described internal switch receives described packet from described cloud main frame, if from the MAC Address that the target MAC (Media Access Control) address of the packet of described cloud main frame reception is not the first gateway of virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC then sending the packet received to software defined network SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to external switch, and
Described external switch receives described packet from described internal switch, and by network tunnel by described Packet Generation to another host.
Preferably, described method also comprises: if described cloud main frame does not receive the target MAC (Media Access Control) address of described packet from described arp response agency, then described cloud main frame does not send packet.
Preferably, described method also comprises:
If the target MAC (Media Access Control) address of the packet that described internal switch receives from described cloud main frame is the MAC Address of the first gateway of described virtual router, then directly by the first gateway, described packet is transmitted to described virtual router;
Described virtual router receives described packet by the first gateway from described internal switch, the second gateway with the object IP addresses match of described packet is found according to routing table, the target MAC (Media Access Control) address of described packet is changed into the target MAC (Media Access Control) address corresponding with described object IP address, the source MAC of described packet is changed into the MAC Address of described second gateway, and pass through described second gateway by described Packet Generation to described internal switch;
Described internal switch receives described packet from described virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC sending the packet received to described SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to external switch, and
Described external switch receives described packet from described internal switch, and by network tunnel by described Packet Generation to another host.
Preferably, described method also comprises: if described virtual router does not find the second gateway with the object IP addresses match of described packet according to routing table, then described virtual router does not send described packet.
Preferably, described method also comprises: if described internal switch does not receive to indicate the forwarding instruction of described source MAC and described target MAC (Media Access Control) address or receive message from described SDN controller after receiving described packet from described virtual router abandon instruction, then described internal switch does not send described packet.
Preferably, described method also comprises:
When described internal switch from described SDN controller receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and message in same host of described source MAC and described object MAC time, according to described target MAC (Media Access Control) address by described Packet Generation to the second cloud main frame matched with described target MAC (Media Access Control) address.
Preferably, described method also comprises:
When described internal switch from described SDN controller receive instruction the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address do not possess the message of communication authority time, do not forward described packet.
Preferably, described virtual router is set up by Linux NameSpace mechanism.
Preferably, in described virtual router, firewall protection is achieved.
Preferably, in described virtual router, network address translation nat feature is achieved.
In a third aspect of the present invention, propose the host in a kind of cloud platform architecture, comprising:
External switch, is configured to receive packet by network tunnel, and described packet is transmitted to internal switch;
Described internal switch, be configured to send the source MAC address of the packet received and target MAC (Media Access Control) address and source internet protocol IP address and object IP address to software defined network SDN controller determine in described internal switch for sending the port of described packet to ask described SDN controller, receive for sending the message of the port of described packet in the described internal switch of instruction from described SDN controller, and by described port by described Packet Generation to the recipient's cloud main frame matched with described target MAC (Media Access Control) address; And
Described recipient's cloud main frame, is configured to receive described packet by described port from described internal switch.
In a fourth aspect of the present invention, propose a kind of method for the host routing data bag in cloud platform architecture, comprising:
At external switch, place receives packet by network tunnel, and described packet is transmitted to internal switch;
Send the source MAC address of the packet received and target MAC (Media Access Control) address and source internet protocol IP address and object IP address to determine in described internal switch for sending the port of described packet to software defined network SDN controller to ask described SDN controller at described internal switch place, receive for sending the message of the port of described packet in the described internal switch of instruction from described SDN controller, and by described port by described Packet Generation to the recipient's cloud main frame matched with described target MAC (Media Access Control) address; And
Described recipient's cloud main frame receives described packet by described port from described internal switch.
In a fifth aspect of the present invention, propose a kind of cloud platform architecture, comprise multiple according to the host in above-mentioned first aspect and the third aspect described in either side, management server and software defined network SDN controller, wherein,
Described management server is configured to receive ARP broadcast from described arp response agency, act on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of packet according to described ARP broadcast and described arp response, and described target MAC (Media Access Control) address is sent to described arp response agency; And
Described SDN controller is configured to receive determining whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess the request whether in same host of communication authority and described source MAC and described target MAC (Media Access Control) address from described internal switch, and sends the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address to described internal switch and whether possess communication authority and described source MAC and the described target MAC (Media Access Control) address message whether in same host.
In a sixth aspect of the present invention, propose a kind of method in cloud platform architecture, comprise according to the method in above-mentioned second aspect and fourth aspect described in either side, and comprise:
Described management server receives ARP broadcast from described arp response agency, act on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of packet according to described ARP broadcast and described arp response, and described target MAC (Media Access Control) address is sent to described arp response agency; And
Described SDN controller receives determining whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess the request whether in same host of communication authority and described source MAC and described target MAC (Media Access Control) address from described internal switch, and sends the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address to described internal switch and whether possess communication authority and described source MAC and the described target MAC (Media Access Control) address message whether in same host.
The present invention by means of the x86 platform extensively existed and SDN technology, for cloud computing machine room many tenants scene provides the solution of landing of a kind of network virtualization of high flexibility and Network Isolation.By mechanism such as virtual subnet, virtual router and network tunnels, the physical network decoupling zero of network and the machine room aspect formed between tenant's cloud main frame is come, thus making all cloud host works on a complete software defined network network, the flexibility of management improves greatly.
Accompanying drawing explanation
Fig. 1 shows the schematic diagram of subnet in many tenants cloud platform architecture according to an embodiment of the invention and virtual router;
Fig. 2 shows the schematic diagram of many tenants cloud platform architecture according to an embodiment of the invention;
Fig. 3 shows the schematic diagram of the host in many tenants cloud platform architecture according to an embodiment of the invention; And
Fig. 4 shows according to an embodiment of the invention in the different scenes of many tenants cloud platform architecture routing data bag.
Embodiment
First, the function of subnet in many tenants cloud platform architecture and virtual router is described with reference to Fig. 1.In many tenants cloud platform architecture, carried out the cloud host resource of leading subscriber by logical subnetwork (hereinafter referred to as " subnet "), and set the communications boundary (as shown in Figure 1) between each cloud main frame based on subnet.Cloud main frame is the web hosting service that cloud computing manufacturer provides to user, and cloud main frame belongs to the service of Iaas aspect.User need to specify when creating subnet this subnet IP without Route Selection in class field (CIDR), to be this subnet cloud host assignment IP address.Can realize across functions such as subnetwork communicating, network address translation (NAT) and fire compartment walls based on virtual router.If wish the communication realized between multiple subnets of same user, then only need by these sub network correlation to same virtual router (vRouter).By the packet of cloud main frame between network tunnel encapsulation different hosts machine, avoid upper strata physical network device perception and the lower stratus host information of study, thus logically ensure the independence of cloud mainframe network and physical network.SDN controller accurately can control communication license between each cloud main frame and data flow.
The function of each assembly in cloud platform architecture is described referring to Fig. 2.Cloud platform architecture comprises management server 210, SDN controller 220, host agency 230, virtual switch, virtual router and arp response agency.
Management server 210 is for all relevant hosts under the overall leadership and cloud host information, and its major function comprises: to host, agency 230 issues behavior command, to each host and on cloud main frame control; And externally provide the controlling application program interface (API) of RESTFUL style, for applications of plugging into (APP).
SDN controller 220 is responsible for issuing control command to virtual switch, and its major function comprises: judge the communication license between cloud main frame based on tenant and subnet; And be dynamically specify opposite end IP across the network tunnel of host.
Host agency 230 is the Agents operated on host, and its major function comprises: receive the instruction that also response management server issues; Set up and safeguard the virtual network environment on host, this virtual network environment comprises cloud main frame Microsoft Loopback Adapter, virtual switch and virtual router; And gather the resource metrics information of host and each cloud main frame, and report in time and early warning.
Virtual switch is the switch based on software simulating, uses maximum virtual switch software to be OpenvSwitch at present.The major function of virtual switch comprises: obtain data Packet forwarding strategy from SDN controller, and is followed successively by association cloud main frame and provides data exchanging function; And for providing the support of network service tunnel across the communication of host.
Virtual router is the virtual router by Linux NameSpace Mechanism establishing, and its major function comprises: for the cloud main frame in each subnet provides gateway and three layers of route service; For cloud host access outer net provides network N AT function; And according to the security strategy that user specifies, for each associated container provides firewall services.
Arp response agency is responsible for the local cloud host broadcast of response, and its major function comprises: the ARP broadcast sent for the inner cloud main frame of this host provides response; And obtain arp response data from management server.
Cloud platform architecture is mainly through setting up with under type.First, management server is set up.Management server is the control brain of whole network of computer room framework, the information be correlated with based on each tenant of database purchase, subnet, cloud main frame and network in its rear end.Management server sends instruction according to API Calls to corresponding host, realizes the setting to host cluster.
Then, virtual switch on host is set by host Agent.In order to ensure the communication efficiency in same host between each cloud main frame, and conveniently debug thing and north and south flow, every platform host all establishes two virtual switches (internal switch (switch_inner) in referenced in schematic 3 and external switch (switch_outer)), switch_inner switch is mainly used to realize the network service between local cloud main frame, and switch_outer is mainly used to the network traffics sending and receive across host.Flow wherein between switch_outer and other host needs to be encapsulated by network tunnel, the reason done like this is that different tenants may set up the subnet of identical private ip section, although these IP repeated are sightless to each tenant, but but can produce route flapping problem to network of computer room equipment, therefore in order to shield cloud host logic subnet to the observability of upper layer device, the flow across host must be put into the tunnels such as VXLAN and transmit.
Then, virtual router on host is set by host Agent.Virtual router inside needs the gateway setting up each association subnet, if the same virtual router of same tenant's two sub network correlation, then realizes the communication across subnet by this virtual router.Such as, if a certain virtual router is associated with A, B, C tri-subnets, so this virtual router inside then needs to be respectively these three subnets and sets up a gateway, so that the intercommunication between these three subnets.In addition, the IP distributed due to cloud main frame is the privately owned network segment, directly cannot access outer net, by realizing nat feature in virtual router, this programme ensures that cloud main frame can access outer net.Meanwhile, the firewall protection that cloud main frame provides also is realized in virtual router.
Next, the arp response agency on host is set up.Although different tenant may use the subnet of identical IP section, but the MAC Address corresponding for its each IP of a certain tenant must be fixing, this just requires can respond MAC Address accurately to the cloud host A RP broadcast of each tenant, and arp response agency arranged to solve this demand.In addition in order to ensure the authority that ARP proxy responds, when cloud main frame sends ARP broadcast, by virtual switch, broadcast packet only to be sent on the port of arp response agency, so also can greatly reduce the number of broadcast times of machine room aspect, reduce the risk of broadcast storm.
Finally, SDN controller is set.A main purpose of SDN realizes controlling flexibly and effectively the network equipment by software, virtual switch on each host all needs association SDN controller after start-up, and all bag paths forwarded by virtual switch all will be judged to forward by controller.Controller mainly does the judgement of three aspects: whether the bag reported allows to forward, and which switch ports themselves is walked in forwarding and when forwarding across host, which the IP of opposite end host is.
In order to ensure high-performance and the High Availabitity of whole system, management server and SDN controller all externally will provide service with the form of cluster.
The structure of the host 1 in cloud platform architecture is described below with reference to Fig. 3 and Fig. 4.Host comprises at least one cloud main frame, internal switch (switch_inner), virtual router (vRouter), external switch (switch_outer) and arp response agency.At least one cloud main frame comprises the first cloud main frame (cloud main frame 1 as shown in Figure 4).
When sending packet by host 1, if the first cloud main frame is configured to the target MAC (Media Access Control) address that the first cloud main frame does not have packet, then the first cloud main frame sends ARP broadcast by internal switch to arp response agency, received the target MAC (Media Access Control) address matched with the object internet protocol address of packet from arp response agency by internal switch, by received target MAC (Media Access Control) address encapsulated data packet, and by Packet Generation to internal switch.Alternatively, the first cloud main frame is further configured to: if do not receive the target MAC (Media Access Control) address of packet from arp response agency, then do not send packet.
Arp response agency is configured to when receiving the ARP broadcast from cloud main frame from internal switch, the object IP address of the packet in the ARP broadcast received is sent to management server, receive the target MAC (Media Access Control) address with the object IP addresses match of packet from management server, and send target MAC (Media Access Control) address by internal switch to the first cloud main frame.
Internal switch is configured to from the first cloud host receiving data bag, if from the MAC Address (same network segment situation) that the target MAC (Media Access Control) address of the packet of the first cloud main frame reception is not the first gateway of virtual router, whether the cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address possess communication authority and source MAC and target MAC (Media Access Control) address whether in same host to ask SDN controller to be determined for the source MAC then sending the packet received to SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address from SDN controller and possess communication authority and message not in same host of source MAC and target MAC (Media Access Control) address time, by Packet Generation to external switch (different host situation of same network segment, as shown in Figure 4 C).Alternatively, internal switch be further configured to when receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address from SDN controller and possess communication authority and message in same host of source MAC and target MAC (Media Access Control) address time, by Packet Generation to the second cloud main frame matched with target MAC (Media Access Control) address (same network segment chummage masters scenario, as shown in Figure 4 A).Alternatively, internal switch is further configured to when receiving the instruction cloud main frame corresponding with source MAC from SDN controller and the cloud main frame corresponding with target MAC (Media Access Control) address does not possess the message of communication authority, not forwarding data bag.Wherein, virtual router has the first gateway and the second gateway.
External switch is configured to when receiving packet from internal switch, by network tunnel by Packet Generation to another host.
Alternatively, internal switch is further configured to: if the target MAC (Media Access Control) address of packet that the first cloud main frame receives is the MAC Address (rete mirabile section) of the first gateway of virtual router, then directly by the first gateway, packet is transmitted to virtual router.
Virtual router is configured to receive packet by the first gateway from internal switch, the second gateway with the object IP addresses match of packet is found according to routing table, the target MAC (Media Access Control) address of packet is changed into the target MAC (Media Access Control) address corresponding with object IP address, the source MAC of packet is changed into the MAC Address of the second gateway, and pass through the second gateway by Packet Generation to internal switch.Alternatively, virtual router is further configured to: if do not find the second gateway with the object IP addresses match of packet according to routing table, then do not send packet.
Internal switch is further configured to and receives packet from virtual router, whether the cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address possess communication authority and source MAC and target MAC (Media Access Control) address whether in same host to ask SDN controller to be determined for the source MAC sending the packet received to SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address from SDN controller and possess communication authority and message not in same host of source MAC and target MAC (Media Access Control) address time, by Packet Generation to external switch (different host situation of rete mirabile section, as shown in Figure 4 D).Alternatively, internal switch be further configured to when receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address from SDN controller and possess communication authority and message in same host of source MAC and target MAC (Media Access Control) address time, by Packet Generation to the second cloud main frame matched with target MAC (Media Access Control) address (rete mirabile section chummage masters scenario, as shown in Figure 4 B).Alternatively, internal switch is further configured to: when receiving the instruction cloud main frame corresponding with source MAC from SDN controller and the cloud main frame corresponding with target MAC (Media Access Control) address does not possess the message of communication authority, not forwarding data bag.Alternatively, internal switch is further configured to: abandon instruction if do not receive to indicate the forwarding instruction of source MAC and target MAC (Media Access Control) address or receive message from SDN controller after receiving packet from virtual router, then do not send packet.
In the present embodiment, virtual router is set up by Linux NameSpace mechanism.Firewall protection and/or nat feature is achieved in virtual router.
When receiving packet by host 2, external switch is configured to receive packet by network tunnel, and packet is transmitted to internal switch;
Internal switch is configured to send the source MAC address of the packet received and target MAC (Media Access Control) address and source internet protocol IP address and object IP address to ask in SDN controller determination internal switch for sending the port of packet to software defined network SDN controller, receive for sending the message of the port of packet in instruction internal switch from SDN controller, and by port by Packet Generation to the recipient's cloud main frame matched with target MAC (Media Access Control) address; And
Recipient's cloud main frame is configured to receive packet by port from internal switch.
The method of the host 1 routing data bag in cloud platform architecture is described below with reference to Fig. 3 and Fig. 4.
When sending packet by host 1, if the first cloud main frame at least one cloud main frame does not have the target MAC (Media Access Control) address of packet, then the first cloud main frame sends ARP broadcast by internal switch to arp response agency, arp response agency is when receiving the ARP broadcast from cloud main frame from internal switch, the object IP address of the packet in the ARP broadcast received is sent to management server, receive the target MAC (Media Access Control) address with the object IP addresses match of packet from management server, and send target MAC (Media Access Control) address by internal switch to the first cloud main frame, first cloud main frame receives the target MAC (Media Access Control) address with the IP addresses match of packet by internal switch from arp response agency, by the target MAC (Media Access Control) address encapsulated data packet received, and by Packet Generation to internal switch, internal switch is from the first cloud host receiving data bag, if from the MAC Address that the target MAC (Media Access Control) address of the packet of the first cloud main frame reception is not the first gateway of virtual router, whether the cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address possess communication authority and source MAC and target MAC (Media Access Control) address whether in same host to ask SDN controller to be determined for the source MAC then sending the packet received to SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address from SDN controller and possess communication authority and message not in same host of source MAC and target MAC (Media Access Control) address time, by Packet Generation to external switch, and external switch receives packet from internal switch, and by network tunnel by Packet Generation to another host.
If the first cloud main frame does not receive the target MAC (Media Access Control) address of packet from arp response agency, then the first cloud main frame does not send packet.
If the target MAC (Media Access Control) address of the packet that internal switch receives from the first cloud main frame is the MAC Address of the first gateway of virtual router, then directly by the first gateway, packet is transmitted to virtual router, virtual router receives packet by the first gateway from internal switch, the second gateway with the object IP addresses match of packet is found according to routing table, the target MAC (Media Access Control) address of packet is changed into the target MAC (Media Access Control) address corresponding with object IP address, the source MAC of packet is changed into the MAC Address of the second gateway, and pass through the second gateway by Packet Generation to internal switch, internal switch receives packet from virtual router, whether the cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address possess communication authority and source MAC and target MAC (Media Access Control) address whether in same host to ask SDN controller to be determined for the source MAC sending the packet received to SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address from SDN controller and possess communication authority and message not in same host of source MAC and target MAC (Media Access Control) address time, by Packet Generation to external switch, and external switch receives packet from internal switch, and by network tunnel by Packet Generation to another host.
If virtual router does not find the second gateway with the object IP addresses match of packet according to routing table, then virtual router does not send packet.
If internal switch does not receive to indicate the forwarding instruction of source MAC and target MAC (Media Access Control) address or receive message from SDN controller after receiving packet from virtual router abandon instruction, then internal switch does not send packet.
When internal switch from SDN controller receive the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address possess communication authority and message in same host of source MAC and object MAC time, according to target MAC (Media Access Control) address by Packet Generation to the second cloud main frame matched with target MAC (Media Access Control) address.
When internal switch from SDN controller receive instruction the cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address do not possess the message of communication authority time, not forwarding data bag.
In the present embodiment, virtual router is set up by Linux NameSpace mechanism.Firewall protection and/or nat feature is achieved in virtual router.
When receiving packet by host 2, at external switch, place receives packet by network tunnel, and packet is transmitted to internal switch;
The source MAC address of the packet received and target MAC (Media Access Control) address and source internet protocol IP address and object IP address is sent to software defined network SDN controller to ask in SDN controller determination internal switch for sending the port of packet at internal switch place, receive for sending the message of the port of packet in instruction internal switch from SDN controller, and by port by Packet Generation to the recipient's cloud main frame matched with target MAC (Media Access Control) address; And
Recipient's cloud main frame receives packet by port from internal switch.
Turn to Fig. 2, describe cloud platform architecture in detail with reference to Fig. 2.Except the structure above with reference to the host described in Fig. 3 and 4, in cloud platform architecture, management server is configured to receive ARP broadcast from arp response agency, act on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of packet according to ARP broadcast and arp response, and target MAC (Media Access Control) address is sent to arp response agency; And SDN controller be configured to from internal switch receive to determine the cloud main frame corresponding with source MAC and and the corresponding cloud main frame of target MAC (Media Access Control) address whether possess the request whether in same host of communication authority and source MAC and target MAC (Media Access Control) address, and internally switch sends the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address and whether possesses communication authority and source MAC and the target MAC (Media Access Control) address message whether in same host.
Below, the method in cloud platform architecture is described in detail with reference to Fig. 2.Except the method above with reference to the host routing data bag described in Fig. 3 and Fig. 4, also comprise in the method for cloud platform architecture routing data bag: management server receives ARP broadcast from arp response agency, act on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of packet according to ARP broadcast and arp response, and target MAC (Media Access Control) address is sent to arp response agency; And SDN controller from internal switch receive to determine the cloud main frame corresponding with source MAC and and the corresponding cloud main frame of target MAC (Media Access Control) address whether possess the request whether in same host of communication authority and source MAC and target MAC (Media Access Control) address, and internally switch sends the instruction cloud main frame corresponding with source MAC and the cloud main frame corresponding with target MAC (Media Access Control) address and whether possesses communication authority and source MAC and the target MAC (Media Access Control) address message whether in same host.
The present invention has the following advantages: promote the utilance to cheap x86 resource by NFV and SDN; Reduce the direct dependence to machine room physical network facility, be convenient to the flexible control of network data; By logical subnetwork and SDN, low cost realizes the access isolation between tenant's cloud main frame; By distributed virtual router, the communication between Dynamic controlling same tenant's cloud main frame, and the safety guarantee of strengthening to each cloud main frame; And effectively reduce machine room Web broadcast by arp response agency, reduce the possibility of detection mutually between the risk of broadcast storm and tenant.
Above detailed description, by using schematic diagram, flow chart and/or example, has set forth numerous embodiments of inspection method and system.When this schematic diagram, flow chart and/or example comprise one or more function and/or operation, it will be understood by those skilled in the art that each function in this schematic diagram, flow chart or example and/or operation can by various structure, hardware, software, firmware or in fact their combination in any come to realize separately and/or jointly.In one embodiment, some parts of theme described in embodiments of the invention can be realized by application-specific integrated circuit (ASIC) (ASIC), field programmable gate array (FPGA), digital signal processor (DSP) or other integrated forms.But, those skilled in the art will recognize that, some aspects of embodiment disclosed herein can realize in integrated circuits on the whole or partly equally, be embodied as one or more computer programs of running on one or more computer (such as, be embodied as the one or more programs run in one or more computer system), be embodied as one or more programs of running on the one or more processors (such as, be embodied as the one or more programs run on one or more microprocessor), be embodied as firmware, or be embodied as in fact the combination in any of aforesaid way, and those skilled in the art are according to the disclosure, the ability of design circuit and/or write software and/or firmware code will be possessed.In addition, those skilled in the art will recognize that, the mechanism of theme described in the disclosure can be distributed as the program product of various ways, and regardless of the actual particular type of signal bearing medium being used for performing distribution, the exemplary embodiment of theme described in the disclosure is all applicable.The example of signal bearing medium includes but not limited to: recordable-type media, as floppy disk, hard disk drive, compact-disc (CD), digital universal disc (DVD), digital magnetic tape, computer storage etc.; And transmission type media, as numeral and/or analog communication medium (such as, optical fiber cable, waveguide, wired communications links, wireless communication link etc.).
Although exemplary embodiment describe the present invention with reference to several, should be appreciated that term used illustrates and exemplary and nonrestrictive term.Spirit or the essence of invention is not departed from because the present invention can specifically implement in a variety of forms, so be to be understood that, above-described embodiment is not limited to any aforesaid details, and explain widely in the spirit and scope that should limit in claim of enclosing, therefore fall into whole change in claim or its equivalent scope and remodeling and all should be claim of enclosing and contained.
Claims (24)
1. the host in cloud platform architecture, comprising:
At least one cloud main frame, be configured to: if described cloud main frame does not have the object MAC address of packet, then described cloud main frame sends ARP broadcast by internal switch to ARP response agent, receive from described arp response agency the target MAC (Media Access Control) address matched with the object internet protocol address of packet by described internal switch, described packet is encapsulated with received target MAC (Media Access Control) address, and by described Packet Generation to described internal switch;
Described arp response agency, be configured to when receiving the ARP broadcast from cloud main frame from internal switch, the object IP address of the packet in the ARP broadcast received is sent to management server, receive the target MAC (Media Access Control) address with the object IP addresses match of packet from described management server, and send described target MAC (Media Access Control) address by described internal switch to described cloud main frame;
Described internal switch, be configured to from described cloud host receiving data bag, if from the MAC Address that the target MAC (Media Access Control) address of the packet of described cloud main frame reception is not the first gateway of virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC then sending the packet received to software defined network SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to external switch,
Virtual router, has the first gateway and the second gateway; And
Described external switch, is configured to when receiving packet from described internal switch, by network tunnel by described Packet Generation to another host.
2. host according to claim 1, wherein, described cloud main frame is further configured to: if do not receive the target MAC (Media Access Control) address of described packet from described arp response agency, then do not send packet.
3. host according to claim 1, wherein, described internal switch is further configured to: if the target MAC (Media Access Control) address of the packet received from described cloud main frame is the MAC Address of the first gateway of described virtual router, then directly by the first gateway, described packet is transmitted to described virtual router;
Wherein, described virtual router is configured to: receive described packet by the first gateway from described internal switch, the second gateway with the object IP addresses match of described packet is found according to routing table, the target MAC (Media Access Control) address of described packet is changed into the target MAC (Media Access Control) address corresponding with described object IP address, the source MAC of described packet is changed into the MAC Address of described second gateway, and pass through described second gateway by described Packet Generation to described internal switch; And
Described internal switch is further configured to: receive described packet from described virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC sending the packet received to described SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to described external switch.
4. host according to claim 3, wherein, described virtual router is further configured to: if do not find the second gateway with the object IP addresses match of described packet according to routing table, then do not send described packet.
5. host according to claim 3, wherein, described internal switch is further configured to: abandon instruction if do not receive to indicate the forwarding instruction of described source MAC and described target MAC (Media Access Control) address or receive message from described SDN controller after receiving described packet from described virtual router, then do not send described packet.
6. host according to any one of claim 1 to 5, wherein, described internal switch is further configured to: when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to the second cloud main frame matched with described target MAC (Media Access Control) address.
7. host according to any one of claim 1 to 5, wherein, described internal switch is further configured to: when receiving the instruction cloud main frame corresponding with described source MAC from described SDN controller and the cloud main frame corresponding with described target MAC (Media Access Control) address does not possess the message of communication authority, do not forward described packet.
8. host according to any one of claim 1 to 5, wherein, described virtual router is set up by Linux NameSpace mechanism.
9. host according to any one of claim 1 to 5, wherein, achieves firewall protection in described virtual router.
10. host according to any one of claim 1 to 5, wherein, achieves network address translation nat feature in described virtual router.
11. 1 kinds, for the method for the host routing data bag in cloud platform architecture, comprising:
If at least one cloud main frame does not have the object MAC address of packet, then described cloud main frame sends ARP broadcast by internal switch to ARP response agent;
Described arp response agency is when receiving the ARP broadcast from cloud main frame from internal switch, the object IP address of the packet in the ARP broadcast received is sent to management server, receive the target MAC (Media Access Control) address matched with the object internet protocol address of packet from described management server, and send described target MAC (Media Access Control) address by described internal switch to described cloud main frame;
Described cloud main frame receives the target MAC (Media Access Control) address with the IP addresses match of packet by described internal switch from described arp response agency, encapsulates described packet with the target MAC (Media Access Control) address received, and by described Packet Generation to described internal switch;
Described internal switch receives described packet from described cloud main frame, if from the MAC Address that the target MAC (Media Access Control) address of the packet of described cloud main frame reception is not the first gateway of virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC then sending the packet received to software defined network SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to external switch, and
Described external switch receives described packet from described internal switch, and by network tunnel by described Packet Generation to another host.
12. methods according to claim 11, also comprise: if described cloud main frame does not receive the target MAC (Media Access Control) address of described packet from described arp response agency, then described cloud main frame does not send packet.
13. methods according to claim 11, also comprise:
If the target MAC (Media Access Control) address of the packet that described internal switch receives from described cloud main frame is the MAC Address of the first gateway of described virtual router, then directly by the first gateway, described packet is transmitted to described virtual router;
Described virtual router receives described packet by the first gateway from described internal switch, the second gateway with the object IP addresses match of described packet is found according to routing table, the target MAC (Media Access Control) address of described packet is changed into the target MAC (Media Access Control) address corresponding with described object IP address, the source MAC of described packet is changed into the MAC Address of described second gateway, and pass through described second gateway by described Packet Generation to described internal switch;
Described internal switch receives described packet from described virtual router, whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and described source MAC and described target MAC (Media Access Control) address whether in same host to ask described SDN controller to be determined for the source MAC sending the packet received to described SDN controller and target MAC (Media Access Control) address, when receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address from described SDN controller and possess communication authority and message not in same host of described source MAC and described target MAC (Media Access Control) address time, by described Packet Generation to external switch, and
Described external switch receives described packet from described internal switch, and by network tunnel by described Packet Generation to another host.
14. methods according to claim 13, also comprise: if described virtual router does not find the second gateway with the object IP addresses match of described packet according to routing table, then described virtual router does not send described packet.
15. methods according to claim 13, also comprise: if described internal switch does not receive to indicate the forwarding instruction of described source MAC and described target MAC (Media Access Control) address or receive message from described SDN controller after receiving described packet from described virtual router abandon instruction, then described internal switch does not send described packet.
16., according to claim 11 to the method according to any one of 15, also comprise:
When described internal switch from described SDN controller receive the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess communication authority and message in same host of described source MAC and described object MAC time, according to described target MAC (Media Access Control) address by described Packet Generation to the second cloud main frame matched with described target MAC (Media Access Control) address.
17., according to claim 11 to the method according to any one of 15, also comprise:
When described internal switch from described SDN controller receive instruction the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address do not possess the message of communication authority time, do not forward described packet.
18. according to claim 11 to the method according to any one of 15, and wherein, described virtual router is set up by Linux NameSpace mechanism.
19. according to claim 11 to the method according to any one of 15, wherein, in described virtual router, achieves firewall protection.
20. according to claim 11 to the method according to any one of 15, wherein, achieves network address translation nat feature in described virtual router.
Host in 21. 1 kinds of cloud platform architectures, comprising:
External switch, is configured to receive packet by network tunnel, and described packet is transmitted to internal switch;
Described internal switch, be configured to send the source MAC address of the packet received and target MAC (Media Access Control) address and source internet protocol IP address and object IP address to software defined network SDN controller determine in described internal switch for sending the port of described packet to ask described SDN controller, receive for sending the message of the port of described packet in the described internal switch of instruction from described SDN controller, and by described port by described Packet Generation to the recipient's cloud main frame matched with described target MAC (Media Access Control) address; And
Described recipient's cloud main frame, is configured to receive described packet by described port from described internal switch.
22. 1 kinds, for the method for the host routing data bag in cloud platform architecture, comprising:
At external switch, place receives packet by network tunnel, and described packet is transmitted to internal switch;
Send the source MAC address of the packet received and target MAC (Media Access Control) address and source internet protocol IP address and object IP address to determine in described internal switch for sending the port of described packet to software defined network SDN controller to ask described SDN controller at described internal switch place, receive for sending the message of the port of described packet in the described internal switch of instruction from described SDN controller, and by described port by described Packet Generation to the recipient's cloud main frame matched with described target MAC (Media Access Control) address; And
Described recipient's cloud main frame receives described packet by described port from described internal switch.
23. 1 kinds of cloud platform architectures, comprise multiple host, management server and software defined network SDN controller according to any one of claim 1 to 10 and 21, wherein,
Described management server is configured to receive ARP broadcast from described arp response agency, act on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of packet according to described ARP broadcast and described arp response, and described target MAC (Media Access Control) address is sent to described arp response agency; And
Described SDN controller is configured to receive determining whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess the request whether in same host of communication authority and described source MAC and described target MAC (Media Access Control) address from described internal switch, and sends the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address to described internal switch and whether possess communication authority and described source MAC and the described target MAC (Media Access Control) address message whether in same host.
Method in 24. 1 kinds of cloud platform architectures, comprises according to claim 11 to the method according to any one of 20 and 22, and comprises:
Described management server receives ARP broadcast from described arp response agency, act on behalf of the identifier lookup local pool of the host at place to obtain the target MAC (Media Access Control) address of packet according to described ARP broadcast and described arp response, and described target MAC (Media Access Control) address is sent to described arp response agency; And
Described SDN controller receives determining whether the cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address possess the request whether in same host of communication authority and described source MAC and described target MAC (Media Access Control) address from described internal switch, and sends the instruction cloud main frame corresponding with described source MAC and the cloud main frame corresponding with described target MAC (Media Access Control) address to described internal switch and whether possess communication authority and described source MAC and the described target MAC (Media Access Control) address message whether in same host.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510454198.5A CN105099779B (en) | 2015-07-29 | 2015-07-29 | Multi-tenant cloud platform framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510454198.5A CN105099779B (en) | 2015-07-29 | 2015-07-29 | Multi-tenant cloud platform framework |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105099779A true CN105099779A (en) | 2015-11-25 |
| CN105099779B CN105099779B (en) | 2018-10-12 |
Family
ID=54579395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510454198.5A Active CN105099779B (en) | 2015-07-29 | 2015-07-29 | Multi-tenant cloud platform framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105099779B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105515978A (en) * | 2016-01-08 | 2016-04-20 | 盛科网络(苏州)有限公司 | Method and device for realizing distributed routing and physical host access |
| CN105591820A (en) * | 2015-12-31 | 2016-05-18 | 北京轻元科技有限公司 | A highly scalable container network management system and method |
| CN105955885A (en) * | 2016-04-28 | 2016-09-21 | 中国农业银行股份有限公司 | Workflow automation test system and method |
| CN106059915A (en) * | 2016-07-20 | 2016-10-26 | 赛特斯信息科技股份有限公司 | System and method for implementing limitation of north-south traffic of tenants based on SDN controller |
| CN106375112A (en) * | 2016-08-25 | 2017-02-01 | 浪潮(北京)电子信息产业有限公司 | A dedicated software-defined networking system |
| CN106789667A (en) * | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
| CN106850434A (en) * | 2017-03-31 | 2017-06-13 | 联想(北京)有限公司 | A kind of transfer control method of VXLAN, system and processing equipment |
| CN107071045A (en) * | 2017-05-08 | 2017-08-18 | 深信服科技股份有限公司 | A kind of resource scheduling system based on multi-tenant |
| CN107948086A (en) * | 2016-10-12 | 2018-04-20 | 北京金山云网络技术有限公司 | A kind of data packet sending method, device and mixed cloud network system |
| CN108322391A (en) * | 2017-12-29 | 2018-07-24 | 中国银联股份有限公司 | Data transferring method based on flow table |
| CN108900637A (en) * | 2018-08-08 | 2018-11-27 | 北京百度网讯科技有限公司 | Method for transmitting information and device |
| CN108989110A (en) * | 2018-07-20 | 2018-12-11 | 浪潮电子信息产业股份有限公司 | Construction method of VPC network model and related equipment thereof |
| CN109347715A (en) * | 2018-07-17 | 2019-02-15 | 中国银联股份有限公司 | A method and system for private line network access for external tenants |
| CN109361764A (en) * | 2018-11-29 | 2019-02-19 | 杭州数梦工场科技有限公司 | The interior service access method across VPC, device, equipment and readable storage medium storing program for executing |
| CN109802985A (en) * | 2017-11-17 | 2019-05-24 | 北京金山云网络技术有限公司 | Data transmission method, device, equipment and read/write memory medium |
| CN110290174A (en) * | 2019-05-24 | 2019-09-27 | 华为技术有限公司 | A control method and a control node of a master-master cluster |
| CN110912797A (en) * | 2019-11-18 | 2020-03-24 | 新华三大数据技术有限公司 | Method and device for forwarding broadcast message |
| CN112134778A (en) * | 2020-09-25 | 2020-12-25 | 优刻得科技股份有限公司 | Dynamic routing method, system, device and medium in hybrid cloud scenario |
| CN113452806A (en) * | 2021-06-24 | 2021-09-28 | 上海道客网络科技有限公司 | Container adaptation SDN network management method and system based on Kubernetes system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120303835A1 (en) * | 2011-05-23 | 2012-11-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Implementing EPC in a Cloud Computer with Openflow Data Plane |
| CN103888369A (en) * | 2014-04-10 | 2014-06-25 | 何顺民 | Ethernet communication method and system and SDN exchanger |
| CN104205055A (en) * | 2012-03-29 | 2014-12-10 | 瑞典爱立信有限公司 | Realization of EPC in cloud computing through OPENFLOW data plane |
| CN104767676A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Data packet forwarding method and system in SDN network |
| CN104780088A (en) * | 2015-03-19 | 2015-07-15 | 杭州华三通信技术有限公司 | Service message transmission method and equipment |
-
2015
- 2015-07-29 CN CN201510454198.5A patent/CN105099779B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120303835A1 (en) * | 2011-05-23 | 2012-11-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Implementing EPC in a Cloud Computer with Openflow Data Plane |
| CN104205055A (en) * | 2012-03-29 | 2014-12-10 | 瑞典爱立信有限公司 | Realization of EPC in cloud computing through OPENFLOW data plane |
| CN104767676A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Data packet forwarding method and system in SDN network |
| CN103888369A (en) * | 2014-04-10 | 2014-06-25 | 何顺民 | Ethernet communication method and system and SDN exchanger |
| CN104780088A (en) * | 2015-03-19 | 2015-07-15 | 杭州华三通信技术有限公司 | Service message transmission method and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 周昭: "基于OpenFlow网络的数据流管控系统的设计与实现", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105591820A (en) * | 2015-12-31 | 2016-05-18 | 北京轻元科技有限公司 | A highly scalable container network management system and method |
| CN105591820B (en) * | 2015-12-31 | 2020-05-08 | 北京轻元科技有限公司 | A highly scalable container network management system and method |
| CN105515978A (en) * | 2016-01-08 | 2016-04-20 | 盛科网络(苏州)有限公司 | Method and device for realizing distributed routing and physical host access |
| CN105515978B (en) * | 2016-01-08 | 2018-11-02 | 盛科网络(苏州)有限公司 | Realize the method and device of distributed routing, physical host access |
| CN105955885B (en) * | 2016-04-28 | 2018-06-29 | 中国农业银行股份有限公司 | A kind of workflow automation tests system and method |
| CN105955885A (en) * | 2016-04-28 | 2016-09-21 | 中国农业银行股份有限公司 | Workflow automation test system and method |
| CN106059915A (en) * | 2016-07-20 | 2016-10-26 | 赛特斯信息科技股份有限公司 | System and method for implementing limitation of north-south traffic of tenants based on SDN controller |
| CN106375112A (en) * | 2016-08-25 | 2017-02-01 | 浪潮(北京)电子信息产业有限公司 | A dedicated software-defined networking system |
| CN107948086A (en) * | 2016-10-12 | 2018-04-20 | 北京金山云网络技术有限公司 | A kind of data packet sending method, device and mixed cloud network system |
| CN106789667B (en) * | 2016-11-21 | 2021-01-01 | 华为技术有限公司 | Data forwarding method, related equipment and system |
| CN106789667A (en) * | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
| CN106850434B (en) * | 2017-03-31 | 2020-08-25 | 联想(北京)有限公司 | VXLAN transmission control method, system and processing equipment |
| CN106850434A (en) * | 2017-03-31 | 2017-06-13 | 联想(北京)有限公司 | A kind of transfer control method of VXLAN, system and processing equipment |
| CN107071045A (en) * | 2017-05-08 | 2017-08-18 | 深信服科技股份有限公司 | A kind of resource scheduling system based on multi-tenant |
| CN109802985A (en) * | 2017-11-17 | 2019-05-24 | 北京金山云网络技术有限公司 | Data transmission method, device, equipment and read/write memory medium |
| CN108322391B (en) * | 2017-12-29 | 2020-08-25 | 中国银联股份有限公司 | Data transmission method based on flow table |
| CN108322391A (en) * | 2017-12-29 | 2018-07-24 | 中国银联股份有限公司 | Data transferring method based on flow table |
| WO2019128699A1 (en) * | 2017-12-29 | 2019-07-04 | 中国银联股份有限公司 | Flow table-based data transfer method |
| TWI759571B (en) * | 2017-12-29 | 2022-04-01 | 大陸商中國銀聯股份有限公司 | Data transfer method based on flow table |
| CN109347715B (en) * | 2018-07-17 | 2021-03-30 | 中国银联股份有限公司 | A method and system for private line network access for external tenants |
| CN109347715A (en) * | 2018-07-17 | 2019-02-15 | 中国银联股份有限公司 | A method and system for private line network access for external tenants |
| CN108989110A (en) * | 2018-07-20 | 2018-12-11 | 浪潮电子信息产业股份有限公司 | Construction method of VPC network model and related equipment thereof |
| CN108900637A (en) * | 2018-08-08 | 2018-11-27 | 北京百度网讯科技有限公司 | Method for transmitting information and device |
| CN109361764A (en) * | 2018-11-29 | 2019-02-19 | 杭州数梦工场科技有限公司 | The interior service access method across VPC, device, equipment and readable storage medium storing program for executing |
| CN109361764B (en) * | 2018-11-29 | 2021-02-05 | 杭州数梦工场科技有限公司 | Service access method, device and equipment of inter-VPC and readable storage medium |
| CN110290174B (en) * | 2019-05-24 | 2021-02-05 | 华为技术有限公司 | Control method and control node of main master cluster |
| CN110290174A (en) * | 2019-05-24 | 2019-09-27 | 华为技术有限公司 | A control method and a control node of a master-master cluster |
| US11729102B2 (en) | 2019-05-24 | 2023-08-15 | Huawei Cloud Computing Technologies Co., Ltd. | Active-active cluster control method and control node |
| CN110912797A (en) * | 2019-11-18 | 2020-03-24 | 新华三大数据技术有限公司 | Method and device for forwarding broadcast message |
| CN110912797B (en) * | 2019-11-18 | 2021-12-24 | 新华三大数据技术有限公司 | Method and device for forwarding broadcast message |
| CN112134778A (en) * | 2020-09-25 | 2020-12-25 | 优刻得科技股份有限公司 | Dynamic routing method, system, device and medium in hybrid cloud scenario |
| CN112134778B (en) * | 2020-09-25 | 2022-10-28 | 优刻得科技股份有限公司 | Dynamic routing method, system, device and medium in hybrid cloud scenario |
| CN113452806A (en) * | 2021-06-24 | 2021-09-28 | 上海道客网络科技有限公司 | Container adaptation SDN network management method and system based on Kubernetes system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105099779B (en) | 2018-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105099779A (en) | Multi-tenant cloud platform architecture | |
| US11863625B2 (en) | Routing messages between cloud service providers | |
| US20230074913A1 (en) | Managing Virtual Networks of Virtual Machines Using Telecommunications Infrastructure Systems | |
| US11190375B2 (en) | Data packet processing method, host, and system | |
| US10911528B2 (en) | Managing replication of computing nodes for provided computer networks | |
| CN106487695B (en) | A kind of data transmission method, virtual network managing device and data transmission system | |
| US10659358B2 (en) | Method and apparatus for advanced statistics collection | |
| US10516590B2 (en) | External health checking of virtual private cloud network environments | |
| CN107135134B (en) | Private network access method and system based on virtual switch and SDN technology | |
| US8396946B1 (en) | Managing integration of external nodes into provided computer networks | |
| US9736016B2 (en) | Managing failure behavior for computing nodes of provided computer networks | |
| WO2015149253A1 (en) | Data center system and virtual network management method of data center | |
| CN105519080A (en) | Method and apparatus for exchanging IP packets among network layer 2 peers | |
| US10771309B1 (en) | Border gateway protocol routing configuration | |
| WO2017032300A1 (en) | Data transmission method, virtual network management apparatus, and data transmission system | |
| US10237235B1 (en) | System for network address translation | |
| CN103581324A (en) | Cloud computing resource pool system and implement method thereof | |
| US11005745B2 (en) | Network configuration failure diagnosis in software-defined networking (SDN) environments | |
| US10938632B2 (en) | Query failure diagnosis in software-defined networking (SDN) environments | |
| KR102763960B1 (en) | Method for setting virtual network based on user-defined | |
| CN116648892A (en) | Layer 2 Networking Storm Control in Virtualized Cloud Environments | |
| CN116711270A (en) | Layer 2networking information in virtualized cloud environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191125 Address after: 100176 room 222, 2f, building C, No. 18, Kechuang 11th Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing Patentee after: Beijing Jingdong three hundred and sixty degree e-commerce Co., Ltd. Address before: 100080 floor 1-4, west section 1-4, east section 11C, west area, Xishan Creative Park, No. 65, xingshikou Road, Haidian District, Beijing Co-patentee before: Beijing Jingdong Century Commerce Co., Ltd. Patentee before: Beijing Jingdong Shangke Information Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |