CN118784565A - A communication method and device between cloud platform virtual private networks - Google Patents
A communication method and device between cloud platform virtual private networks Download PDFInfo
- Publication number
- CN118784565A CN118784565A CN202410926758.1A CN202410926758A CN118784565A CN 118784565 A CN118784565 A CN 118784565A CN 202410926758 A CN202410926758 A CN 202410926758A CN 118784565 A CN118784565 A CN 118784565A
- Authority
- CN
- China
- Prior art keywords
- cloud platform
- target cloud
- virtual private
- network
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 71
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000005538 encapsulation Methods 0.000 claims abstract description 68
- 230000003068 static effect Effects 0.000 claims abstract description 64
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 7
- 238000005129 volume perturbation calorimetry Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 6
- 238000002955 isolation Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 238000013507 mapping Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 1
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 1
- RJKFOVLPORLFTN-LEKSSAKUSA-N Progesterone Chemical compound C1CC2=CC(=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H](C(=O)C)[C@@]1(C)CC2 RJKFOVLPORLFTN-LEKSSAKUSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/76—Routing in software-defined topologies, e.g. routing between virtual machines
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明提供一种云平台虚拟私有网络间的通信方法及装置,可以提升不同虚拟私有网络之间的连通便捷度。云平台虚拟私有网络间的通信方法包括:将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关;配置同一虚拟路由网关中的多个虚拟私有网络的静态路由,以实现同一云平台间多个虚拟私有网络的通信;基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,以连接第一目标云平台和第二目标云平台;所述第一目标云平台和所述第二目标云平台连通后,所述第一目标云平台的虚拟私有网络和所述第二目标云平台的虚拟私有网络通过通用路由封装隧道进行通信。
The present invention provides a method and device for communicating between virtual private networks of a cloud platform, which can improve the convenience of connectivity between different virtual private networks. The method for communicating between virtual private networks of a cloud platform includes: binding network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway; configuring static routes of multiple virtual private networks in the same virtual routing gateway to achieve communication between multiple virtual private networks on the same cloud platform; establishing a general routing encapsulation tunnel between virtual routing gateways of a first target cloud platform and a second target cloud platform based on an elastic public network IP address and a general routing encapsulation tunnel protocol to connect the first target cloud platform and the second target cloud platform; after the first target cloud platform and the second target cloud platform are connected, the virtual private network of the first target cloud platform and the virtual private network of the second target cloud platform communicate through the general routing encapsulation tunnel.
Description
技术领域Technical Field
本发明涉及互联网云网络技术领域,特别涉及一种云平台虚拟私有网络间的通信。The present invention relates to the field of Internet cloud network technology, and in particular to communication between virtual private networks on a cloud platform.
背景技术Background Art
在云环境中,虚拟私有网络(Virtual Private Cloud,VPC)作为一种重要的隔离和安全机制,被广泛用于构建专有的虚拟网络环境,以模拟物理隔离的网络效果。然而,在实际应用时,当前的云平台网络技术中提供的虚拟私有网络是互相隔离的,不同虚拟私有网络中的虚拟机之间是无法直接使用内网地址进行通信的。使用对等连接方案,需要在不同虚拟私有网络间创建对等连接,当虚拟私有网络数量增加时,对等连接的数量也会成倍增加。另外,不同的云平台之间的虚拟私有网络,是无法进行虚拟私有网络分配的内网地址进行通信的。In cloud environments, virtual private networks (VPCs) are widely used as an important isolation and security mechanism to build proprietary virtual network environments to simulate the network effects of physical isolation. However, in actual applications, the virtual private networks provided by current cloud platform network technologies are isolated from each other, and virtual machines in different virtual private networks cannot directly communicate using intranet addresses. When using a peer-to-peer connection solution, it is necessary to create peer-to-peer connections between different virtual private networks. When the number of virtual private networks increases, the number of peer-to-peer connections will also increase exponentially. In addition, virtual private networks between different cloud platforms cannot communicate using intranet addresses allocated by virtual private networks.
发明内容Summary of the invention
为了解决上述技术问题,提出了本发明。本发明的实施例提供了一种云平台虚拟私有网络间的通信方法及装置,可以提升不同虚拟私有网络之间的连通便捷度。In order to solve the above technical problems, the present invention is proposed. The embodiments of the present invention provide a method and device for communication between virtual private networks on a cloud platform, which can improve the convenience of connectivity between different virtual private networks.
根据本发明的一个方面,提供了一种云平台虚拟私有网络间的通信方法,包括:将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关;配置同一虚拟路由网关中的多个虚拟私有网络的静态路由,以实现同一云平台间多个虚拟私有网络的通信;基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,以连接第一目标云平台和第二目标云平台;其中,所述第一目标云平台和所述第二目标云平台均包括至少一个虚拟私有网络;所述第一目标云平台和所述第二目标云平台连通后,所述第一目标云平台的虚拟私有网络和所述第二目标云平台的虚拟私有网络通过通用路由封装隧道进行通信。According to one aspect of the present invention, a method for communication between virtual private networks of a cloud platform is provided, comprising: binding network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway; configuring static routes of multiple virtual private networks in the same virtual routing gateway to realize communication between multiple virtual private networks in the same cloud platform; establishing a general routing encapsulation tunnel between virtual routing gateways of a first target cloud platform and a second target cloud platform based on an elastic public network IP address and a general routing encapsulation tunnel protocol to connect the first target cloud platform and the second target cloud platform; wherein the first target cloud platform and the second target cloud platform each include at least one virtual private network; after the first target cloud platform and the second target cloud platform are connected, the virtual private network of the first target cloud platform and the virtual private network of the second target cloud platform communicate through the general routing encapsulation tunnel.
在一实施例中,在将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关之前,云平台虚拟私有网络间的通信方法包括:创建一个虚拟路由网关;其中,所述虚拟路由网关用于进行多个虚拟私有网络之间的流量路由管理;其中,将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关,包括:在目标虚拟私有网络中建立一个非业务网段的子网;所述目标虚拟私有网络为多个虚拟私有网络中的任意一个虚拟私有网络;在非业务网段的子网中,创建一个网卡实例,并且将所述网卡实例绑定在虚拟路由网关上。In one embodiment, before binding network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway, a communication method between virtual private networks of a cloud platform includes: creating a virtual routing gateway; wherein the virtual routing gateway is used to perform traffic routing management between multiple virtual private networks; wherein binding network cards of non-business network segments of multiple virtual private networks to the virtual routing gateway includes: establishing a subnet of a non-business network segment in a target virtual private network; the target virtual private network is any one of the multiple virtual private networks; in the subnet of the non-business network segment, creating a network card instance, and binding the network card instance to the virtual routing gateway.
在一实施例中,当将第一虚拟私有网络和第二虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关后,配置同一虚拟路由网关中的多个虚拟私有网络的静态路由,包括:在第一虚拟私有网络的虚拟路由器中,配置静态路由,目的网段为第二虚拟私有网络的连通网段,下一跳为第一虚拟私有网络的非业务网段网卡;在第二虚拟私有网络的虚拟路由器中,配置静态路由,目的网段为第一虚拟私有网络的连通网段,下一跳为第二虚拟私有网络的非业务网段网卡;其中,所述第一虚拟私有网络和所述第二虚拟私有网络为同一云平台中任意两个存在通信需求的虚拟私有网络。In one embodiment, after the network cards of the non-business network segments of the first virtual private network and the second virtual private network are bound to the virtual routing gateway, static routes of multiple virtual private networks in the same virtual routing gateway are configured, including: in the virtual router of the first virtual private network, static routes are configured, the destination network segment is the connected network segment of the second virtual private network, and the next hop is the non-business network segment network card of the first virtual private network; in the virtual router of the second virtual private network, static routes are configured, the destination network segment is the connected network segment of the first virtual private network, and the next hop is the non-business network segment network card of the second virtual private network; wherein, the first virtual private network and the second virtual private network are any two virtual private networks in the same cloud platform that have communication needs.
在一实施例中,在基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道之前,云平台虚拟私有网络间的通信方法包括:在第一目标云平台和第二目标云平台上分别创建非用户的虚拟私有网络;在第一目标云平台和第二目标云平台上的非用户的虚拟私有网络中分别创建网卡实例;将所述网卡实例分别关联到对应的第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关上。In one embodiment, before establishing a general routing encapsulation tunnel between virtual routing gateways of a first target cloud platform and a second target cloud platform based on an elastic public IP address and a general routing encapsulation tunnel protocol, a communication method between cloud platform virtual private networks includes: creating non-user virtual private networks on the first target cloud platform and the second target cloud platform, respectively; creating network card instances in the non-user virtual private networks on the first target cloud platform and the second target cloud platform, respectively; and associating the network card instances to the corresponding virtual routing gateways of the first target cloud platform and the second target cloud platform, respectively.
在一实施例中,在将所述网卡实例分别关联到对应的第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关上之后,云平台虚拟私有网络间的通信方法还包括:分别为第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关申请弹性公网IP地址;其中,基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,包括:将第一目标云平台的弹性公网IP地址与第一目标云平台的网卡实例关联,作为通用路由封装隧道的第一端点;将第二目标云平台的弹性公网IP地址与第二目标云平台的网卡实例关联,作为通用路由封装隧道的第二端点。In one embodiment, after the network card instance is respectively associated with the corresponding virtual routing gateway of the first target cloud platform and the virtual routing gateway of the second target cloud platform, the communication method between cloud platform virtual private networks also includes: applying for elastic public IP addresses for the virtual routing gateway of the first target cloud platform and the virtual routing gateway of the second target cloud platform respectively; wherein, based on the elastic public IP address and the universal routing encapsulation tunnel protocol, a universal routing encapsulation tunnel is established between the virtual routing gateways of the first target cloud platform and the second target cloud platform, including: associating the elastic public IP address of the first target cloud platform with the network card instance of the first target cloud platform as the first endpoint of the universal routing encapsulation tunnel; associating the elastic public IP address of the second target cloud platform with the network card instance of the second target cloud platform as the second endpoint of the universal routing encapsulation tunnel.
在一实施例中,基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,还包括:基于预设系统命令,在第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关中分别加载通用路由封装的内核组件;其中,所述内核组件用于进行后续的通用路由封装隧道创建配置;基于预设指令,在第一目标云平台的虚拟路由网关创建第一隧道端口设备,以及在第二目标云平台的虚拟路由网关创建第二隧道端口设备;将所述第一隧道端口设备和所述第二隧道端口设备映射为一条通用路由封装隧道。In one embodiment, based on an elastic public network IP address and a universal routing encapsulation tunnel protocol, a universal routing encapsulation tunnel is established between virtual routing gateways of a first target cloud platform and a second target cloud platform, and further includes: based on a preset system command, loading a kernel component of the universal routing encapsulation in the virtual routing gateway of the first target cloud platform and the virtual routing gateway of the second target cloud platform respectively; wherein the kernel component is used for performing subsequent universal routing encapsulation tunnel creation configuration; based on preset instructions, creating a first tunnel port device in the virtual routing gateway of the first target cloud platform, and creating a second tunnel port device in the virtual routing gateway of the second target cloud platform; mapping the first tunnel port device and the second tunnel port device into a universal routing encapsulation tunnel.
在一实施例中,将所述第一隧道端口设备和所述第二隧道端口设备映射为一条通用路由封装隧道,包括:在第一目标云平台的虚拟路由网关中配置静态路由,目的地址是第二目标云平台的网段,下一跳指向第一目标云平台的第一隧道端口设备;以及在第二目标云平台的虚拟路由网关中配置静态路由,目的地址是第一目标云平台的网段,下一跳指向第二目标云平台的第二隧道端口设备。In one embodiment, the first tunnel port device and the second tunnel port device are mapped into a general routing encapsulation tunnel, including: configuring a static route in the virtual routing gateway of the first target cloud platform, the destination address is the network segment of the second target cloud platform, and the next hop points to the first tunnel port device of the first target cloud platform; and configuring a static route in the virtual routing gateway of the second target cloud platform, the destination address is the network segment of the first target cloud platform, and the next hop points to the second tunnel port device of the second target cloud platform.
在一实施例中,基于预设指令,在第一目标云平台的虚拟路由网关创建第一隧道端口设备,以及在第二目标云平台的虚拟路由网关创建第二隧道端口设备,包括:将第一目标云平台的弹性公网IP地址配置到第一隧道端口设备上;将第二目标云平台的弹性公网IP地址配置到第二隧道端口设备上;其中,所述第一目标云平台的弹性公网IP地址与所述第二目标云平台的弹性公网IP地址对称。In one embodiment, based on preset instructions, a first tunnel port device is created in the virtual routing gateway of the first target cloud platform, and a second tunnel port device is created in the virtual routing gateway of the second target cloud platform, including: configuring the elastic public IP address of the first target cloud platform to the first tunnel port device; configuring the elastic public IP address of the second target cloud platform to the second tunnel port device; wherein the elastic public IP address of the first target cloud platform is symmetrical with the elastic public IP address of the second target cloud platform.
在一实施例中,所述静态路由根据需求添加,所述静态路由包括目的网段、下一跳地址和目的网卡设备名;其中,在设置所述静态路由时,检查所述静态路由间是否存在地址冲突;当所述静态路由间存在地址冲突时,发出冲突提示。In one embodiment, the static route is added according to demand, and the static route includes a destination network segment, a next hop address, and a destination network card device name; wherein, when setting the static route, it is checked whether there is an address conflict between the static routes; when there is an address conflict between the static routes, a conflict prompt is issued.
根据本发明的另一个方面,提供了一种云平台虚拟私有网络间的通信装置,包括:绑定模块,将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关;配置模块,配置同一虚拟路由网关中的多个虚拟私有网络的静态路由,以实现同一云平台间多个虚拟私有网络的通信;建立模块,基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,以连接第一目标云平台和第二目标云平台;其中,所述第一目标云平台和所述第二目标云平台均包括至少一个虚拟私有网络;通信模块,所述第一目标云平台和所述第二目标云平台连通后,所述第一目标云平台的虚拟私有网络和所述第二目标云平台的虚拟私有网络通过通用路由封装隧道进行通信。According to another aspect of the present invention, a communication device between virtual private networks of cloud platforms is provided, comprising: a binding module, which binds network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway; a configuration module, which configures static routes of multiple virtual private networks in the same virtual routing gateway to achieve communication between multiple virtual private networks in the same cloud platform; an establishment module, which establishes a general routing encapsulation tunnel between virtual routing gateways of a first target cloud platform and a second target cloud platform based on an elastic public network IP address and a general routing encapsulation tunnel protocol to connect the first target cloud platform and the second target cloud platform; wherein the first target cloud platform and the second target cloud platform each include at least one virtual private network; a communication module, after the first target cloud platform and the second target cloud platform are connected, the virtual private network of the first target cloud platform and the virtual private network of the second target cloud platform communicate through the general routing encapsulation tunnel.
本发明提供的云平台虚拟私有网络间的通信方法及装置,相比于对等连接需要对每一对虚拟私有网络进行配置,使用虚拟路由网关的虚拟私有网络间通信只需要对每个对等连接进行一次连接配置,多个云平台间的虚拟私有网络通信,可以使用一条隧道,相比每对多云虚拟私有网络都需要一个跨区域对等连接,更加节省公网IP地址资源并且配置更为简单。The communication method and device between virtual private networks of cloud platforms provided by the present invention, compared with the peer-to-peer connection which requires configuration of each pair of virtual private networks, the communication between virtual private networks using a virtual routing gateway only requires one connection configuration for each peer connection, and the virtual private network communication between multiple cloud platforms can use one tunnel. Compared with each pair of multi-cloud virtual private networks which requires a cross-regional peer-to-peer connection, it saves more public network IP address resources and is simpler to configure.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
通过结合附图对本发明实施例进行更详细的描述,本发明的上述以及其他目的、特征和优势将变得更加明显。附图用来提供对本发明实施例的进一步理解,并且构成说明书的一部分,与本发明实施例一起用于解释本发明,并不构成对本发明的限制。在附图中,相同的参考标号通常代表相同部件或步骤。The above and other purposes, features and advantages of the present invention will become more apparent by describing the embodiments of the present invention in more detail in conjunction with the accompanying drawings. The accompanying drawings are used to provide a further understanding of the embodiments of the present invention and constitute a part of the specification. Together with the embodiments of the present invention, they are used to explain the present invention and do not constitute a limitation of the present invention. In the accompanying drawings, the same reference numerals generally represent the same components or steps.
图1是本发明一示例性实施例提供的云平台虚拟私有网络间的通信方法的流程示意图。FIG1 is a flow chart of a method for communicating between virtual private networks on a cloud platform provided by an exemplary embodiment of the present invention.
图2是本发明一示例性实施例提供的云平台虚拟私有网络间的通信装置的结构示意图。FIG2 is a schematic diagram of the structure of a communication device between cloud platform virtual private networks provided by an exemplary embodiment of the present invention.
具体实施方式DETAILED DESCRIPTION
下面,将参考附图详细地描述根据本发明的示例实施例。显然,所描述的实施例仅仅是本发明的一部分实施例,而不是本发明的全部实施例,应理解,本发明不受这里描述的示例实施例的限制。Below, the exemplary embodiments according to the present invention will be described in detail with reference to the accompanying drawings. Obviously, the described embodiments are only part of the embodiments of the present invention, rather than all the embodiments of the present invention, and it should be understood that the present invention is not limited to the exemplary embodiments described here.
在云环境中,虚拟私有网络(Virtual Private Cloud,VPC)作为一种重要的隔离和安全机制,被广泛用于构建专有的虚拟网络环境,以模拟物理隔离的网络效果。VPC允许用户自定义网络拓扑、路由策略和安全规则,从而实现资源之间的隔离和安全访问。然而,在复杂的多云环境下,不同的VPC可能由于规划不当或业务需求变化,导致私网地址段重叠,进而无法直接进行通信,成为制约云资源高效利用和安全通信的瓶颈。In cloud environments, Virtual Private Cloud (VPC) is an important isolation and security mechanism that is widely used to build a dedicated virtual network environment to simulate the network effect of physical isolation. VPC allows users to customize network topology, routing policies, and security rules to achieve isolation and secure access between resources. However, in a complex multi-cloud environment, different VPCs may overlap private network address segments due to improper planning or changes in business needs, and thus cannot communicate directly, becoming a bottleneck that restricts the efficient use of cloud resources and secure communication.
在现有的云平台上,当两个VPC的私网地址段重叠时,由于路由的冲突和限制,这两个VPC之间的通信将被阻断。这不仅限制了云资源的灵活配置,也影响了业务的连续性和可扩展性,因此,为了解决这一问题,本申请提供一种云平台虚拟私有网络间的通信方法及装置,使用虚拟路由网关,绑定多个虚拟私有网络的非业务网段的网卡,通过与管理网通信,自动配置多个虚拟私有网络的静态路由,实现内网地址通信的目的,并且依赖云平台的弹性公网IP资源以及GRE隧道协议,实现多云平台虚拟私有网络间的内网IP地址通信,完成打通不同区域的虚拟私有网络(VPC),实现内网地址通信。因此,多云间的虚拟私有网络通信,可以使用一条隧道,相比每对多云虚拟私有网络都需要一个跨区域对等连接,节省了多个弹性公网IP。On the existing cloud platform, when the private network address segments of two VPCs overlap, the communication between the two VPCs will be blocked due to routing conflicts and restrictions. This not only limits the flexible configuration of cloud resources, but also affects the continuity and scalability of the business. Therefore, in order to solve this problem, the present application provides a method and device for communication between virtual private networks on a cloud platform, using a virtual routing gateway to bind network cards of non-business network segments of multiple virtual private networks, and automatically configure static routes of multiple virtual private networks by communicating with the management network to achieve the purpose of intranet address communication, and rely on the elastic public IP resources of the cloud platform and the GRE tunnel protocol to achieve intranet IP address communication between virtual private networks of multiple cloud platforms, complete the connection of virtual private networks (VPC) in different regions, and achieve intranet address communication. Therefore, virtual private network communication between multiple clouds can use one tunnel, which saves multiple elastic public IPs compared to each pair of multi-cloud virtual private networks that require a cross-region peer connection.
图1是本发明一示例性实施例提供的云平台虚拟私有网络间的通信方法的流程示意图,如图1所示,云平台虚拟私有网络间的通信方法包括:FIG. 1 is a flow chart of a method for communicating between virtual private networks on a cloud platform provided by an exemplary embodiment of the present invention. As shown in FIG. 1 , the method for communicating between virtual private networks on a cloud platform includes:
S100:将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关。S100: Bind network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway.
将用户的虚拟私有网络加入虚拟路由网关,云平台内多虚拟私有网络间的内网IP地址通信方案中涉及到两类资源,用户的虚拟私有网络和虚拟路由网关。当用户将虚拟私有网络加入到虚拟路由网关,并提供可以与其他虚拟私有网络通信的本端网段后,其他加入到该虚拟路由网关的虚拟私有网络网段地址,就可以与该用户的虚拟私有网络网段地址通信。因此,将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关,可实现通过虚拟路由网关进行多虚拟私有网络互通的目的,且占用资源较少。Add the user's virtual private network to the virtual routing gateway. The intranet IP address communication solution between multiple virtual private networks in the cloud platform involves two types of resources, the user's virtual private network and the virtual routing gateway. When the user adds the virtual private network to the virtual routing gateway and provides a local network segment that can communicate with other virtual private networks, the network segment addresses of other virtual private networks added to the virtual routing gateway can communicate with the network segment address of the user's virtual private network. Therefore, binding the network cards of the non-business network segments of multiple virtual private networks to the virtual routing gateway can achieve the purpose of intercommunication between multiple virtual private networks through the virtual routing gateway, and occupy less resources.
S200:配置同一虚拟路由网关中的多个虚拟私有网络的静态路由,以实现同一云平台间多个虚拟私有网络的通信。S200: Configure static routes of multiple virtual private networks in the same virtual routing gateway to achieve communication between multiple virtual private networks on the same cloud platform.
静态路由可以由使用者根据需求手动添加,静态路由主要由目的网段、下一跳地址和目的网卡设备名组成。静态路由添加完成后,通过与管理网通信,自动配置多个虚拟私有网络的静态路由,可以实现内网地址通信的目的。在配置过程中,只要确保虚拟路由网关中的静态路由没有地址冲突即可。Static routes can be added manually by users according to their needs. Static routes are mainly composed of the destination network segment, the next hop address, and the destination network card device name. After the static route is added, it can automatically configure the static routes of multiple virtual private networks by communicating with the management network, so as to achieve the purpose of intranet address communication. During the configuration process, just ensure that there is no address conflict in the static route in the virtual routing gateway.
S300:基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,以连接第一目标云平台和第二目标云平台。S300: Based on the elastic public IP address and the general routing encapsulation tunnel protocol, a general routing encapsulation tunnel is established between the virtual routing gateways of the first target cloud platform and the second target cloud platform to connect the first target cloud platform and the second target cloud platform.
其中,第一目标云平台和第二目标云平台均包括至少一个虚拟私有网络。Wherein, the first target cloud platform and the second target cloud platform each include at least one virtual private network.
基于弹性公网IP地址和通用路由封装隧道协议,建立跨区域的通用路由封装隧道,实现不同云平台的虚拟私有网络之间的通信。GRE(General Routing Encapsulation,通用路由封装)协议,是对某些网络层协议数据报文进行封装,使这些被封装的数据报文能够在另一个网络层协议(如IPv4)中传输。GRE提供了将一种协议的报文封装在另一种协议报文中的机制,是一种三层隧道封装技术,使报文可以通过GRE隧道透明的传输。GRE是在网络上建立直接点对点连接的一种方法,目的是简化单独网络之间的连接。并且,它的实现机制简单,对隧道两端的设备负担小,适用于该方案中将两个区域中的VPC打通的目的。为了建立跨区域的GRE隧道,则需要云平台提供的弹性公网IP资源。云平台的弹性公网IP资源提供与公网的连接出口,提供云资源访问外网的能力。Based on the elastic public IP address and the general routing encapsulation tunnel protocol, a cross-region general routing encapsulation tunnel is established to realize communication between virtual private networks of different cloud platforms. The GRE (General Routing Encapsulation) protocol encapsulates certain network layer protocol data packets so that these encapsulated data packets can be transmitted in another network layer protocol (such as IPv4). GRE provides a mechanism to encapsulate a message of one protocol in a message of another protocol. It is a three-layer tunnel encapsulation technology that enables messages to be transparently transmitted through the GRE tunnel. GRE is a method for establishing direct point-to-point connections on the network, with the aim of simplifying the connection between separate networks. In addition, its implementation mechanism is simple and has a small burden on the devices at both ends of the tunnel, which is suitable for the purpose of connecting the VPCs in two regions in this solution. In order to establish a cross-region GRE tunnel, the elastic public IP resources provided by the cloud platform are required. The elastic public IP resources of the cloud platform provide a connection exit with the public network, providing the ability for cloud resources to access the external network.
S400:第一目标云平台和第二目标云平台连通后,第一目标云平台的虚拟私有网络和第二目标云平台的虚拟私有网络通过通用路由封装隧道进行通信。S400: After the first target cloud platform and the second target cloud platform are connected, the virtual private network of the first target cloud platform and the virtual private network of the second target cloud platform communicate through a general routing encapsulation tunnel.
第一目标云平台和第二目标云平台可以是任意两个云平台,可以理解的是,任意两个云平台之间的虚拟私有网络均可以通过通用路由封装隧道实现通信,并且多个云平台之间可以使用一条隧道,相比每对多云虚拟私有网络都需要一个跨区域对等连接,节省了多个弹性公网IP资源。并且,由于多虚拟私有网络通信的配置主要集中在虚拟路由网关,便于管理。The first target cloud platform and the second target cloud platform can be any two cloud platforms. It is understandable that the virtual private networks between any two cloud platforms can communicate through the general routing encapsulation tunnel, and multiple cloud platforms can use one tunnel. Compared with each pair of multi-cloud virtual private networks requiring a cross-region peer connection, multiple elastic public IP resources are saved. In addition, since the configuration of multi-virtual private network communication is mainly concentrated in the virtual routing gateway, it is easy to manage.
在一实施例中,在S100(将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关)之前,云平台虚拟私有网络间的通信方法可以包括:创建一个虚拟路由网关;其中,虚拟路由网关用于进行多个虚拟私有网络之间的流量路由管理;其中,S100(将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关)包括:在目标虚拟私有网络中建立一个非业务网段的子网;目标虚拟私有网络为多个虚拟私有网络中的任意一个虚拟私有网络;在非业务网段的子网中,创建一个网卡实例,并且将网卡实例绑定在虚拟路由网关上。In one embodiment, before S100 (binding network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway), a communication method between virtual private networks on a cloud platform may include: creating a virtual routing gateway; wherein the virtual routing gateway is used to perform traffic routing management between multiple virtual private networks; wherein S100 (binding network cards of non-business network segments of multiple virtual private networks to the virtual routing gateway) includes: establishing a subnet of a non-business network segment in a target virtual private network; the target virtual private network is any one of the multiple virtual private networks; in the subnet of the non-business network segment, creating a network card instance, and binding the network card instance to the virtual routing gateway.
子网是在一个较大的网络中进一步划分的网络部分,用于将网络划分为更小的逻辑网络。子网允许网络管理员将一个大的IP地址范围分割成多个较小的子网络,从而更有效地管理IP地址分配和网络通信。网卡实例可以指为特定网卡配置的逻辑接口或虚拟接口,用于与宿主机或其他虚拟机进行网络通信。A subnet is a network segment that is further divided within a larger network, used to divide the network into smaller logical networks. Subnets allow network administrators to divide a large IP address range into multiple smaller subnetworks, thereby managing IP address allocation and network communications more efficiently. A network card instance can refer to a logical interface or virtual interface configured for a specific network card, used for network communications with the host or other virtual machines.
用户的虚拟私有网络加入虚拟路由网关的过程如下:创建一个虚拟路由网关,负责进行多虚拟私有网络间的流量路由管理。在用户的业务虚拟私有网络A(目标虚拟私有网络)中,建立一个非业务网段的子网。建立该网段的目的是,既可以和虚拟私有网络A在同一个虚拟路由器中,又不会与占用用户的网段资源。在该非业务网段的子网中,创建一个网卡实例a,并且绑定在虚拟路由网关上。根据用户配置,在虚拟路由网关中配置路由规则,目的网段为虚拟私有网络A的连通网段,下一跳为网卡实例a。目标虚拟私有网络可以是云平台中的任意一个虚拟私有网络。The process of a user's virtual private network joining a virtual routing gateway is as follows: Create a virtual routing gateway to manage traffic routing between multiple virtual private networks. In the user's business virtual private network A (target virtual private network), establish a subnet of a non-business network segment. The purpose of establishing this network segment is to allow it to be in the same virtual router as virtual private network A without occupying the user's network segment resources. In the subnet of the non-business network segment, create a network card instance a and bind it to the virtual routing gateway. According to the user configuration, configure the routing rules in the virtual routing gateway, the destination network segment is the connected network segment of virtual private network A, and the next hop is network card instance a. The target virtual private network can be any virtual private network in the cloud platform.
在一实施例中,当将第一虚拟私有网络和第二虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关后,S200(配置同一虚拟路由网关中的多个虚拟私有网络的静态路由)可以包括:在第一虚拟私有网络的虚拟路由器中,配置静态路由,目的网段为第二虚拟私有网络的连通网段,下一跳为第一虚拟私有网络的非业务网段网卡;在第二虚拟私有网络的虚拟路由器中,配置静态路由,目的网段为第一虚拟私有网络的连通网段,下一跳为第二虚拟私有网络的非业务网段网卡;其中,第一虚拟私有网络和第二虚拟私有网络为同一云平台中任意两个存在通信需求的虚拟私有网络。In one embodiment, after the network cards of the non-business network segments of the first virtual private network and the second virtual private network are bound to the virtual routing gateway, S200 (configuring static routes of multiple virtual private networks in the same virtual routing gateway) may include: in the virtual router of the first virtual private network, configuring a static route, the destination network segment is the connected network segment of the second virtual private network, and the next hop is the non-business network segment network card of the first virtual private network; in the virtual router of the second virtual private network, configuring a static route, the destination network segment is the connected network segment of the first virtual private network, and the next hop is the non-business network segment network card of the second virtual private network; wherein the first virtual private network and the second virtual private network are any two virtual private networks in the same cloud platform that have communication needs.
例如,在同一云平台中,将虚拟私有网络A(第一虚拟私有网络)和虚拟私有网络B(第二虚拟私有网络)加入至虚拟路由网关后,虚拟私有网络A和虚拟私有网络B想要实现通信,则在虚拟私有网络A的虚拟路由器中,配置静态路由,目的网段为虚拟私有网络B的连通网段,下一跳为虚拟私有网络A的非业务网段网卡a,在虚拟私有网络B的虚拟路由器中,配置静态路由,目的网段为虚拟私有网络A的连通网段,下一跳为虚拟私有网络B的非业务网段网卡b。完成以上步骤,虚拟私有网络A与B中所配置的连通网段即可进行通信。当有虚拟私有网络C加入时,重复上述步骤,即可完成虚拟私有网络C的连通网段与A和B之间的通信。即实现了云平台内多虚拟私有网络的内网IP地址通信需求。For example, in the same cloud platform, after adding virtual private network A (the first virtual private network) and virtual private network B (the second virtual private network) to the virtual routing gateway, virtual private network A and virtual private network B want to communicate. In the virtual router of virtual private network A, static routing is configured, the destination network segment is the connected network segment of virtual private network B, and the next hop is the non-business network segment network card a of virtual private network A. In the virtual router of virtual private network B, static routing is configured, the destination network segment is the connected network segment of virtual private network A, and the next hop is the non-business network segment network card b of virtual private network B. After completing the above steps, virtual private networks A and B can communicate with the connected network segments configured. When virtual private network C is added, repeat the above steps to complete the communication between the connected network segment of virtual private network C and A and B. That is, the communication requirements of the intranet IP addresses of multiple virtual private networks in the cloud platform are realized.
在一实施例中,在S300(基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道)之前,云平台虚拟私有网络间的通信方法包括:在第一目标云平台和第二目标云平台上分别创建非用户的虚拟私有网络;在第一目标云平台和第二目标云平台上的非用户的虚拟私有网络中分别创建网卡实例;将网卡实例分别关联到对应的第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关上。In one embodiment, before S300 (establishing a general routing encapsulation tunnel between the virtual routing gateways of the first target cloud platform and the second target cloud platform based on the elastic public IP address and the general routing encapsulation tunnel protocol), the communication method between cloud platform virtual private networks includes: creating non-user virtual private networks on the first target cloud platform and the second target cloud platform respectively; creating network card instances in the non-user virtual private networks on the first target cloud platform and the second target cloud platform respectively; and associating the network card instances to the corresponding virtual routing gateways of the first target cloud platform and the second target cloud platform respectively.
在进行通信的云平台上创建一个非用户的虚拟私有网络,在其中创建一个网卡实例,并且关联到云平台的虚拟路由网关上。另外,其他需要建立通信的云平台上均执行此步骤。Create a non-user virtual private network on the cloud platform for communication, create a network card instance in it, and associate it with the virtual routing gateway of the cloud platform. In addition, perform this step on other cloud platforms that need to establish communication.
在一实施例中,在将网卡实例分别关联到对应的第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关上之后,云平台虚拟私有网络间的通信方法还可以包括:分别为第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关申请弹性公网IP地址;其中,S300(基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道)可以包括:将第一目标云平台的弹性公网IP地址与第一目标云平台的网卡实例关联,作为通用路由封装隧道的第一端点;将第二目标云平台的弹性公网IP地址与第二目标云平台的网卡实例关联,作为通用路由封装隧道的第二端点。In one embodiment, after the network card instances are respectively associated with the corresponding virtual routing gateways of the first target cloud platform and the second target cloud platform, the communication method between cloud platform virtual private networks may also include: applying for elastic public IP addresses for the virtual routing gateways of the first target cloud platform and the second target cloud platform respectively; wherein S300 (establishing a general routing encapsulation tunnel between the virtual routing gateways of the first target cloud platform and the second target cloud platform based on the elastic public IP address and the general routing encapsulation tunnel protocol) may include: associating the elastic public IP address of the first target cloud platform with the network card instance of the first target cloud platform as the first endpoint of the general routing encapsulation tunnel; associating the elastic public IP address of the second target cloud platform with the network card instance of the second target cloud platform as the second endpoint of the general routing encapsulation tunnel.
当两个云平台间的虚拟私有网络需要通信时,则需要借助弹性公网IP,在两个云平台的虚拟路由网关之间,建立GRE隧道,进行多云平台的虚拟私有网络间的通信。首先,在其中一个需要通信的云平台创建一个非用户的虚拟私有网络,在其中创建一个网卡实例,并且关联到虚拟路由网关上,申请一个弹性公网IP地址,并将该公网IP与创建的网卡实例关联,以此作为一个隧道端点。然后,在另一个需要通信的云平台也创建一个非用户的虚拟私有网络,在其中创建一个网卡实例,并且关联到虚拟路由网关上,申请一个弹性公网IP地址,并将该公网IP与创建的网卡实例关联,以此作为另一个隧道端点。从而完成建立隧道的初步准备。When the virtual private networks between two cloud platforms need to communicate, it is necessary to use elastic public IP to establish a GRE tunnel between the virtual routing gateways of the two cloud platforms to communicate between the virtual private networks of multiple cloud platforms. First, create a non-user virtual private network in one of the cloud platforms that needs to communicate, create a network card instance in it, and associate it with the virtual routing gateway, apply for an elastic public IP address, and associate the public IP with the created network card instance as a tunnel endpoint. Then, create a non-user virtual private network in the other cloud platform that needs to communicate, create a network card instance in it, and associate it with the virtual routing gateway, apply for an elastic public IP address, and associate the public IP with the created network card instance as another tunnel endpoint. This completes the preliminary preparation for establishing a tunnel.
在一实施例中,S300(基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道)还可以包括:基于预设系统命令,在第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关中分别加载通用路由封装的内核组件;其中,内核组件用于进行后续的通用路由封装隧道创建配置;基于预设指令,在第一目标云平台的虚拟路由网关创建第一隧道端口设备,以及在第二目标云平台的虚拟路由网关创建第二隧道端口设备;将第一隧道端口设备和第二隧道端口设备映射为一条通用路由封装隧道。In one embodiment, S300 (establishing a universal routing encapsulation tunnel between the virtual routing gateways of the first target cloud platform and the second target cloud platform based on the elastic public network IP address and the universal routing encapsulation tunnel protocol) may also include: based on a preset system command, loading the kernel component of the universal routing encapsulation in the virtual routing gateway of the first target cloud platform and the virtual routing gateway of the second target cloud platform respectively; wherein the kernel component is used to perform subsequent universal routing encapsulation tunnel creation configuration; based on preset instructions, creating a first tunnel port device in the virtual routing gateway of the first target cloud platform, and creating a second tunnel port device in the virtual routing gateway of the second target cloud platform; mapping the first tunnel port device and the second tunnel port device to a universal routing encapsulation tunnel.
以第一目标云平台为例,使用系统命令“modprobeip_gre”在虚拟路由网关中加载GRE的内核组件,用以进行后续的GRE隧道创建配置,使用“ip tunnel”指令在虚拟路由网关创建第一隧道端口设备。并且根据规划,将隧道本端IP和对端IP信息配置到端口设备上,在虚拟路由网关中配置静态路由,目的地址是对端云中心(第二目标云平台)的网段,下一跳指向创建的第一隧道端口设备,完成GRE隧道一端的创建。在需要进行通信的另一个云中心(例如第二目标云平台),也执行相同的步骤,将GRE隧道的另一端创建完成,2.多云间的虚拟私有网络通信,可以使用一条隧道,节省网络资源。Taking the first target cloud platform as an example, use the system command "modprobeip_gre" to load the kernel component of GRE in the virtual routing gateway for subsequent GRE tunnel creation configuration, and use the "ip tunnel" command to create the first tunnel port device in the virtual routing gateway. And according to the plan, configure the local IP and the other end IP information of the tunnel to the port device, configure the static route in the virtual routing gateway, the destination address is the network segment of the other end cloud center (the second target cloud platform), and the next hop points to the created first tunnel port device to complete the creation of one end of the GRE tunnel. In another cloud center that needs to communicate (such as the second target cloud platform), perform the same steps to complete the creation of the other end of the GRE tunnel. 2. Virtual private network communication between multiple clouds can use one tunnel to save network resources.
例如,在虚拟路由网关A(第一目标云平台的虚拟路由网关)的业务网卡关联弹性公网IP(EIP1),并通过ip tunnel命令创建隧道端口设备gre tunnel1(第一隧道端口设备)。在虚拟路由网关B(第二目标云平台的虚拟路由网关)的业务网卡关联弹性公网IP(EIP2),并通过ip tunnel命令创建隧道端口设备gre tunnel2(第二隧道端口设备)。第一隧道端口设备和第二隧道端口设备映射为一条GRE隧道。For example, associate the elastic public IP (EIP1) with the service network card of virtual routing gateway A (the virtual routing gateway of the first target cloud platform), and create a tunnel port device gre tunnel1 (the first tunnel port device) through the ip tunnel command. Associate the elastic public IP (EIP2) with the service network card of virtual routing gateway B (the virtual routing gateway of the second target cloud platform), and create a tunnel port device gre tunnel2 (the second tunnel port device) through the ip tunnel command. The first tunnel port device and the second tunnel port device are mapped to a GRE tunnel.
在一实施例中,将第一隧道端口设备和第二隧道端口设备映射为一条通用路由封装隧道,包括:在第一目标云平台的虚拟路由网关中配置静态路由,目的地址是第二目标云平台的网段,下一跳指向第一目标云平台的第一隧道端口设备;以及在第二目标云平台的虚拟路由网关中配置静态路由,目的地址是第一目标云平台的网段,下一跳指向第二目标云平台的第二隧道端口设备。In one embodiment, the first tunnel port device and the second tunnel port device are mapped to a general routing encapsulation tunnel, including: configuring a static route in the virtual routing gateway of the first target cloud platform, the destination address is the network segment of the second target cloud platform, and the next hop points to the first tunnel port device of the first target cloud platform; and configuring a static route in the virtual routing gateway of the second target cloud platform, the destination address is the network segment of the first target cloud platform, and the next hop points to the second tunnel port device of the second target cloud platform.
在虚拟路由网关中配置静态路由,目的地址是对端云中心的网段,下一跳指向创建的隧道端口设备,例如,需要实现第一目标云平台和第二目标云平台中虚拟私有网络的通信,设置第一目标云平台的目的地址为第二目标云平台的网段,下一跳指向第一隧道端口设备,设置第二目标云平台的目的地址为第一目标云平台的网段,下一跳指向第二隧道端口设备。网段是指一个具有相同网络地址(高位相同)的一组IP地址的集合。Configure static routing in the virtual routing gateway. The destination address is the network segment of the peer cloud center, and the next hop points to the created tunnel port device. For example, if you need to implement communication between the virtual private network in the first target cloud platform and the second target cloud platform, set the destination address of the first target cloud platform to the network segment of the second target cloud platform, and the next hop points to the first tunnel port device. Set the destination address of the second target cloud platform to the network segment of the first target cloud platform, and the next hop points to the second tunnel port device. A network segment refers to a set of IP addresses with the same network address (same high bits).
在一实施例中,基于预设指令,在第一目标云平台的虚拟路由网关创建第一隧道端口设备,以及在第二目标云平台的虚拟路由网关创建第二隧道端口设备,包括:将第一目标云平台的弹性公网IP地址配置到第一隧道端口设备上;将第二目标云平台的弹性公网IP地址配置到第二隧道端口设备上;其中,第一目标云平台的弹性公网IP地址与第二目标云平台的弹性公网IP地址对称。In one embodiment, based on preset instructions, a first tunnel port device is created in the virtual routing gateway of the first target cloud platform, and a second tunnel port device is created in the virtual routing gateway of the second target cloud platform, including: configuring the elastic public IP address of the first target cloud platform to the first tunnel port device; configuring the elastic public IP address of the second target cloud platform to the second tunnel port device; wherein the elastic public IP address of the first target cloud platform is symmetrical with the elastic public IP address of the second target cloud platform.
将第一目标云平台的虚拟路由网关的业务网卡关联一个弹性公网IP,将第二目标云平台的虚拟路由网关的业务网卡关联另一个弹性公网IP,并将第一目标云平台的弹性公网IP地址配置到第一隧道端口设备上,第二目标云平台的弹性公网IP地址配置到第二隧道端口设备上。本端(第一目标云平台)IP地址和对端(第二目标云平台)IP地址需要对称。Associate the service network card of the virtual routing gateway of the first target cloud platform with an elastic public IP, associate the service network card of the virtual routing gateway of the second target cloud platform with another elastic public IP, and configure the elastic public IP address of the first target cloud platform to the first tunnel port device, and configure the elastic public IP address of the second target cloud platform to the second tunnel port device. The IP address of the local end (the first target cloud platform) and the IP address of the opposite end (the second target cloud platform) need to be symmetrical.
在一实施例中,静态路根据需求添加,静态路由包括目的网段、下一跳地址和目的网卡设备名;其中,在设置静态路由时,检查静态路由间是否存在地址冲突;当静态路由间存在地址冲突时,发出冲突提示。In one embodiment, a static route is added according to demand, and the static route includes a destination network segment, a next hop address, and a destination network card device name; wherein, when setting a static route, it is checked whether there is an address conflict between static routes; when there is an address conflict between static routes, a conflict prompt is issued.
静态路由(Static Routing)是一种路由的方式,静态路由是指由网络管理员根据网络拓扑结构和业务需求,手动在路由器中配置路由表项,以决定数据包在网络中的转发路径。当数据包在网络中传输时,路由器会根据路由表中的条目来决定数据包的转发路径。对于静态路由而言,路由表中的每一个条目都是由网络管理员手动配置的。当路由器接收到一个数据包时,它会根据数据包的目的IP地址,在路由表中查找匹配的条目。如果找到匹配的条目,路由器就会根据条目中指定的下一跳地址或出接口,将数据包转发出去。Static routing is a routing method. Static routing refers to the manual configuration of routing table entries in the router by the network administrator according to the network topology and business needs to determine the forwarding path of the data packet in the network. When the data packet is transmitted in the network, the router will determine the forwarding path of the data packet based on the entries in the routing table. For static routing, each entry in the routing table is manually configured by the network administrator. When the router receives a data packet, it will search for a matching entry in the routing table based on the destination IP address of the data packet. If a matching entry is found, the router will forward the data packet according to the next hop address or outbound interface specified in the entry.
以云平台A和云平台B为例,云中心A中有两个虚拟私有网络:VPC1(子网网段192.168.0.0/24)和VPC2(子网网段192.168.1.0/24),云中心B中有两个虚拟私有网络:VPC3(子网网段192.168.3.0/24)和VPC4(子网网段192.168.4.0/24),以上四个VPC的资源需要使用内网地址通信。CIDR是“无类域间路由(Classless Inter-Domain Routing)”的缩写,它是一种用于在互联网上创建和分配IP地址的方法。Taking cloud platform A and cloud platform B as examples, there are two virtual private networks in cloud center A: VPC1 (subnet segment 192.168.0.0/24) and VPC2 (subnet segment 192.168.1.0/24), and there are two virtual private networks in cloud center B: VPC3 (subnet segment 192.168.3.0/24) and VPC4 (subnet segment 192.168.4.0/24). The resources of the above four VPCs need to use intranet addresses for communication. CIDR is the abbreviation of "Classless Inter-Domain Routing", which is a method for creating and assigning IP addresses on the Internet.
建立云平台A和云平台B之间通信步骤包括:The steps to establish communication between cloud platform A and cloud platform B include:
1、在云中心A创建虚拟路由网关A。将VPC1和VPC2中分别创建非业务网段,并创建端口eth1(11.0.103.100)和eth2(11.0.103.101)并将网卡关联到虚拟路由网关A。1. Create virtual routing gateway A in cloud center A. Create non-business network segments in VPC1 and VPC2 respectively, create ports eth1 (11.0.103.100) and eth2 (11.0.103.101), and associate the network card with virtual routing gateway A.
2、在云中心B创建虚拟路由网关B。将VPC3和VPC4中分别创建非业务网段,并创建端口eth3(11.0.103.100)和eth4(11.0.103.101)并将网卡关联到虚拟路由网关B。2. Create virtual routing gateway B in cloud center B. Create non-business network segments in VPC3 and VPC4 respectively, create ports eth3 (11.0.103.100) and eth4 (11.0.103.101), and associate the network card with virtual routing gateway B.
3、在虚拟路由网关A的业务网卡关联弹性公网IP(EIP1),并通过ip tunnel命令创建隧道端口设备GRE tunnel1。3. Associate the elastic public IP (EIP1) with the service network card of virtual routing gateway A, and create the tunnel port device GRE tunnel1 through the ip tunnel command.
4、在虚拟路由网关B的业务网卡关联弹性公网IP(EIP2),并通过ip tunnel命令创建隧道端口设备GRE tunnel2。与步骤③中创建出的隧道端口映射为一条GRE隧道。4. Associate the elastic public IP (EIP2) with the service network card of virtual routing gateway B, and create a tunnel port device GRE tunnel2 through the ip tunnel command. Map it to a GRE tunnel with the tunnel port created in step ③.
5、在四个VPC的路由表中配置静态路由,目的网段分别为其他三个互通的子网网段,下一跳为自己VPC的非业务网段网卡(11.0.103.X)。5. Configure static routes in the routing tables of the four VPCs. The destination network segments are the other three interconnected subnet segments, and the next hop is the non-business network segment network card (11.0.103.X) of your own VPC.
例如,VPC1的Subnet(子网)地址为(192.168.0.0/24),其中包括ECS(192.168.0.10)和ECS(192.168.0.11),VPC2的Subnet(子网)地址为(192.168.1.0/24),其中包括ECS(192.168.1.10)和ECS(192.168.1.11),VPC3的Subnet(子网)地址为(192.168.3.0/24),其中包括ECS(192.168.3.10)和ECS(192.168.3.11),VPC4的Subnet(子网)地址为(192.168.4.0/24),其中包括ECS(192.168.4.10)和ECS(192.168.4.11)。For example, the subnet address of VPC1 is (192.168.0.0/24), which includes ECS (192.168.0.10) and ECS (192.168.0.11), and the subnet address of VPC2 is (192.168.1.0/24), which includes ECS (192.168.1.10) and ECS (192.168.1.11). ), the subnet address of VPC3 is (192.168.3.0/24), which includes ECS (192.168.3.10) and ECS (192.168.3.11), and the subnet address of VPC4 is (192.168.4.0/24), which includes ECS (192.168.4.10) and ECS (192.168.4.11).
在VPC1的路由表中配置静态路由,设置目的网段为VPC2(子网网段192.168.1.0/24)、VPC3(子网网段192.168.3.0/24)、VPC4(子网网段192.168.4.0/24),下一跳地址为eth1。在VPC2的路由表中配置静态路由,设置目的网段为VPC1(192.168.0.0/24)、VPC3(子网网段192.168.3.0/24)、VPC4(子网网段192.168.4.0/24),下一跳地址为eth2。在VPC3的路由表中配置静态路由,设置目的网段为VPC1(192.168.0.0/24)、VPC2(子网网段192.168.1.0/24)、VPC4(子网网段192.168.4.0/24),下一跳地址为eth3。在VPC4的路由表中配置静态路由,设置目的网段为VPC1(192.168.0.0/24)、VPC2(子网网段192.168.1.0/24)、VPC3(子网网段192.168.3.0/24),下一跳地址为eth4。Configure static routes in the routing table of VPC1, set the destination network segment to VPC2 (subnet network segment 192.168.1.0/24), VPC3 (subnet network segment 192.168.3.0/24), VPC4 (subnet network segment 192.168.4.0/24), and the next hop address to eth1. Configure static routes in the routing table of VPC2, set the destination network segment to VPC1 (192.168.0.0/24), VPC3 (subnet network segment 192.168.3.0/24), VPC4 (subnet network segment 192.168.4.0/24), and the next hop address to eth2. Configure static routes in the routing table of VPC3, set the destination network segment to VPC1 (192.168.0.0/24), VPC2 (subnet network segment 192.168.1.0/24), VPC4 (subnet network segment 192.168.4.0/24), and the next hop address to eth3. Configure static routes in the routing table of VPC4, set the destination network segment to VPC1 (192.168.0.0/24), VPC2 (subnet network segment 192.168.1.0/24), VPC3 (subnet network segment 192.168.3.0/24), and the next hop address to eth4.
6、在虚拟路由网关A和虚拟路由网关B中分别配置路由,将目的网段的流量指向相应的VPC端口或GRE隧道端口。6. Configure routing in virtual routing gateway A and virtual routing gateway B respectively to direct the traffic of the destination network segment to the corresponding VPC port or GRE tunnel port.
在云中心A中,配置VPC1(子网网段192.168.0.0/24)的下一跳地址为eth1,配置VPC2(子网网段192.168.1.0/24)的下一跳地址为eth2,配置VPC3(子网网段192.168.3.0/24)和VPC4(子网网段192.168.4.0/24)的下一跳地址为GRE Tunnel 1。在云中心B中,配置VPC3(子网网段192.168.3.0/24)的下一跳地址为eth3,配置VPC4(子网网段192.168.4.0/24)的下一跳地址为eth4,配置VPC1(子网网段192.168.0.0/24)和VPC2(子网网段192.168.1.0/24)的下一跳地址为GRE Tunnel 2。In cloud center A, configure the next hop address of VPC1 (subnet segment 192.168.0.0/24) as eth1, configure the next hop address of VPC2 (subnet segment 192.168.1.0/24) as eth2, and configure the next hop address of VPC3 (subnet segment 192.168.3.0/24) and VPC4 (subnet segment 192.168.4.0/24) as GRE Tunnel 1. In cloud center B, configure the next hop address of VPC3 (subnet segment 192.168.3.0/24) as eth3, configure the next hop address of VPC4 (subnet segment 192.168.4.0/24) as eth4, and configure the next hop address of VPC1 (subnet segment 192.168.0.0/24) and VPC2 (subnet segment 192.168.1.0/24) as GRE Tunnel 2.
以上步骤完成后,多云中心虚拟私有网络间内网通信方案配置完成。After completing the above steps, the intranet communication solution between multi-cloud center virtual private networks is configured.
配置完成后,以从云中心A的VPC1传输数据至云中心B的VPC3为例,先从虚拟机发送到虚拟机所在的子网网关(192.168.0.0/24),发到子网网关(192.168.0.0/24)之后,然后通过路由(11.0.103.100)跳转,转发到虚拟路由网关A。虚拟路由网关A通过路由表检查,检查到所需要访问的网段是需要GRE隧道发送的,就将数据包发送到GRE隧道。发到GRE隧道后,云中心B的GRE Tunnel2就可以收到这个包,GRE解包之后,匹配路由,由于需要发送到VPC3,因此转发到eth3(11.0.103.100)的这个路由,然后发到这个VPC3所在的路由器上,最后找到相应的访问的虚机。After the configuration is completed, take the example of transmitting data from VPC1 of cloud center A to VPC3 of cloud center B. First, the data is sent from the virtual machine to the subnet gateway (192.168.0.0/24) where the virtual machine is located. After being sent to the subnet gateway (192.168.0.0/24), it is forwarded to virtual routing gateway A through routing (11.0.103.100). Virtual routing gateway A checks the routing table and finds that the network segment to be accessed needs to be sent through the GRE tunnel, so it sends the data packet to the GRE tunnel. After being sent to the GRE tunnel, GRE Tunnel2 of cloud center B can receive the packet. After GRE unpacks the packet, it matches the route. Since it needs to be sent to VPC3, it is forwarded to the route of eth3 (11.0.103.100), and then sent to the router where VPC3 is located, and finally finds the corresponding virtual machine to be accessed.
图2是本发明一示例性实施例提供的云平台虚拟私有网络间的通信装置的结构示意图,如图2所示,云平台虚拟私有网络间的通信装置5包括:绑定模块51,将多个虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关;配置模块52,配置同一虚拟路由网关中的多个虚拟私有网络的静态路由,以实现同一云平台间多个虚拟私有网络的通信;建立模块53,基于弹性公网IP地址和通用路由封装隧道协议,在第一目标云平台和第二目标云平台的虚拟路由网关之间建立通用路由封装隧道,以连接第一目标云平台和第二目标云平台;其中,第一目标云平台和第二目标云平台均包括至少一个虚拟私有网络;通信模块54,第一目标云平台和第二目标云平台连通后,第一目标云平台的虚拟私有网络和第二目标云平台的虚拟私有网络通过通用路由封装隧道进行通信。2 is a schematic diagram of the structure of a communication device between virtual private networks of cloud platforms provided by an exemplary embodiment of the present invention. As shown in FIG2 , the communication device 5 between virtual private networks of cloud platforms includes: a binding module 51, which binds the network cards of non-business network segments of multiple virtual private networks to a virtual routing gateway; a configuration module 52, which configures static routes of multiple virtual private networks in the same virtual routing gateway to achieve communication between multiple virtual private networks in the same cloud platform; an establishment module 53, which establishes a general routing encapsulation tunnel between the virtual routing gateways of the first target cloud platform and the second target cloud platform based on an elastic public network IP address and a general routing encapsulation tunnel protocol to connect the first target cloud platform and the second target cloud platform; wherein the first target cloud platform and the second target cloud platform each include at least one virtual private network; a communication module 54, after the first target cloud platform and the second target cloud platform are connected, the virtual private network of the first target cloud platform and the virtual private network of the second target cloud platform communicate through the general routing encapsulation tunnel.
本发明提供的云平台虚拟私有网络间的通信装置,相比于对等连接需要对每一对虚拟私有网络进行配置,使用虚拟路由网关的虚拟私有网络间通信只需要对每个对等连接进行一次连接配置,多个云平台间的虚拟私有网络通信,可以使用一条隧道,相比每对多云虚拟私有网络都需要一个跨区域对等连接,更加节省公网IP地址资源并且配置更为简单。The communication device between virtual private networks of cloud platforms provided by the present invention, compared with the peer-to-peer connection which requires configuration of each pair of virtual private networks, only requires one connection configuration for each peer-to-peer connection for communication between virtual private networks using a virtual routing gateway. Virtual private network communication between multiple cloud platforms can use one tunnel. Compared with each pair of multi-cloud virtual private networks which requires a cross-regional peer-to-peer connection, it saves more public IP address resources and is simpler to configure.
在一实施例中,云平台虚拟私有网络间的通信装置5包括:创建一个虚拟路由网关;其中,虚拟路由网关用于进行多个虚拟私有网络之间的流量路由管理;其中,绑定模块51可以配置为:在目标虚拟私有网络中建立一个非业务网段的子网;目标虚拟私有网络为多个虚拟私有网络中的任意一个虚拟私有网络;在非业务网段的子网中,创建一个网卡实例,并且将网卡实例绑定在虚拟路由网关上。In one embodiment, the communication device 5 between cloud platform virtual private networks includes: creating a virtual routing gateway; wherein the virtual routing gateway is used to perform traffic routing management between multiple virtual private networks; wherein the binding module 51 can be configured as: establishing a subnet of a non-business network segment in the target virtual private network; the target virtual private network is any one of the multiple virtual private networks; in the subnet of the non-business network segment, creating a network card instance, and binding the network card instance to the virtual routing gateway.
在一实施例中,当将第一虚拟私有网络和第二虚拟私有网络的非业务网段的网卡绑定至虚拟路由网关后,配置模块52可以配置为:在第一虚拟私有网络的虚拟路由器中,配置静态路由,目的网段为第二虚拟私有网络的连通网段,下一跳为第一虚拟私有网络的非业务网段网卡;在第二虚拟私有网络的虚拟路由器中,配置静态路由,目的网段为第一虚拟私有网络的连通网段,下一跳为第二虚拟私有网络的非业务网段网卡;其中,第一虚拟私有网络和第二虚拟私有网络为同一云平台中任意两个存在通信需求的虚拟私有网络。In one embodiment, after the network cards of the non-business network segments of the first virtual private network and the second virtual private network are bound to the virtual routing gateway, the configuration module 52 can be configured as follows: in the virtual router of the first virtual private network, a static route is configured, the destination network segment is the connected network segment of the second virtual private network, and the next hop is the non-business network segment network card of the first virtual private network; in the virtual router of the second virtual private network, a static route is configured, the destination network segment is the connected network segment of the first virtual private network, and the next hop is the non-business network segment network card of the second virtual private network; wherein the first virtual private network and the second virtual private network are any two virtual private networks in the same cloud platform that have communication needs.
在一实施例中,云平台虚拟私有网络间的通信装置5包括:在第一目标云平台和第二目标云平台上分别创建非用户的虚拟私有网络;在第一目标云平台和第二目标云平台上的非用户的虚拟私有网络中分别创建网卡实例;将网卡实例分别关联到对应的第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关上。In one embodiment, the communication device 5 between cloud platform virtual private networks includes: creating non-user virtual private networks on the first target cloud platform and the second target cloud platform respectively; creating network card instances in the non-user virtual private networks on the first target cloud platform and the second target cloud platform respectively; and associating the network card instances to the corresponding virtual routing gateways of the first target cloud platform and the second target cloud platform respectively.
在一实施例中,云平台虚拟私有网络间的通信装置5还可以包括:分别为第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关申请弹性公网IP地址;其中,建立模块53可以配置为:将第一目标云平台的弹性公网IP地址与第一目标云平台的网卡实例关联,作为通用路由封装隧道的第一端点;将第二目标云平台的弹性公网IP地址与第二目标云平台的网卡实例关联,作为通用路由封装隧道的第二端点。In one embodiment, the communication device 5 between cloud platform virtual private networks may also include: applying for elastic public IP addresses for the virtual routing gateway of the first target cloud platform and the virtual routing gateway of the second target cloud platform respectively; wherein the establishment module 53 can be configured to: associate the elastic public IP address of the first target cloud platform with the network card instance of the first target cloud platform as the first endpoint of the general routing encapsulation tunnel; associate the elastic public IP address of the second target cloud platform with the network card instance of the second target cloud platform as the second endpoint of the general routing encapsulation tunnel.
在一实施例中,建立模块53还可以配置为:基于预设系统命令,在第一目标云平台的虚拟路由网关和第二目标云平台的虚拟路由网关中分别加载通用路由封装的内核组件;其中,内核组件用于进行后续的通用路由封装隧道创建配置;基于预设指令,在第一目标云平台的虚拟路由网关创建第一隧道端口设备,以及在第二目标云平台的虚拟路由网关创建第二隧道端口设备;将第一隧道端口设备和第二隧道端口设备映射为一条通用路由封装隧道。In one embodiment, the establishment module 53 can also be configured as: based on a preset system command, loading the kernel component of the general routing encapsulation in the virtual routing gateway of the first target cloud platform and the virtual routing gateway of the second target cloud platform respectively; wherein the kernel component is used to perform subsequent general routing encapsulation tunnel creation configuration; based on preset instructions, creating a first tunnel port device in the virtual routing gateway of the first target cloud platform, and creating a second tunnel port device in the virtual routing gateway of the second target cloud platform; mapping the first tunnel port device and the second tunnel port device into a general routing encapsulation tunnel.
在一实施例中,将第一隧道端口设备和第二隧道端口设备映射为一条通用路由封装隧道,可以包括:在第一目标云平台的虚拟路由网关中配置静态路由,目的地址是第二目标云平台的网段,下一跳指向第一目标云平台的第一隧道端口设备;以及在第二目标云平台的虚拟路由网关中配置静态路由,目的地址是第一目标云平台的网段,下一跳指向第二目标云平台的第二隧道端口设备。In one embodiment, mapping the first tunnel port device and the second tunnel port device to a universal routing encapsulation tunnel may include: configuring a static route in the virtual routing gateway of the first target cloud platform, with the destination address being the network segment of the second target cloud platform, and the next hop pointing to the first tunnel port device of the first target cloud platform; and configuring a static route in the virtual routing gateway of the second target cloud platform, with the destination address being the network segment of the first target cloud platform, and the next hop pointing to the second tunnel port device of the second target cloud platform.
在一实施例中,基于预设指令,在第一目标云平台的虚拟路由网关创建第一隧道端口设备,以及在第二目标云平台的虚拟路由网关创建第二隧道端口设备,可以包括:将第一目标云平台的弹性公网IP地址配置到第一隧道端口设备上;将第二目标云平台的弹性公网IP地址配置到第二隧道端口设备上;其中,第一目标云平台的弹性公网IP地址与第二目标云平台的弹性公网IP地址对称。In one embodiment, based on preset instructions, creating a first tunnel port device in the virtual routing gateway of the first target cloud platform and creating a second tunnel port device in the virtual routing gateway of the second target cloud platform can include: configuring the elastic public IP address of the first target cloud platform to the first tunnel port device; configuring the elastic public IP address of the second target cloud platform to the second tunnel port device; wherein the elastic public IP address of the first target cloud platform is symmetrical with the elastic public IP address of the second target cloud platform.
在一实施例中,静态路根据需求添加,静态路由包括目的网段、下一跳地址和目的网卡设备名;其中,在设置静态路由时,检查静态路由间是否存在地址冲突;当静态路由间存在地址冲突时,发出冲突提示。In one embodiment, a static route is added according to demand, and the static route includes a destination network segment, a next hop address, and a destination network card device name; wherein, when setting a static route, it is checked whether there is an address conflict between static routes; when there is an address conflict between static routes, a conflict prompt is issued.
本发明实施例提供了一种云平台虚拟私有网络间的通信装置。装置实施例可以通过软件实现,也可以通过硬件或者软硬件结合的方式实现。从硬件层面而言,除了CPU、内存、网络接口、以及非易失性存储器之外,实施例中装置所在的设备通常还可以包括其他硬件,如负责处理报文的转发芯片等等。以软件实现为例,作为一个逻辑意义上的装置,是通过其所在设备的CPU将非易失性存储器中对应的计算机程序指令读取到内存中运行形成的。An embodiment of the present invention provides a communication device between virtual private networks of a cloud platform. The device embodiment can be implemented by software, or by hardware or a combination of software and hardware. From a hardware perspective, in addition to the CPU, memory, network interface, and non-volatile memory, the device in the embodiment where the device is located can generally include other hardware, such as a forwarding chip responsible for processing messages, etc. Taking software implementation as an example, as a device in a logical sense, it is formed by the CPU of the device where it is located reading the corresponding computer program instructions in the non-volatile memory into the memory for execution.
根据本发明的另一个方面,提供了一种计算机可读存储介质,存储介质存储有计算机程序,计算机程序用于执行上述任一实施例的云平台虚拟私有网络间的通信方法。According to another aspect of the present invention, a computer-readable storage medium is provided, wherein the storage medium stores a computer program for executing the communication method between virtual private networks of a cloud platform according to any of the above embodiments.
除了上述方法和设备以外,本发明的实施例还可以是计算机程序产品,其包括计算机程序指令,计算机程序指令在被处理器运行时使得处理器执行本说明书上述“示例性方法”部分中描述的根据本发明各种实施例的云平台虚拟私有网络间的通信方法中的步骤。In addition to the above-mentioned methods and devices, an embodiment of the present invention may also be a computer program product, which includes computer program instructions, which, when executed by a processor, enable the processor to execute the steps of the communication method between cloud platform virtual private networks according to various embodiments of the present invention described in the above "Exemplary Method" section of this specification.
根据本发明的另一个方面,提供了一种电子设备,电子设备包括:处理器;用于存储处理器可执行指令的存储器;处理器,用于执行上述任一实施例的云平台虚拟私有网络间的通信方法。According to another aspect of the present invention, an electronic device is provided, the electronic device comprising: a processor; a memory for storing instructions executable by the processor; and a processor for executing the communication method between cloud platform virtual private networks of any of the above embodiments.
此外,本发明的实施例还可以是计算机可读存储介质,其上存储有计算机程序指令,计算机程序指令在被处理器运行时使得处理器执行本说明书上述“示例性方法”部分中描述的根据本发明各种实施例的云平台虚拟私有网络间的通信方法中的步骤。In addition, an embodiment of the present invention may also be a computer-readable storage medium on which computer program instructions are stored. When the computer program instructions are executed by a processor, the processor executes the steps of the communication method between cloud platform virtual private networks according to various embodiments of the present invention described in the above "Exemplary Method" section of this specification.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明保护的范围之内。The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present invention should be included in the scope of protection of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410926758.1A CN118784565A (en) | 2024-07-11 | 2024-07-11 | A communication method and device between cloud platform virtual private networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410926758.1A CN118784565A (en) | 2024-07-11 | 2024-07-11 | A communication method and device between cloud platform virtual private networks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118784565A true CN118784565A (en) | 2024-10-15 |
Family
ID=92983888
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410926758.1A Pending CN118784565A (en) | 2024-07-11 | 2024-07-11 | A communication method and device between cloud platform virtual private networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118784565A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119276782A (en) * | 2024-11-19 | 2025-01-07 | 天翼云科技有限公司 | Gateway determination method, device, computer equipment and storage medium |
| CN119484132A (en) * | 2024-11-21 | 2025-02-18 | 新华三信息安全技术有限公司 | A network configuration method, device, electronic device and storage medium |
-
2024
- 2024-07-11 CN CN202410926758.1A patent/CN118784565A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119276782A (en) * | 2024-11-19 | 2025-01-07 | 天翼云科技有限公司 | Gateway determination method, device, computer equipment and storage medium |
| CN119484132A (en) * | 2024-11-21 | 2025-02-18 | 新华三信息安全技术有限公司 | A network configuration method, device, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116057910B (en) | Virtual private cloud communication and configuration method and related device | |
| CN109451084B (en) | A service access method and device | |
| US12081451B2 (en) | Resource placement templates for virtual networks | |
| CN114070723B (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
| US8737388B2 (en) | Method, apparatus and system for processing packets | |
| CN111066301A (en) | Unified security policy on virtual private cloud with overlapping IP address blocks | |
| CN118784565A (en) | A communication method and device between cloud platform virtual private networks | |
| CN110932907B (en) | A Linux container network configuration method and network system | |
| CN116132542B (en) | Container network management method, container network plug-in and related equipment | |
| CN115189920A (en) | Cross-network domain communication method and related device | |
| CN110324244A (en) | A kind of method for routing and server based on Linux virtual server | |
| CN115150327A (en) | An interface setting method, device, device and medium | |
| CN117201574A (en) | A communication method and related products between VPCs based on public cloud | |
| CN114884810A (en) | Network data transmission method, access method and storage medium based on SDN | |
| CN118555166A (en) | A method and device for cross-resource pool layer 2 intercommunication in a cloud network | |
| KR102763960B1 (en) | Method for setting virtual network based on user-defined | |
| CN116915543A (en) | Public cloud-based two-layer cloud private line networking architecture and communication method | |
| CN114938318A (en) | Cross-regional peer-to-peer connection implementation method based on elastic public network IP | |
| CN114531320A (en) | Communication method, device, equipment, system and computer readable storage medium | |
| CN119094522B (en) | A hybrid cloud network communication method and system based on virtual routing gateway | |
| US11909624B2 (en) | Communication method, apparatus, device, system, and computer-readable storage medium | |
| CN116016320B (en) | Data transmission method, device and computer readable storage medium | |
| CN118353837A (en) | A gateway configuration method, system and medium | |
| CN115665167A (en) | Intelligent Internet of things system building method based on peer-to-peer network and related equipment | |
| CN116915704A (en) | Method and implementation system for floating IP to access external networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |