[go: up one dir, main page]

WO2016177207A1 - Method and system for isolating control plane and service plane, server and cloud computation platform - Google Patents

Method and system for isolating control plane and service plane, server and cloud computation platform Download PDF

Info

Publication number
WO2016177207A1
WO2016177207A1 PCT/CN2016/077743 CN2016077743W WO2016177207A1 WO 2016177207 A1 WO2016177207 A1 WO 2016177207A1 CN 2016077743 W CN2016077743 W CN 2016077743W WO 2016177207 A1 WO2016177207 A1 WO 2016177207A1
Authority
WO
WIPO (PCT)
Prior art keywords
control plane
plane
virtual
service
correspondence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/077743
Other languages
French (fr)
Chinese (zh)
Inventor
徐斌斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2016177207A1 publication Critical patent/WO2016177207A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the present invention relates to the field of service chain technology under SDN (Software Defined Network), and particularly relates to a method and system for separating a control plane and a service plane, a server, and a cloud computing platform.
  • SDN Software Defined Network
  • OpenStack As an open source virtualized cloud computing platform, OpenStack stands out from many virtualization platforms because of its advantages of on-demand, self-help, resource pool and flexibility. It has won the support and favor of many manufacturers around the world.
  • SDN is a network defined by OpenFlow software. Users can define logical network topologies based on unified network interfaces according to different network resource requirements. You can realize network resource pooling and on-demand without needing to care about the physical topology of the underlying network. Flexible function.
  • OpenStack The combination of OpenStack and SDN can largely meet the requirements of virtual resources for network resources in the current IT and CT fields, and fully pool the network resources, and can flexibly deploy according to the needs of users. All services of the user can be deployed on the virtual machine managed by OpenStack. At the same time, the service packet flows to receive SDN management.
  • the SDN mainly completes the related functions of the network control plane.
  • the SDN is required to divert the control plane message to the virtual machine that implements functions such as firewall and LB according to the business logic sequence to implement the service chain.
  • each function module needs to analyze and process the service packets flowing through according to certain rules.
  • the virtual machine needs to support both the control plane function delivered by the rule and the service plane function of the service packet forwarding.
  • the control plane rule is a prerequisite for the virtual machine to process service packets.
  • the control plane rules cannot be delivered or updated due to traffic on the service plane. Therefore, such a virtual machine is required to implement control plane and business plane separation, and ensure that the control plane rules are issued and updated successfully.
  • the virtual machine under OpenStack does not have a virtual interface that is directly connected to the control plane network.
  • the control plane needs to be connected to the same virtual bridge as the service plane.
  • the control plane and the service plane traffic in the virtual machine cannot be absolutely separated.
  • the main purpose of the embodiments of the present invention is to solve the technical problem that the control plane and the service plane traffic are absolutely separated in the virtual machine in the prior art.
  • a method for separating a control plane and a service plane includes the following steps:
  • the server creates a service plane virtual bridge and a control plane virtual bridge according to user instructions
  • the cloud computing platform creates a business plane logical network and a control plane logical port according to user instructions; and configures a business plane virtual network card and a control plane virtual network card;
  • the virtual machine of the server is deployed according to the first correspondence relationship and the second corresponding relationship, so that the separation of the control plane and the service plane traffic in the deployed virtual machine is implemented.
  • the first corresponding relationship between the service plane virtual network card, the service plane logical network, the service plane virtual bridge, and the control plane virtual network card, the control plane logical port, and the The second correspondence between the control plane virtual bridges includes:
  • the step of the cloud computing platform to create a control plane logical port comprises:
  • the cloud computing platform creates a control plane logical network, and creates the control plane logical port under the control plane logical network, and defines a virtual network card network port type corresponding to the control plane logical port as the first type.
  • the step of the cloud computing platform establishing the fourth correspondence between the control plane virtual network card and the control plane logical port comprises:
  • the cloud computing platform generates a universally unique identifier of the control plane logical port, and adds the universal unique identifier to the control plane virtual network card;
  • the cloud computing platform defines a virtual network card network port type corresponding to the control plane logical port as the first type.
  • the steps include:
  • the virtual computing network port type corresponding to the logical port of the control plane is a first type, and the virtual network port type corresponding to the logical port of the control plane is a first type;
  • the method further includes: marking, in the sixth correspondence, the network port of the control plane virtual bridge For the first type.
  • the network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence are all marked as the first type;
  • the step of the cloud computing platform deploying the virtual machine of the server according to the first correspondence relationship and the second corresponding relationship, and implementing the separation of the control plane and the service plane traffic in the deployed virtual machine includes:
  • the network computing platform according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port and the network port of the control plane virtual bridge according to the second corresponding relationship All are the first type, generating a virtual machine deployment file;
  • the virtual machine of the server is deployed to implement separation of control plane and service plane traffic in the deployed virtual machine.
  • the step of the cloud computing platform establishing the third correspondence between the service plane virtual network card and the service plane logical network includes:
  • the server is multiple, and each server is configured with the virtual plane bridge of the service plane and a virtual bridge of the control plane;
  • the cloud computing platform further includes: before the step of creating a service plane logical network and a control plane logical port according to user instructions:
  • the cloud computing platform creates a server set, and adds all servers that have a business plane virtual bridge and a control plane virtual bridge to the server set;
  • the step of the cloud computing platform deploying the virtual machine of the server according to the first correspondence relationship and the second corresponding relationship, and implementing the separation of the control plane and the service plane traffic in the deployed virtual machine includes:
  • the cloud computing platform selects a server from the server set according to the user's selection instruction, deploys a virtual machine of the selected server according to the first correspondence and the second correspondence, and implements the deployed virtual machine. Separation of traffic between the control plane and the business plane.
  • an embodiment of the present invention further provides a system for separating a control plane and a service plane, where the control plane and the service plane are separated: a server and a cloud computing platform;
  • the server is configured to create a service plane virtual bridge and a control plane virtual bridge according to the user instruction
  • the cloud computing platform is configured to create a business plane logical network and a control plane logical port according to the user instruction; configure a service plane virtual network card and a control plane virtual network card; establish the service plane virtual network card, the service plane logical network, and the a first correspondence between the three virtual network bridges, and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; according to the first correspondence And the second corresponding relationship, the virtual machine of the server is deployed, and the separation of the control plane and the service plane traffic in the deployed virtual machine is implemented.
  • the cloud computing platform is configured to establish a third correspondence between the service plane virtual network card and the service plane logical network, and a fourth correspondence between the control plane virtual network card and the control plane logical port; Establishing a fifth correspondence between the service plane logical network and the service plane virtual bridge, and a sixth correspondence between the control plane logical port and the control plane virtual bridge; according to the third correspondence and Establishing, by the fifth correspondence, a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge; according to the fourth correspondence and the sixth correspondence Relationship: establishing a second correspondence between the control plane virtual network card, the logical port, and the virtual bridge.
  • the cloud computing platform is configured to create a control plane logical network, and the control plane logical port is created under the control plane logical network, and the virtual network card network port type corresponding to the control plane logical port is defined as One type.
  • the cloud computing platform is further configured to generate a universally unique identifier of the control plane logical port, add the universal unique identifier to the control plane virtual network card; and establish according to the universal unique identifier
  • the fourth corresponding relationship between the virtual network card of the control plane and the logical port of the control plane, and the virtual network card network port of the control plane is marked as the first type in the fourth correspondence.
  • the cloud computing platform is further configured to: according to the virtual network card network port type corresponding to the control plane logical port, the first type, and the virtual bridge network port type corresponding to the control plane logical port is defined as the first type.
  • the network port of the control plane virtual bridge is marked as the first type in the sixth correspondence.
  • the network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence are all marked as the first type;
  • the cloud computing platform is further configured to: according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port in the second corresponding relationship, and the control plane virtual network
  • the network ports of the bridge are all of the first type, and the virtual machine deployment file is generated; and the virtual machine of the server is deployed according to the virtual machine deployment file, so that the control plane and the service plane traffic are separated in the deployed virtual machine.
  • the cloud computing platform is further configured to generate a first universal unique identifier of the business plane logical network, and add the first universal unique identifier to the business plane virtual network card, according to the first universal
  • the unique identifier establishes a third correspondence between the virtual network card of the service plane and the logical network of the service plane.
  • the server is multiple, and each server is configured with a service plane virtual bridge and a control plane virtual bridge;
  • the cloud computing platform is further configured to: when the server is multiple, create a server set, add all servers that create a service plane virtual bridge, a control plane virtual bridge to the server set; and according to the user Selecting a server, selecting a server from the set of servers, deploying a virtual machine of the selected server according to the first correspondence and the second correspondence, and implementing control plane and service plane traffic in the deployed virtual machine Separation.
  • an embodiment of the present invention further provides a server, where the server is the server described above.
  • a computer storage medium is further provided, and the computer storage medium may store an execution instruction for executing the method for separating the control plane and the service plane in the foregoing embodiment.
  • a method and system for separating a control plane and a service plane, a server, and a cloud computing platform are provided by the server according to a user instruction, and a virtual bridge of a service plane and a virtual bridge of a control plane are created by the server;
  • the cloud computing platform is User instructions, creating a business plane logical network, a control plane logical port; configuring a service plane virtual network card and a control plane virtual network card; establishing the service plane virtual network card, the service plane logical network, and the service plane virtual bridge a first correspondence relationship; and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; according to the first correspondence relationship and the second correspondence relationship,
  • the manner of deploying the virtual machine of the server is such that the service plane packet and the control plane packet of the server virtual machine are respectively forwarded through corresponding forwarding paths, thereby implementing control plane and service plane traffic in the deployed virtual machine. Absolute separation.
  • FIG. 2 is a schematic diagram of a specific refinement process of step S30 in FIG. 1;
  • step S40 in FIG. 1 is a schematic diagram of a specific refinement process of step S40 in FIG. 1;
  • FIG. 4 is a schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention
  • FIG. 5 is another schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention.
  • the step of creating a control plane logical port by the cloud computing platform in the step S20 includes: creating, by the cloud computing platform, a control plane logical network, creating the control plane logical port under the control plane logic network, and defining the The type of the virtual NIC network port corresponding to the control plane logical port is the first type.
  • the virtual network card network port type corresponding to the logical port of the control plane is defined as the first type
  • the legality of the first type of the virtual network network port corresponding to the logical port of the control plane is also required, and the The control plane logical port is stored in the database for subsequent deployment server virtual machine calls.
  • the virtual network card network port type vnic_type corresponding to the control plane logical port Port-ctrl is ctrl type; the vnic_type corresponding to the Port-ctrl is ctrl type legality, and Port-ctrl is stored in the database for subsequent deployment server virtual machine calls.
  • Step S30 establishing a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge, and the control plane virtual network card, the control plane logical port, and the control plane The second correspondence of the virtual bridges.
  • FIG. 2 is a schematic diagram of a specific refinement process of step S30 in FIG.
  • the step S30 includes:
  • the step of establishing, by the cloud computing platform in the step S31, the third correspondence between the service plane virtual network card and the service plane logical network includes: processing, by the cloud computing platform, the first universal of the service plane logic network a unique identifier, the first universal unique identifier is added to the service plane virtual network card, and the third correspondence between the service plane virtual network card and the service plane logical network is established according to the first universal unique identifier .
  • the step of establishing, by the cloud computing platform in the step S31, the fourth correspondence between the virtual network card of the control plane and the logical port of the control plane includes: processing, by the cloud computing platform, a universal unique identifier of the logical port of the control plane , for the control plane virtual network card add A universally unique identifier.
  • the control plane virtual network card network port type corresponding to the control plane logical port is defined as the first type. Therefore, after establishing the fourth correspondence between the control plane virtual network card and the control plane logical port, the control plane virtual network card network port type should be marked as the first type. Therefore, the control plane virtual network card network port needs to be marked into the first type in the fourth correspondence, wherein the first type may be the ctrl type described above.
  • the cloud computing platform further includes: processing, by the cloud computing platform, according to the logical port of the control plane
  • the virtual network card network port type is the first type
  • the virtual bridge network port type corresponding to the control plane logical port is defined as the first type. That is, the virtual network card network port type and the virtual bridge network port type corresponding to the logical port of the control plane are all defined as the first type. For example, vnic_type and vif_type corresponding to the control plane logical port whose name is Port-ctrl are ctrl type.
  • the method further includes: processing, by the cloud computing platform, the network port of the control plane virtual bridge in the sixth correspondence relationship to be a first type;
  • the network port that marks the virtual bridge of the control plane in the corresponding relationship is of the ctrl type.
  • the foregoing step defines that the type of the virtual bridge network port corresponding to the logical port of the control plane is the first type. Therefore, after establishing the sixth correspondence between the control plane logical port and the control plane virtual bridge, the control plane virtual bridge network port type should be marked as the first type. Therefore, the control plane virtual bridge network port needs to be marked as the first type in the sixth correspondence, wherein the first type may be the ctrl type described above.
  • Step S33 Establish a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge according to the third correspondence relationship and the fifth correspondence relationship;
  • the fourth correspondence relationship and the sixth correspondence relationship establish a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge.
  • the network port of the control plane virtual network card and the network port of the virtual bridge in the second correspondence relationship are all marked as the first type.
  • Step S40 The virtual machine of the server is deployed according to the first correspondence relationship and the second corresponding relationship, so as to separate the control plane and the service plane traffic in the deployed virtual machine.
  • FIG. 3 is a schematic diagram of a specific refinement process of step S40 in FIG.
  • the step S40 includes:
  • step S42 the virtual machine of the server is deployed according to the virtual machine deployment file, so that the control plane and the service plane traffic are separated in the deployed virtual machine.
  • a first correspondence of the one-to-one correspondence between the service plane virtual bridge and the service plane virtual network card and the service plane logical network in the server is recorded; And recording a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge.
  • the cloud computing platform may determine, according to the first correspondence, a forwarding path of the service plane packet, and determine, according to the second correspondence, a forwarding path of the control plane packet. Deploying the server virtual machine according to the service plane packet forwarding path and the control plane packet forwarding path, so as to forward the forwarding service plane packet according to the service plane packet, and forward the packet according to the control plane packet forwarding path.
  • the control plane message is controlled, so that the separation of the control plane and the service plane traffic in the server virtual machine can be realized.
  • the virtual machine deployment file is an xml format file.
  • the server may be multiple, and each server creates a service plane virtual bridge and a control plane virtual bridge.
  • the method for separating the control plane and the service plane provided by the embodiment of the present invention, before the step of creating a business plane logical network and a control plane logical port according to the user instruction by the cloud computing platform
  • the method further includes the following steps: the cloud computing platform creates a server set, and adds all servers that create a business plane virtual bridge and a control plane virtual bridge to the server set.
  • the step S60 is: the cloud computing platform selects a server from the server set according to the user's selection instruction, and deploys the virtual machine of the selected server according to the first correspondence and the second correspondence. To achieve separation of control plane and service plane traffic in the deployed virtual machine.
  • the cloud computing platform 120 is configured to create a service plane logical network and a control plane logical port according to a user instruction; configure a service plane virtual network card and a control plane virtual network card; and establish the service plane virtual network card, the service plane logic a first correspondence between the network and the virtual bridge of the service plane, and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; The first corresponding relationship and the second corresponding relationship are used to deploy the virtual machine of the server to implement separation of control plane and service plane traffic in the deployed virtual machine.
  • the virtual network card network port type vnic_type corresponding to the control plane logical port Port-ctrl is ctrl type; the vnic_type corresponding to the Port-ctrl is ctrl type legality, and Port-ctrl is stored in the database for subsequent deployment server virtual machine calls.
  • the cloud computing platform 120 is further configured to generate a universally unique identifier of the control plane logical port, add the universally unique identifier to the control plane virtual network card; and establish the according to the universally unique identifier
  • the fourth corresponding relationship between the virtual network card of the control plane and the logical port of the control plane, and the virtual network card network port of the control plane is marked as the first type in the fourth correspondence.
  • the virtual network card network port type corresponding to the control plane logical port is defined as the first type. Therefore, after establishing the fourth correspondence between the control plane virtual network card and the control plane logical port, the control plane virtual network card network port type should be marked as the first type. Therefore, the control plane virtual network card network port needs to be marked into the first type in the fourth correspondence, wherein the first type may be the ctrl type described above.
  • the cloud computing platform 120 is further configured to: according to the virtual network card network port type corresponding to the control plane logical port, the first type, and the virtual bridge network port type corresponding to the control plane logical port is the first type. That is, the virtual network card network port type and the virtual bridge network port type corresponding to the logical port of the control plane are all defined as the first type. For example, vnic_type and vif_type corresponding to the control plane logical port whose name is Port-ctrl are ctrl type. After the cloud computing platform 120 establishes the sixth correspondence between the control plane logical port and the control plane virtual bridge, the network port of the control plane virtual bridge is marked in the sixth correspondence relationship. The first type.
  • the network port of the control plane virtual bridge is marked as ctrl in the sixth correspondence.
  • the virtual bridge network port type corresponding to the control plane logical port is the first type. Therefore, after establishing the sixth correspondence between the control plane logical port and the control plane virtual bridge, the control plane virtual bridge network port type should be marked as the first type. Therefore, the control plane virtual bridge network port needs to be marked as the first type in the sixth correspondence, wherein the first type may be the ctrl type described above.
  • FIG. 5 is another schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention.
  • the control plane and business plane separation system 100 includes a plurality of servers 110 and a cloud computing platform 120.
  • Each server 110 is configured to create a service plane virtual bridge and a control plane virtual bridge.
  • the system for separating the control plane and the service plane creates a service plane virtual bridge and a control plane virtual bridge according to user instructions by the server; the cloud computing platform creates a service plane logic network according to user instructions. a control plane logical port; a service plane virtual network card and a control plane virtual network card; establishing a first corresponding relationship between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge; and the control plane virtual a second correspondence between the network card, the control plane logical port, and the control plane virtual bridge; and the manner in which the virtual machine of the server is deployed according to the first correspondence and the second correspondence
  • the service plane packet and the control plane packet in the server virtual machine are respectively forwarded through the corresponding forwarding paths, so that the control plane and the service plane traffic in the deployed virtual machine are completely separated.
  • the embodiment of the present invention further provides a server, wherein the server provided in this embodiment is the server 110 described in the system 100 with the control plane and the service plane separated, and details are not described herein again.
  • the embodiment of the present invention further provides a cloud computing platform, wherein the cloud computing platform provided by the embodiment is the cloud computing platform 120 in the system 100 of the control plane and the service plane separated, and details are not described herein.
  • the foregoing technical solution provided by the embodiment of the present invention can be applied to a control plane and a service plane separation process, and a server virtual gateway and a control plane virtual bridge are created by the server according to user instructions; the cloud computing platform is configured according to user instructions.
  • the mode of the virtual machine of the server is such that the service plane packet and the control plane packet in the server VM are respectively forwarded through the corresponding forwarding paths, thereby realizing the absolute separation of the control plane and the service plane traffic in the deployed virtual machine.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

Disclosed in the present invention are a method and system for isolating a control plane and a service plane, a server and a cloud computation platform. The method comprises: establishing, by a server, according to a user instruction, a virtual network bridge for a service plane and a virtual network bridge for a control plane; establishing, according to the user instruction, by a cloud computation platform, a logic network for the service plane and a logic port for the control plane; configuring a virtual network card of the service plane and a virtual network card of the control plane; establishing a first corresponding relationship between the virtual network card of the service plane, the logic network of the service plane, and the virtual network bridge of the service plane and a second corresponding relationship between the virtual network card of the control plane, the logic port of the control plane and the virtual network bridge of the control plane; and deploying, according to the first corresponding relationship and the second corresponding relationship, a virtual machine of the server. Also disclosed in the present invention are a system for isolating a control plane and a service plane, a server and a cloud computation platform. The method, system, server and cloud computation platform in the present invention enable a service plane packet and a control plane packet of the deployed virtual machine to be forwarded via respective forwarding paths thereof separately, thus achieving absolute isolation of the traffic of the control plane from that of the service plane.

Description

控制面、业务面分离的方法和系统、服务器、云计算平台Control plane, business plane separation method and system, server, cloud computing platform 技术领域Technical field

本发明涉及SDN(Software Defined Network,软件定义网络)下service chain技术领域,尤其涉及一种控制面、业务面分离的方法和系统、服务器、云计算平台。The present invention relates to the field of service chain technology under SDN (Software Defined Network), and particularly relates to a method and system for separating a control plane and a service plane, a server, and a cloud computing platform.

背景技术Background technique

随着虚拟化技术的不断发展,各种虚拟化技术层出不穷,并逐步在多个重要领域得到应用。With the continuous development of virtualization technology, various virtualization technologies emerge in an endless stream and are gradually applied in many important fields.

OpenStack作为一种开源的虚拟化云计算平台,由于其具有按需、自助、资源池和弹性的优点,从众多虚拟化平台中脱颖而出,得到了全世界广大厂商的支持和青睐。As an open source virtualized cloud computing platform, OpenStack stands out from many virtualization platforms because of its advantages of on-demand, self-help, resource pool and flexibility. It has won the support and favor of many manufacturers around the world.

SDN是一种基于OpenFlow软件定义网络,用户可根据不同的网络资源需求,基于统一的接口来定义逻辑上的网络拓扑,不需要关心底层网络的物理拓扑,即可实现网络资源池化、按需、弹性的功能。SDN is a network defined by OpenFlow software. Users can define logical network topologies based on unified network interfaces according to different network resource requirements. You can realize network resource pooling and on-demand without needing to care about the physical topology of the underlying network. Flexible function.

将OpenStack、SDN二者结合,能够在很大程度上满足当前IT、CT等领域对于网络资源虚拟化的需求,将网络资源完全池化,能够根据用户的需求进行弹性部署。用户所有业务可以部署在OpenStack管理的虚拟机上,同时业务报文流向接受SDN管理,SDN主要完成网络控制面的相关功能。The combination of OpenStack and SDN can largely meet the requirements of virtual resources for network resources in the current IT and CT fields, and fully pool the network resources, and can flexibly deploy according to the needs of users. All services of the user can be deployed on the virtual machine managed by OpenStack. At the same time, the service packet flows to receive SDN management. The SDN mainly completes the related functions of the network control plane.

业务报文在网络中传递时,需要按照一定的逻辑顺序经过不同的业务节点(如防火墙、LB)才能满足业务的功能要求。因此在OpenStack中部署的虚拟机中,也需要SDN按照业务逻辑顺序将控制面报文引流到相应实现防火墙、LB等功能的虚拟机中,实现service chain(服务链)。When a service packet is transmitted in the network, it needs to pass through different service nodes (such as firewalls and LBs) in a certain logical order to meet the functional requirements of the service. Therefore, in the virtual machine deployed in the OpenStack, the SDN is required to divert the control plane message to the virtual machine that implements functions such as firewall and LB according to the business logic sequence to implement the service chain.

在实现防火墙、LB等功能的虚拟机中,各个功能模块需要按照一定的规则对流经的业务报文进行分析处理。虚拟机需要同时支持规则下发的控制面功能和业务报文处理转发的业务面功能。控制面规则是虚拟机处理业务报文的必要条件,不能因业务面报文的流量导致控制面规则下发、更新失败。因此要求这类虚拟机实现控制面、业务面分离,确保控制面规则下发与更新成功。但目前的OpenStack下的虚拟机没有与控制面网络直通的虚拟接口,控制面需要和业务面连通到同一个虚拟网桥,无法实现虚拟机中控制面与业务面流量绝对分离。In a virtual machine that implements functions such as firewall and LB, each function module needs to analyze and process the service packets flowing through according to certain rules. The virtual machine needs to support both the control plane function delivered by the rule and the service plane function of the service packet forwarding. The control plane rule is a prerequisite for the virtual machine to process service packets. The control plane rules cannot be delivered or updated due to traffic on the service plane. Therefore, such a virtual machine is required to implement control plane and business plane separation, and ensure that the control plane rules are issued and updated successfully. However, the virtual machine under OpenStack does not have a virtual interface that is directly connected to the control plane network. The control plane needs to be connected to the same virtual bridge as the service plane. The control plane and the service plane traffic in the virtual machine cannot be absolutely separated.

发明内容Summary of the invention

本发明实施例的主要目的在于解决现有技术中无法实现虚拟机中控制面与业务面流量绝对分离的的技术问题。 The main purpose of the embodiments of the present invention is to solve the technical problem that the control plane and the service plane traffic are absolutely separated in the virtual machine in the prior art.

为实现上述目的,本发明实施例提供的一种控制面、业务面分离的方法,所述控制面、业务面分离的方法包括以下步骤:To achieve the above object, a method for separating a control plane and a service plane according to an embodiment of the present invention, the method for separating the control plane and the service plane includes the following steps:

服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;The server creates a service plane virtual bridge and a control plane virtual bridge according to user instructions;

云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;The cloud computing platform creates a business plane logical network and a control plane logical port according to user instructions; and configures a business plane virtual network card and a control plane virtual network card;

建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;Establishing a first mapping relationship between the service plane virtual network card, the service plane logical network, the service plane virtual bridge, and the control plane virtual network card, the control plane logical port, and the control plane virtual bridge The second correspondence of the three;

根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The virtual machine of the server is deployed according to the first correspondence relationship and the second corresponding relationship, so that the separation of the control plane and the service plane traffic in the deployed virtual machine is implemented.

优选地,所述建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系包括:Preferably, the first corresponding relationship between the service plane virtual network card, the service plane logical network, the service plane virtual bridge, and the control plane virtual network card, the control plane logical port, and the The second correspondence between the control plane virtual bridges includes:

建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系、所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系;Establishing a third correspondence between the virtual network card of the service plane and the logical network of the service plane, and a fourth correspondence between the virtual network card of the control plane and the logical port of the control plane;

建立所述业务面逻辑网络与所述业务面虚拟网桥的第五对应关系,以及所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系;Establishing a fifth correspondence between the service plane logical network and the service plane virtual bridge, and a sixth correspondence between the control plane logical port and the control plane virtual bridge;

根据所述第三对应关系和所述第五对应关系,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系;Establishing a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge according to the third correspondence relationship and the fifth correspondence relationship;

根据所述第四对应关系和所述第六对应关系,建立所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系。And establishing, according to the fourth correspondence relationship and the sixth correspondence relationship, a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge.

优选地,所述云计算平台创建一控制面逻辑端口的步骤包括:Preferably, the step of the cloud computing platform to create a control plane logical port comprises:

所述云计算平台创建一控制面逻辑网络,在所述控制面逻辑网络下创建所述控制面逻辑端口,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。The cloud computing platform creates a control plane logical network, and creates the control plane logical port under the control plane logical network, and defines a virtual network card network port type corresponding to the control plane logical port as the first type.

优选地,所述云计算平台建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系的步骤包括:Preferably, the step of the cloud computing platform establishing the fourth correspondence between the control plane virtual network card and the control plane logical port comprises:

所述云计算平台生成所述控制面逻辑端口的通用唯一标识符,为所述控制面虚拟网卡添加所述通用唯一标识符;The cloud computing platform generates a universally unique identifier of the control plane logical port, and adds the universal unique identifier to the control plane virtual network card;

根据所述通用唯一标识符,建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系,在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型。And establishing, according to the universal unique identifier, a fourth correspondence between the control plane virtual network card and the control plane logical port, and marking, in the fourth correspondence, the control plane virtual network card network port as the first type.

优选地,所述云计算平台定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型 的步骤之后还包括:Preferably, the cloud computing platform defines a virtual network card network port type corresponding to the control plane logical port as the first type. After the steps include:

所述云计算平台根据所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型,定义所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型;The virtual computing network port type corresponding to the logical port of the control plane is a first type, and the virtual network port type corresponding to the logical port of the control plane is a first type;

所述云计算平台建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系的步骤之后还包括:在所述第六对应关系中标记所述控制面虚拟网桥的网口为第一类型。After the step of establishing, by the cloud computing platform, the sixth corresponding relationship between the control plane logical port and the control plane virtual bridge, the method further includes: marking, in the sixth correspondence, the network port of the control plane virtual bridge For the first type.

优选地,所述第二对应关系中所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均标记为第一类型;Preferably, the network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence are all marked as the first type;

所述云计算平台根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离的步骤包括:The step of the cloud computing platform deploying the virtual machine of the server according to the first correspondence relationship and the second corresponding relationship, and implementing the separation of the control plane and the service plane traffic in the deployed virtual machine includes:

所述云计算平台根据所述第一对应关系、以及根据所述第二对应关系中所述控制面逻辑端口对应的所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均为第一类型,生成虚拟机部署文件;The network computing platform according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port and the network port of the control plane virtual bridge according to the second corresponding relationship All are the first type, generating a virtual machine deployment file;

根据所述虚拟机部署文件,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。According to the virtual machine deployment file, the virtual machine of the server is deployed to implement separation of control plane and service plane traffic in the deployed virtual machine.

优选地,所述云计算平台建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系的步骤包括:Preferably, the step of the cloud computing platform establishing the third correspondence between the service plane virtual network card and the service plane logical network includes:

所述云计算平台生成所述业务面逻辑网络的第一通用唯一标识符,为所述业务面虚拟网卡添加所述第一通用唯一标识符,根据所述第一通用唯一标识符,建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系。Generating, by the cloud computing platform, a first universal unique identifier of the business plane logical network, adding the first universal unique identifier to the business plane virtual network card, and establishing the according to the first universal unique identifier The third correspondence between the virtual NIC of the service plane and the logical network of the service plane.

优选地,所述服务器为多个,每个服务器均创建有所述一业务面虚拟网桥、一控制面虚拟网桥;Preferably, the server is multiple, and each server is configured with the virtual plane bridge of the service plane and a virtual bridge of the control plane;

当所述服务器为多个时,所述云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口的步骤之前还包括:When the number of the server is multiple, the cloud computing platform further includes: before the step of creating a service plane logical network and a control plane logical port according to user instructions:

云计算平台创建服务器集合,将创建有一业务面虚拟网桥、一控制面虚拟网桥的所有服务器添加至所述服务器集合;The cloud computing platform creates a server set, and adds all servers that have a business plane virtual bridge and a control plane virtual bridge to the server set;

所述云计算平台根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离的步骤包括:The step of the cloud computing platform deploying the virtual machine of the server according to the first correspondence relationship and the second corresponding relationship, and implementing the separation of the control plane and the service plane traffic in the deployed virtual machine includes:

所述云计算平台根据用户的选择指令,从所述服务器集合中选择一服务器,根据所述第一对应关系和所述第二对应关系,部署所选服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。 The cloud computing platform selects a server from the server set according to the user's selection instruction, deploys a virtual machine of the selected server according to the first correspondence and the second correspondence, and implements the deployed virtual machine. Separation of traffic between the control plane and the business plane.

此外,为实现上述目的,本发明实施例还提供一种控制面、业务面分离的系统,所述控制面、业务面分离的系统包括:服务器、云计算平台;In addition, in order to achieve the above object, an embodiment of the present invention further provides a system for separating a control plane and a service plane, where the control plane and the service plane are separated: a server and a cloud computing platform;

服务器,设置为根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;The server is configured to create a service plane virtual bridge and a control plane virtual bridge according to the user instruction;

云计算平台,设置为根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥三者的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform is configured to create a business plane logical network and a control plane logical port according to the user instruction; configure a service plane virtual network card and a control plane virtual network card; establish the service plane virtual network card, the service plane logical network, and the a first correspondence between the three virtual network bridges, and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; according to the first correspondence And the second corresponding relationship, the virtual machine of the server is deployed, and the separation of the control plane and the service plane traffic in the deployed virtual machine is implemented.

优选地,所述云计算平台,设置为建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系、所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系;建立所述业务面逻辑网络与所述业务面虚拟网桥的第五对应关系,以及所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系;根据所述第三对应关系和所述第五对应关系,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥三者的第一对应关系;根据所述第四对应关系和所述第六对应关系,建立所述控制面虚拟网卡、所述逻辑端口、所述虚拟网桥三者的第二对应关系。Preferably, the cloud computing platform is configured to establish a third correspondence between the service plane virtual network card and the service plane logical network, and a fourth correspondence between the control plane virtual network card and the control plane logical port; Establishing a fifth correspondence between the service plane logical network and the service plane virtual bridge, and a sixth correspondence between the control plane logical port and the control plane virtual bridge; according to the third correspondence and Establishing, by the fifth correspondence, a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge; according to the fourth correspondence and the sixth correspondence Relationship: establishing a second correspondence between the control plane virtual network card, the logical port, and the virtual bridge.

优选地,所述云计算平台,设置为创建一控制面逻辑网络,在所述控制面逻辑网络下创建所述控制面逻辑端口,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。Preferably, the cloud computing platform is configured to create a control plane logical network, and the control plane logical port is created under the control plane logical network, and the virtual network card network port type corresponding to the control plane logical port is defined as One type.

优选地,所述云计算平台,还设置为生成所述控制面逻辑端口的通用唯一标识符,为所述控制面虚拟网卡添加所述通用唯一标识符;以及根据所述通用唯一标识符,建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系,在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型。Preferably, the cloud computing platform is further configured to generate a universally unique identifier of the control plane logical port, add the universal unique identifier to the control plane virtual network card; and establish according to the universal unique identifier The fourth corresponding relationship between the virtual network card of the control plane and the logical port of the control plane, and the virtual network card network port of the control plane is marked as the first type in the fourth correspondence.

优选地,所述云计算平台,还设置为根据所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型,定义所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型;并在建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系后,在所述第六对应关系中标记所述控制面虚拟网桥的网口为第一类型。Preferably, the cloud computing platform is further configured to: according to the virtual network card network port type corresponding to the control plane logical port, the first type, and the virtual bridge network port type corresponding to the control plane logical port is defined as the first type. After the sixth correspondence between the control plane logical port and the control plane virtual bridge is established, the network port of the control plane virtual bridge is marked as the first type in the sixth correspondence.

优选地,所述第二对应关系中所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均标记为第一类型;Preferably, the network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence are all marked as the first type;

所述云计算平台,还设置为根据所述第一对应关系、以及根据所述第二对应关系中所述控制面逻辑端口对应的所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均为第一类型,生成虚拟机部署文件;以及根据所述虚拟机部署文件,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform is further configured to: according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port in the second corresponding relationship, and the control plane virtual network The network ports of the bridge are all of the first type, and the virtual machine deployment file is generated; and the virtual machine of the server is deployed according to the virtual machine deployment file, so that the control plane and the service plane traffic are separated in the deployed virtual machine.

优选地,所述云计算平台,还设置为生成所述业务面逻辑网络的第一通用唯一标识符,为所述业务面虚拟网卡添加所述第一通用唯一标识符,根据所述第一通用唯一标识符,建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系。 Preferably, the cloud computing platform is further configured to generate a first universal unique identifier of the business plane logical network, and add the first universal unique identifier to the business plane virtual network card, according to the first universal The unique identifier establishes a third correspondence between the virtual network card of the service plane and the logical network of the service plane.

优选地,所述服务器为多个,每个服务器均创建有一业务面虚拟网桥、一控制面虚拟网桥;Preferably, the server is multiple, and each server is configured with a service plane virtual bridge and a control plane virtual bridge;

所述云计算平台,还设置为当所述服务器为多个时,创建服务器集合,将创建有一业务面虚拟网桥、一控制面虚拟网桥的所有服务器添加至所述服务器集合;以及根据用户的选择指令,从所述服务器集合中选择一服务器,根据所述第一对应关系和所述第二对应关系,部署所选服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform is further configured to: when the server is multiple, create a server set, add all servers that create a service plane virtual bridge, a control plane virtual bridge to the server set; and according to the user Selecting a server, selecting a server from the set of servers, deploying a virtual machine of the selected server according to the first correspondence and the second correspondence, and implementing control plane and service plane traffic in the deployed virtual machine Separation.

此外,为实现上述目的,本发明实施例还提供一种服务器,其中,所述服务器为以上所述的服务器。In addition, in order to achieve the above object, an embodiment of the present invention further provides a server, where the server is the server described above.

此外,为实现上述目的,本发明实施例还提供一种云计算平台,其中,所述云计算平台为以上所述的云计算平台。In addition, in order to achieve the above object, an embodiment of the present invention further provides a cloud computing platform, where the cloud computing platform is the cloud computing platform described above.

在本发明实施例中,还提供了一种计算机存储介质,该计算机存储介质可以存储有执行指令,该执行指令用于执行上述实施例中的控制面、业务面分离的方法。In the embodiment of the present invention, a computer storage medium is further provided, and the computer storage medium may store an execution instruction for executing the method for separating the control plane and the service plane in the foregoing embodiment.

本发明实施例提供的一种控制面、业务面分离的方法和系统、服务器、云计算平台,通过服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系;以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机的方式,使得所述服务器虚拟机中的业务面报文、控制面报文分别通过各自对应的转发路径转发,从而实现所部署的虚拟机中控制面、业务面流量的绝对分离。A method and system for separating a control plane and a service plane, a server, and a cloud computing platform are provided by the server according to a user instruction, and a virtual bridge of a service plane and a virtual bridge of a control plane are created by the server; the cloud computing platform is User instructions, creating a business plane logical network, a control plane logical port; configuring a service plane virtual network card and a control plane virtual network card; establishing the service plane virtual network card, the service plane logical network, and the service plane virtual bridge a first correspondence relationship; and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; according to the first correspondence relationship and the second correspondence relationship, The manner of deploying the virtual machine of the server is such that the service plane packet and the control plane packet of the server virtual machine are respectively forwarded through corresponding forwarding paths, thereby implementing control plane and service plane traffic in the deployed virtual machine. Absolute separation.

附图说明DRAWINGS

图1为本发明实施例的控制面、业务面分离的方法一实施例的流程示意图;1 is a schematic flowchart of a method for separating a control plane and a service plane according to an embodiment of the present invention;

图2为图1中步骤S30的具体细化流程示意图;2 is a schematic diagram of a specific refinement process of step S30 in FIG. 1;

图3为图1中步骤S40的具体细化流程示意图;3 is a schematic diagram of a specific refinement process of step S40 in FIG. 1;

图4为本发明实施例的控制面、业务面分离的系统一实施例结构示意图;4 is a schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention;

图5为本发明实施例的控制面、业务面分离的系统实施例的另一结构示意图。FIG. 5 is another schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention.

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。 The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.

具体实施方式detailed description

以下结合说明书附图对本发明的优选实施例进行说明,应当理解,此处所描述的优选实施例仅用于说明和解释本发明,并不用于限定本发明,并且在不冲突的情况下,本发明中的实施例及实施例中的特征可以相互组合。The preferred embodiments of the present invention are described in conjunction with the accompanying drawings, and the preferred embodiments described herein are intended to illustrate and explain the invention, and not to limit the invention, and The embodiments and the features in the embodiments can be combined with each other.

本发明实施例提供一种控制面、业务面分离的方法。参照图1,图1为本发明实施例的控制面、业务面分离的方法一实施例的流程示意图。在一实施例中,所述控制面、业务面分离的方法包括:Embodiments of the present invention provide a method for separating a control plane and a service plane. Referring to FIG. 1, FIG. 1 is a schematic flowchart of a method for separating a control plane and a service plane according to an embodiment of the present invention. In an embodiment, the method for separating the control plane and the service plane includes:

步骤S10、服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥。Step S10: The server creates a service plane virtual bridge and a control plane virtual bridge according to the user instruction.

本实施例中,为了实现所述服务器虚拟机中控制面和业务面流量的分离,所述服务器需要创建一个业务面虚拟网桥和一个控制面虚拟网桥。In this embodiment, in order to implement separation of control plane and service plane traffic in the server virtual machine, the server needs to create a service plane virtual bridge and a control plane virtual bridge.

步骤S20、云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口,配置业务面虚拟网卡和控制面虚拟网卡。Step S20: The cloud computing platform creates a business plane logical network, a control plane logical port, and configures a service plane virtual network card and a control plane virtual network card according to the user instruction.

本步骤S20中所述云计算平台创建一控制面逻辑端口的步骤包括:所述云计算平台创建一控制面逻辑网络,在所述控制面逻辑网络下创建所述控制面逻辑端口,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。本实施例中在定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型之后,还需授予该控制面逻辑端口对应的虚拟网络网口第一类型的合法性,并将所述控制面逻辑端口存入数据库,以供后续部署服务器虚拟机调用。例如假设所述控制面逻辑端口名称为Port-ctrl,定义控制面逻辑端口Port-ctrl对应的虚拟网卡网口类型vnic_type为ctrl类型;授予Port-ctrl对应的vnic_type为ctrl类型的合法性,并将Port-ctrl存入数据库中,以供后续部署服务器虚拟机调用。The step of creating a control plane logical port by the cloud computing platform in the step S20 includes: creating, by the cloud computing platform, a control plane logical network, creating the control plane logical port under the control plane logic network, and defining the The type of the virtual NIC network port corresponding to the control plane logical port is the first type. In this embodiment, after the virtual network card network port type corresponding to the logical port of the control plane is defined as the first type, the legality of the first type of the virtual network network port corresponding to the logical port of the control plane is also required, and the The control plane logical port is stored in the database for subsequent deployment server virtual machine calls. For example, if the control plane logical port name is Port-ctrl, the virtual network card network port type vnic_type corresponding to the control plane logical port Port-ctrl is ctrl type; the vnic_type corresponding to the Port-ctrl is ctrl type legality, and Port-ctrl is stored in the database for subsequent deployment server virtual machine calls.

步骤S30、建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系。Step S30, establishing a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge, and the control plane virtual network card, the control plane logical port, and the control plane The second correspondence of the virtual bridges.

参见图2,图2为图1中步骤S30的具体细化流程示意图。所述步骤S30包括:Referring to FIG. 2, FIG. 2 is a schematic diagram of a specific refinement process of step S30 in FIG. The step S30 includes:

步骤S31、建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系、所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系。Step S31: Establish a third correspondence between the virtual network card of the service plane and the logical network of the service plane, and a fourth correspondence between the virtual network card of the control plane and the logical port of the control plane.

本步骤S31中所述云计算平台建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系的步骤包括如下处理:所述云计算平台获取所述业务面逻辑网络的第一通用唯一标识符,为所述业务面虚拟网卡添加所述第一通用唯一标识符,根据所述第一通用唯一标识符,建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系。本步骤S31中所述云计算平台建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系的步骤包括如下处理:所述云计算平台生成所述控制面逻辑端口的通用唯一标识符,为所述控制面虚拟网卡添加所 述通用唯一标识符。根据所述通用唯一标识符,建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系,在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型。本实施例中,由于在所述控制面逻辑网络下创建所述控制面逻辑端口后,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。因此在建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系后,所述控制面虚拟网卡网口类型应该标记为第一类型。因此需要在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型,其中所述第一类型可以为以上所述的ctrl类型。The step of establishing, by the cloud computing platform in the step S31, the third correspondence between the service plane virtual network card and the service plane logical network includes: processing, by the cloud computing platform, the first universal of the service plane logic network a unique identifier, the first universal unique identifier is added to the service plane virtual network card, and the third correspondence between the service plane virtual network card and the service plane logical network is established according to the first universal unique identifier . The step of establishing, by the cloud computing platform in the step S31, the fourth correspondence between the virtual network card of the control plane and the logical port of the control plane includes: processing, by the cloud computing platform, a universal unique identifier of the logical port of the control plane , for the control plane virtual network card add A universally unique identifier. And establishing, according to the universal unique identifier, a fourth correspondence between the control plane virtual network card and the control plane logical port, and marking, in the fourth correspondence, the control plane virtual network card network port as the first type. In this embodiment, after the control plane logical port is created in the control plane logical network, the virtual network card network port type corresponding to the control plane logical port is defined as the first type. Therefore, after establishing the fourth correspondence between the control plane virtual network card and the control plane logical port, the control plane virtual network card network port type should be marked as the first type. Therefore, the control plane virtual network card network port needs to be marked into the first type in the fourth correspondence, wherein the first type may be the ctrl type described above.

步骤S32、建立所述业务面逻辑网络与所述业务面虚拟网桥的第五对应关系,以及建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系。Step S32: Establish a fifth correspondence between the service plane logical network and the service plane virtual bridge, and establish a sixth correspondence between the control plane logical port and the control plane virtual bridge.

本实施例中,所述云计算平台定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型的步骤之后还包括如下处理:所述云计算平台根据所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型,定义所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型。即定义所述控制面逻辑端口对应的虚拟网卡网口类型和虚拟网桥网口类型均为第一类型。如定义名称为Port-ctrl的所述控制面逻辑端口对应的vnic_type和vif_type均为ctrl类型。In this embodiment, after the step of defining the virtual network card network port type corresponding to the logical port of the control plane as the first type, the cloud computing platform further includes: processing, by the cloud computing platform, according to the logical port of the control plane The virtual network card network port type is the first type, and the virtual bridge network port type corresponding to the control plane logical port is defined as the first type. That is, the virtual network card network port type and the virtual bridge network port type corresponding to the logical port of the control plane are all defined as the first type. For example, vnic_type and vif_type corresponding to the control plane logical port whose name is Port-ctrl are ctrl type.

本实施例中在所述步骤S32之后还包括如下处理:所述云计算平台在所述第六对应关系中标记所述控制面虚拟网桥的网口为第一类型;如在所述第六对应关系中标记所述控制面虚拟网桥的网口为ctrl类型。由于前述步骤定义了所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型。因此在建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系后,所述控制面虚拟网桥网口类型应该标记为第一类型。因此需要在所述第六对应关系中标记所述控制面虚拟网桥网口为第一类型,其中所述第一类型可以为以上所述的ctrl类型。In this embodiment, after the step S32, the method further includes: processing, by the cloud computing platform, the network port of the control plane virtual bridge in the sixth correspondence relationship to be a first type; The network port that marks the virtual bridge of the control plane in the corresponding relationship is of the ctrl type. The foregoing step defines that the type of the virtual bridge network port corresponding to the logical port of the control plane is the first type. Therefore, after establishing the sixth correspondence between the control plane logical port and the control plane virtual bridge, the control plane virtual bridge network port type should be marked as the first type. Therefore, the control plane virtual bridge network port needs to be marked as the first type in the sixth correspondence, wherein the first type may be the ctrl type described above.

步骤S33、根据所述第三对应关系和所述第五对应关系,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系;以及根据所述第四对应关系和所述第六对应关系,建立所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系。Step S33: Establish a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge according to the third correspondence relationship and the fifth correspondence relationship; The fourth correspondence relationship and the sixth correspondence relationship establish a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge.

本实施例中,所述第二对应关系中所述控制面虚拟网卡的网口和所述虚拟网桥的网口均标记为第一类型。In this embodiment, the network port of the control plane virtual network card and the network port of the virtual bridge in the second correspondence relationship are all marked as the first type.

步骤S40、根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。Step S40: The virtual machine of the server is deployed according to the first correspondence relationship and the second corresponding relationship, so as to separate the control plane and the service plane traffic in the deployed virtual machine.

参见图3,图3为图1中步骤S40的具体细化流程示意图。所述步骤S40包括:Referring to FIG. 3, FIG. 3 is a schematic diagram of a specific refinement process of step S40 in FIG. The step S40 includes:

步骤S41、所述云计算平台根据所述第一对应关系、以及根据所述第二对应关系中所述控制面逻辑端口对应的所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均为第一类型,生成虚拟机部署文件。Step S41: The cloud computing platform according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port in the second correspondence relationship, and the control plane virtual bridge The network ports are all of the first type, and the virtual machine deployment files are generated.

步骤S42、根据所述虚拟机部署文件,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。 In step S42, the virtual machine of the server is deployed according to the virtual machine deployment file, so that the control plane and the service plane traffic are separated in the deployed virtual machine.

本步骤S41中生成的虚拟机部署文件中,记录有所述服务器中所述业务面虚拟网桥与所述业务面虚拟网卡、以及所述业务面逻辑网络的一一对应的第一对应关系;并记录有所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者间一一对应的第二对应关系。所述云计算平台根据所述第一对应关系可以确定业务面报文的转发路径,以及根据所述第二对应关系可以确定控制面报文的转发路径。根据所述业务面报文转发路径和所述控制面报文转发路径部署所述服务器虚拟机,即可实现根据业务面报文转发路经转发业务面报文,根据控制面报文转发路径转发控制面报文,从而可以实现所述服务器虚拟机中控制面、业务面流量的分离。所述虚拟机部署文件为xml格式文件。In the virtual machine deployment file generated in the step S41, a first correspondence of the one-to-one correspondence between the service plane virtual bridge and the service plane virtual network card and the service plane logical network in the server is recorded; And recording a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge. The cloud computing platform may determine, according to the first correspondence, a forwarding path of the service plane packet, and determine, according to the second correspondence, a forwarding path of the control plane packet. Deploying the server virtual machine according to the service plane packet forwarding path and the control plane packet forwarding path, so as to forward the forwarding service plane packet according to the service plane packet, and forward the packet according to the control plane packet forwarding path. The control plane message is controlled, so that the separation of the control plane and the service plane traffic in the server virtual machine can be realized. The virtual machine deployment file is an xml format file.

本发明实施例中,所述服务器可以为多个,每个服务器均创建有一业务面虚拟网桥、一控制面虚拟网桥。当所述服务器为多个时,本发明实施例所提供控制面、业务面分离的方法中,在所述云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口的步骤之前还包括如下处理:所述云计算平台创建服务器集合,将创建有一业务面虚拟网桥、一控制面虚拟网桥的所有服务器添加至所述服务器集合。另外所述步骤S60为:所述云计算平台根据用户的选择指令,从所述服务器集合中选择一服务器,根据所述第一对应关系和所述第二对应关系,部署所选服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。In the embodiment of the present invention, the server may be multiple, and each server creates a service plane virtual bridge and a control plane virtual bridge. When the number of the server is multiple, in the method for separating the control plane and the service plane provided by the embodiment of the present invention, before the step of creating a business plane logical network and a control plane logical port according to the user instruction by the cloud computing platform The method further includes the following steps: the cloud computing platform creates a server set, and adds all servers that create a business plane virtual bridge and a control plane virtual bridge to the server set. In addition, the step S60 is: the cloud computing platform selects a server from the server set according to the user's selection instruction, and deploys the virtual machine of the selected server according to the first correspondence and the second correspondence. To achieve separation of control plane and service plane traffic in the deployed virtual machine.

上述实施例提供的控制面、业务面分离的方法,通过服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机的方式,使得所述服务器虚拟机中的业务面报文、控制面报文分别通过各自对应的转发路径转发,从而实现所部署的虚拟机中控制面、业务面流量的绝得分离。The method for separating the control plane and the service plane provided by the foregoing embodiment creates a service plane virtual bridge and a control plane virtual bridge according to the user instruction by the server; the cloud computing platform creates a service plane logic network according to the user instruction, a control plane logical port; a service plane virtual network card and a control plane virtual network card; establishing a first corresponding relationship between the service plane virtual network card, the service plane logical network, the service plane virtual bridge, and the control plane virtual a second correspondence between the network card, the control plane logical port, and the control plane virtual bridge; and the manner in which the virtual machine of the server is deployed according to the first correspondence and the second correspondence The service plane packet and the control plane packet in the server virtual machine are respectively forwarded through the corresponding forwarding paths, so that the control plane and the service plane traffic in the deployed virtual machine are completely separated.

本发明实施例进一步提供一种控制面、业务面分离的系统。参照图4,图4为本发明实施例的控制面、业务面分离的系统一实施例结构示意图。在一实施例中,所述控制面、业务面分离的系统100包括:服务器110、云计算平台120。其中,所述服务器110,设置为根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥。所述云计算平台120,设置为根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥三者的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The embodiment of the invention further provides a system for separating the control plane and the service plane. Referring to FIG. 4, FIG. 4 is a schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention. In an embodiment, the control plane and the service plane separation system 100 include: a server 110 and a cloud computing platform 120. The server 110 is configured to create a service plane virtual bridge and a control plane virtual bridge according to user instructions. The cloud computing platform 120 is configured to create a service plane logical network and a control plane logical port according to a user instruction; configure a service plane virtual network card and a control plane virtual network card; and establish the service plane virtual network card, the service plane logic a first correspondence between the network and the virtual bridge of the service plane, and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; The first corresponding relationship and the second corresponding relationship are used to deploy the virtual machine of the server to implement separation of control plane and service plane traffic in the deployed virtual machine.

上述实施例中所述云计算平台120,设置为建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系、所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系;建立所述业务面逻辑网络与所述业务面虚拟网桥的第五对应关系,以及所述控制面逻辑端口与所述控 制面虚拟网桥的第六对应关系;根据所述第三对应关系和所述第五对应关系,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥三者的第一对应关系;根据所述第四对应关系和所述第六对应关系,建立所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系。The cloud computing platform 120 in the foregoing embodiment is configured to establish a third correspondence between the service plane virtual network card and the service plane logical network, and a fourth correspondence between the control plane virtual network card and the control plane logical port. a relationship; establishing a fifth correspondence between the business plane logical network and the business plane virtual bridge, and the control plane logical port and the control Establishing a sixth correspondence of the virtual bridge of the plane; establishing, according to the third correspondence and the fifth correspondence, the virtual network card of the service plane, the logical network of the service plane, and the virtual bridge of the service plane Establishing a first correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge according to the fourth correspondence and the sixth correspondence .

上述实施例中,所述云计算平台120,设置为创建一控制面逻辑网络,在所述控制面逻辑网络下创建所述控制面逻辑端口,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。本实施例中在定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型之后,还需授予控制面逻辑端口对应的虚拟网络网口第一类型的合法性,并将所述控制面逻辑端口存入数据库,以供后续部署服务器虚拟机调用。例如假设所述控制面逻辑端口名称为Port-ctrl,定义控制面逻辑端口Port-ctrl对应的虚拟网卡网口类型vnic_type为ctrl类型;授予Port-ctrl对应的vnic_type为ctrl类型的合法性,并将Port-ctrl存入数据库中,以供后续部署服务器虚拟机调用。In the above embodiment, the cloud computing platform 120 is configured to create a control plane logical network, create the control plane logical port under the control plane logical network, and define a virtual network card network port corresponding to the control plane logical port. The type is the first type. In this embodiment, after the virtual network card network port type corresponding to the logical port of the control plane is defined as the first type, the legality of the first type of the virtual network network port corresponding to the logical port of the control plane is also required, and the control is performed. The logical port is stored in the database for subsequent deployment server virtual machine calls. For example, if the control plane logical port name is Port-ctrl, the virtual network card network port type vnic_type corresponding to the control plane logical port Port-ctrl is ctrl type; the vnic_type corresponding to the Port-ctrl is ctrl type legality, and Port-ctrl is stored in the database for subsequent deployment server virtual machine calls.

所述云计算平台120,还设置为生成所述控制面逻辑端口的通用唯一标识符,为所述控制面虚拟网卡添加所述通用唯一标识符;以及根据所述通用唯一标识符,建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系,在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型。本实施例中,由于在所述控制面逻辑网络下创建所述控制面逻辑端口后,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。因此在建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系后,所述控制面虚拟网卡网口类型应该标记为第一类型。因此需要在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型,其中所述第一类型可以为以上所述的ctrl类型。The cloud computing platform 120 is further configured to generate a universally unique identifier of the control plane logical port, add the universally unique identifier to the control plane virtual network card; and establish the according to the universally unique identifier The fourth corresponding relationship between the virtual network card of the control plane and the logical port of the control plane, and the virtual network card network port of the control plane is marked as the first type in the fourth correspondence. In this embodiment, after the control plane logical port is created in the control plane logical network, the virtual network card network port type corresponding to the control plane logical port is defined as the first type. Therefore, after establishing the fourth correspondence between the control plane virtual network card and the control plane logical port, the control plane virtual network card network port type should be marked as the first type. Therefore, the control plane virtual network card network port needs to be marked into the first type in the fourth correspondence, wherein the first type may be the ctrl type described above.

所述云计算平台120,还设置为根据所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型,定义所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型。即定义所述控制面逻辑端口对应的虚拟网卡网口类型和虚拟网桥网口类型均为第一类型。如定义名称为Port-ctrl的所述控制面逻辑端口对应的vnic_type和vif_type均为ctrl类型。另外所述云计算平台120在建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系后,在所述第六对应关系中标记所述控制面虚拟网桥的网口为第一类型。如在所述第六对应关系中标记所述控制面虚拟网桥的网口为ctrl类型。由于前述定义了所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型。因此在建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系后,所述控制面虚拟网桥网口类型应该标记为第一类型。因此需要在所述第六对应关系中标记所述控制面虚拟网桥网口为第一类型,其中所述第一类型可以为以上所述的ctrl类型。The cloud computing platform 120 is further configured to: according to the virtual network card network port type corresponding to the control plane logical port, the first type, and the virtual bridge network port type corresponding to the control plane logical port is the first type. That is, the virtual network card network port type and the virtual bridge network port type corresponding to the logical port of the control plane are all defined as the first type. For example, vnic_type and vif_type corresponding to the control plane logical port whose name is Port-ctrl are ctrl type. After the cloud computing platform 120 establishes the sixth correspondence between the control plane logical port and the control plane virtual bridge, the network port of the control plane virtual bridge is marked in the sixth correspondence relationship. The first type. For example, the network port of the control plane virtual bridge is marked as ctrl in the sixth correspondence. The virtual bridge network port type corresponding to the control plane logical port is the first type. Therefore, after establishing the sixth correspondence between the control plane logical port and the control plane virtual bridge, the control plane virtual bridge network port type should be marked as the first type. Therefore, the control plane virtual bridge network port needs to be marked as the first type in the sixth correspondence, wherein the first type may be the ctrl type described above.

所述云计算平台120,还设置为生成所述业务面逻辑网络的第一通用唯一标识符,为所述业务面虚拟网卡添加所述第一通用唯一标识符,根据所述第一通用唯一标识符,建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系。The cloud computing platform 120 is further configured to generate a first universal unique identifier of the service plane logical network, and add the first universal unique identifier to the service plane virtual network card, according to the first universal unique identifier And establishing a third correspondence between the virtual network card of the service plane and the logical network of the service plane.

本实施例中所述第二对应关系中所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均标记为第一类型。所述云计算平台120,还设置为根据所述第一对应关系、以及根据所述第二对应关系中所述控制面逻辑端口对应的所述控制面虚拟网卡的网口和所述控制面虚拟网 桥的网口均为第一类型,生成虚拟机部署文件;以及根据所述虚拟机部署文件,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence relationship in the embodiment are all marked as the first type. The cloud computing platform 120 is further configured to: according to the first correspondence, and the virtual network card of the control plane virtual network card corresponding to the control plane logical port in the second corresponding relationship, and the control plane virtual network The network ports of the bridge are all of the first type, and the virtual machine deployment file is generated; and the virtual machine of the server is deployed according to the virtual machine deployment file, so that the control plane and the service plane traffic are separated in the deployed virtual machine.

本实施例中所生成的虚拟机部署文件中,记录有所述服务器中所述业务面虚拟网桥与所述业务面虚拟网卡、以及所述逻辑网络的一一对应第一对应关系;并记录有所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者间一一对应的第二对应关系。所述云计算平台120根据所述第一对应关系可以确定业务面报文的转发路径,以及根据所述第二对应关系可以确定控制面报文的转发路径。根据所述业务面报文转发路径和所述控制面报文转发路径部署所述服务器虚拟机,即可实现根据业务面报文转发路经转发业务面报文,根据控制面报文转发路径转发控制面报文,从而可以实现所述服务器虚拟机中控制面、业务面流量的分离。所述虚拟机部署文件为xml格式文件。In the virtual machine deployment file generated in this embodiment, the first correspondence between the service plane virtual bridge and the service plane virtual network card and the logical network in the server is recorded; and the first correspondence is recorded. There is a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge. The cloud computing platform 120 may determine, according to the first correspondence, a forwarding path of the service plane packet, and determine, according to the second correspondence, a forwarding path of the control plane packet. Deploying the server virtual machine according to the service plane packet forwarding path and the control plane packet forwarding path, so as to forward the forwarding service plane packet according to the service plane packet, and forward the packet according to the control plane packet forwarding path. The control plane message is controlled, so that the separation of the control plane and the service plane traffic in the server virtual machine can be realized. The virtual machine deployment file is an xml format file.

本发明实施例中所述服务器可以为多个,每个服务器均创建有一业务面虚拟网桥、一控制面虚拟网桥。参见图5,图5为本发明实施例的控制面、业务面分离的系统实施例的另一结构示意图。所述控制面、业务面分离的系统100包括多个服务器110和云计算平台120。其中,每个服务器110,均设置为创建一业务面虚拟网桥、一控制面虚拟网桥。所述云计算平台120,还设置为创建服务器集合,将创建有一业务面虚拟网桥、一控制面虚拟网桥的所有服务器添加至所述服务器集合;以及根据用户的选择指令,从所述服务器集合中选择一服务器,根据所述第一对应关系和所述第二对应关系,部署所选服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。In the embodiment of the present invention, there may be multiple servers, and each server is configured with a service plane virtual bridge and a control plane virtual bridge. Referring to FIG. 5, FIG. 5 is another schematic structural diagram of a system for separating a control plane and a service plane according to an embodiment of the present invention. The control plane and business plane separation system 100 includes a plurality of servers 110 and a cloud computing platform 120. Each server 110 is configured to create a service plane virtual bridge and a control plane virtual bridge. The cloud computing platform 120 is further configured to create a server set, add all servers that create a service plane virtual bridge, a control plane virtual bridge to the server set; and according to the user's selection instruction, from the server A server is selected in the set, and the virtual machine of the selected server is deployed according to the first corresponding relationship and the second corresponding relationship, so that the control plane and the service plane traffic are separated in the deployed virtual machine.

上述实施例提供的控制面、业务面分离的系统,通过服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系;以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机的方式,使得所述服务器虚拟机中的业务面报文、控制面报文分别通过各自对应的转发路径转发,从而实现所部署的虚拟机中控制面、业务面流量的绝得分离。The system for separating the control plane and the service plane provided by the foregoing embodiment creates a service plane virtual bridge and a control plane virtual bridge according to user instructions by the server; the cloud computing platform creates a service plane logic network according to user instructions. a control plane logical port; a service plane virtual network card and a control plane virtual network card; establishing a first corresponding relationship between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge; and the control plane virtual a second correspondence between the network card, the control plane logical port, and the control plane virtual bridge; and the manner in which the virtual machine of the server is deployed according to the first correspondence and the second correspondence The service plane packet and the control plane packet in the server virtual machine are respectively forwarded through the corresponding forwarding paths, so that the control plane and the service plane traffic in the deployed virtual machine are completely separated.

本发明实施例进一步提供一种服务器,其中本实施例所提供服务器为上述控制面、业务面分离的系统100中所述的服务器110,在此不再赘述。The embodiment of the present invention further provides a server, wherein the server provided in this embodiment is the server 110 described in the system 100 with the control plane and the service plane separated, and details are not described herein again.

本发明实施例进一步提供一种云计算平台,其中本实施例所提供所述云计算平台为上述控制面、业务面分离的系统100中所述的云计算平台120,在此不再赘述。The embodiment of the present invention further provides a cloud computing platform, wherein the cloud computing platform provided by the embodiment is the cloud computing platform 120 in the system 100 of the control plane and the service plane separated, and details are not described herein.

本发明实施例以上涉及的云计算平台为OpenStack云计算平台。The cloud computing platform involved in the above embodiments is an OpenStack cloud computing platform.

以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。 The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.

工业实用性Industrial applicability

本发明实施例提供的上述技术方案,可以应用于控制面、业务面分离过程中,通过服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系;以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机的方式,使得所述服务器虚拟机中的业务面报文、控制面报文分别通过各自对应的转发路径转发,从而实现所部署的虚拟机中控制面、业务面流量的绝对分离。 The foregoing technical solution provided by the embodiment of the present invention can be applied to a control plane and a service plane separation process, and a server virtual gateway and a control plane virtual bridge are created by the server according to user instructions; the cloud computing platform is configured according to user instructions. Creating a business plane logical network, a control plane logical port, configuring a service plane virtual network card and a control plane virtual network card, and establishing a first correspondence of the service plane virtual network card, the service plane logical network, and the service plane virtual bridge And a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; and deploying the first correspondence and the second correspondence The mode of the virtual machine of the server is such that the service plane packet and the control plane packet in the server VM are respectively forwarded through the corresponding forwarding paths, thereby realizing the absolute separation of the control plane and the service plane traffic in the deployed virtual machine. .

Claims (18)

一种控制面、业务面分离的方法,所述控制面、业务面分离的方法包括以下步骤:A method for separating a control plane and a service plane, the method for separating the control plane and the service plane includes the following steps: 服务器根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;The server creates a service plane virtual bridge and a control plane virtual bridge according to user instructions; 云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;The cloud computing platform creates a business plane logical network and a control plane logical port according to user instructions; and configures a business plane virtual network card and a control plane virtual network card; 建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;Establishing a first mapping relationship between the service plane virtual network card, the service plane logical network, the service plane virtual bridge, and the control plane virtual network card, the control plane logical port, and the control plane virtual bridge The second correspondence of the three; 根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The virtual machine of the server is deployed according to the first correspondence relationship and the second corresponding relationship, so that the separation of the control plane and the service plane traffic in the deployed virtual machine is implemented. 根据权利要求1所述的控制面、业务面分离的方法,其中,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系包括:The method for separating a control plane and a service plane according to claim 1, wherein a first correspondence between the service plane virtual network card, the service plane logical network, the service plane virtual bridge, and the control are established The second correspondence between the virtual network card, the control plane logical port, and the control plane virtual bridge includes: 建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系、所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系;Establishing a third correspondence between the virtual network card of the service plane and the logical network of the service plane, and a fourth correspondence between the virtual network card of the control plane and the logical port of the control plane; 建立所述业务面逻辑网络与所述业务面虚拟网桥的第五对应关系,以及所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系;Establishing a fifth correspondence between the service plane logical network and the service plane virtual bridge, and a sixth correspondence between the control plane logical port and the control plane virtual bridge; 根据所述第三对应关系和所述第五对应关系,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥的第一对应关系;Establishing a first correspondence between the service plane virtual network card, the service plane logical network, and the service plane virtual bridge according to the third correspondence relationship and the fifth correspondence relationship; 根据所述第四对应关系和所述第六对应关系,建立所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系。And establishing, according to the fourth correspondence relationship and the sixth correspondence relationship, a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge. 根据权利要求1或2所述的控制面、业务面分离的方法,其中,所述云计算平台创建一控制面逻辑端口的步骤包括:The method for separating a control plane and a service plane according to claim 1 or 2, wherein the step of creating a control plane logical port by the cloud computing platform comprises: 所述云计算平台创建一控制面逻辑网络,在所述控制面逻辑网络下创建所述控制面逻辑端口,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。The cloud computing platform creates a control plane logical network, and creates the control plane logical port under the control plane logical network, and defines a virtual network card network port type corresponding to the control plane logical port as the first type. 根据权利要求3所述的控制面、业务面分离的方法,其中,所述云计算平台建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系的步骤包括:The control plane and the service plane separation method according to claim 3, wherein the step of the cloud computing platform establishing the fourth correspondence between the control plane virtual network card and the control plane logical port comprises: 所述云计算平台生成所述控制面逻辑端口的通用唯一标识符,为所述控制面虚拟网卡添加所述通用唯一标识符;The cloud computing platform generates a universally unique identifier of the control plane logical port, and adds the universal unique identifier to the control plane virtual network card; 根据所述通用唯一标识符,建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系,在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型。And establishing, according to the universal unique identifier, a fourth correspondence between the control plane virtual network card and the control plane logical port, and marking, in the fourth correspondence, the control plane virtual network card network port as the first type. 根据权利要求4所述的控制面、业务面分离的方法,其中,所述云计算平台定义所述控制 面逻辑端口对应的虚拟网卡网口类型为第一类型的步骤之后还包括:The method of controlling plane and business plane separation according to claim 4, wherein said cloud computing platform defines said control After the step of the first type of the virtual network card network port corresponding to the logical port, the method further includes: 所述云计算平台根据所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型,定义所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型;The virtual computing network port type corresponding to the logical port of the control plane is a first type, and the virtual network port type corresponding to the logical port of the control plane is a first type; 所述云计算平台建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系的步骤之后还包括:在所述第六对应关系中标记所述控制面虚拟网桥的网口为第一类型。After the step of establishing, by the cloud computing platform, the sixth corresponding relationship between the control plane logical port and the control plane virtual bridge, the method further includes: marking, in the sixth correspondence, the network port of the control plane virtual bridge For the first type. 根据权利要求5所述的控制面、业务面分离的方法,其中,所述第二对应关系中所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均标记为第一类型;The control plane and the service plane separation method according to claim 5, wherein the network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence relationship are marked as the first Types of; 所述云计算平台根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离的步骤具体包括:The step of the cloud computing platform deploying the virtual machine of the server according to the first corresponding relationship and the second corresponding relationship to implement the separation of the control plane and the service plane traffic in the deployed virtual machine includes: 所述云计算平台根据所述第一对应关系、以及根据所述第二对应关系中所述控制面逻辑端口对应的所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均为第一类型,生成虚拟机部署文件;The network computing platform according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port and the network port of the control plane virtual bridge according to the second corresponding relationship All are the first type, generating a virtual machine deployment file; 根据所述虚拟机部署文件,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。According to the virtual machine deployment file, the virtual machine of the server is deployed to implement separation of control plane and service plane traffic in the deployed virtual machine. 根据权利要求6所述的控制面、业务面分离的方法,其中,所述云计算平台建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系的步骤包括:The method for controlling the control plane and the service plane separation according to claim 6, wherein the step of the cloud computing platform establishing the third correspondence between the service plane virtual network card and the service plane logical network comprises: 所述云计算平台生成所述业务面逻辑网络的第一通用唯一标识符,为所述业务面虚拟网卡添加所述第一通用唯一标识符,根据所述第一通用唯一标识符,建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系。Generating, by the cloud computing platform, a first universal unique identifier of the business plane logical network, adding the first universal unique identifier to the business plane virtual network card, and establishing the according to the first universal unique identifier The third correspondence between the virtual NIC of the service plane and the logical network of the service plane. 根据权利要求1所述的控制面、业务面分离的方法,其中,所述服务器为多个,每个服务器均创建有所述一业务面虚拟网桥、一控制面虚拟网桥;The control plane and the service plane separation method according to claim 1, wherein the server is a plurality of servers, each of which is configured with the service plane virtual bridge and a control plane virtual bridge; 当所述服务器为多个时,所述云计算平台根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口的步骤之前还包括:When the number of the server is multiple, the cloud computing platform further includes: before the step of creating a service plane logical network and a control plane logical port according to user instructions: 云计算平台创建服务器集合,将创建有一业务面虚拟网桥、一控制面虚拟网桥的所有服务器添加至所述服务器集合;The cloud computing platform creates a server set, and adds all servers that have a business plane virtual bridge and a control plane virtual bridge to the server set; 所述云计算平台根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离的步骤具体包括:The step of the cloud computing platform deploying the virtual machine of the server according to the first corresponding relationship and the second corresponding relationship to implement the separation of the control plane and the service plane traffic in the deployed virtual machine includes: 所述云计算平台根据用户的选择指令,从所述服务器集合中选择一服务器,根据所述第一对应关系和所述第二对应关系,部署所选服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform selects a server from the server set according to the user's selection instruction, deploys a virtual machine of the selected server according to the first correspondence and the second correspondence, and implements the deployed virtual machine. Separation of traffic between the control plane and the business plane. 一种控制面、业务面分离的系统,所述控制面、业务面分离的系统包括:服务器、云计算平台; A control plane and a business plane separation system, wherein the control plane and the service plane separation system comprise: a server and a cloud computing platform; 服务器,设置为根据用户指令,创建一业务面虚拟网桥、一控制面虚拟网桥;The server is configured to create a service plane virtual bridge and a control plane virtual bridge according to the user instruction; 云计算平台,设置为根据用户指令,创建一业务面逻辑网络、一控制面逻辑端口;配置业务面虚拟网卡和控制面虚拟网卡;建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥三者的第一对应关系,以及所述控制面虚拟网卡、所述控制面逻辑端口、所述控制面虚拟网桥三者的第二对应关系;根据所述第一对应关系和所述第二对应关系,部署所述服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform is configured to create a business plane logical network and a control plane logical port according to the user instruction; configure a service plane virtual network card and a control plane virtual network card; establish the service plane virtual network card, the service plane logical network, and the a first correspondence between the three virtual network bridges, and a second correspondence between the control plane virtual network card, the control plane logical port, and the control plane virtual bridge; according to the first correspondence And the second corresponding relationship, the virtual machine of the server is deployed, and the separation of the control plane and the service plane traffic in the deployed virtual machine is implemented. 根据权利要求9所述的控制面、业务面分离的系统,其中,所述云计算平台,设置为建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系、所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系;建立所述业务面逻辑网络与所述业务面虚拟网桥的第五对应关系,以及所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系;根据所述第三对应关系和所述第五对应关系,建立所述业务面虚拟网卡、所述业务面逻辑网络、所述业务面虚拟网桥三者的第一对应关系;根据所述第四对应关系和所述第六对应关系,建立所述控制面虚拟网卡、所述逻辑端口、所述虚拟网桥三者的第二对应关系。The control plane and the service plane separation system according to claim 9, wherein the cloud computing platform is configured to establish a third correspondence between the service plane virtual network card and the service plane logical network, and the control plane a fourth correspondence between the virtual network card and the logical port of the control plane; establishing a fifth correspondence between the logical network of the service plane and the virtual bridge of the service plane, and the logical port of the control plane and the virtual network of the control plane a sixth correspondence of the bridge; establishing, according to the third correspondence and the fifth correspondence, a first correspondence between the virtual network card of the service plane, the logical network of the service plane, and the virtual bridge of the service plane And establishing a second correspondence between the control plane virtual network card, the logical port, and the virtual bridge according to the fourth correspondence relationship and the sixth correspondence relationship. 根据权利要求10所述的控制面、业务面分离的系统,其中,A control plane and business plane separation system according to claim 10, wherein 所述云计算平台,设置为创建一控制面逻辑网络,在所述控制面逻辑网络下创建所述控制面逻辑端口,定义所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型。The cloud computing platform is configured to create a control plane logical network, and the control plane logical port is created in the control plane logical network, and the virtual network card network port type corresponding to the control plane logical port is defined as the first type. 根据权利要求11所述的控制面、业务面分离的系统,其中,A control plane and business plane separation system according to claim 11, wherein 所述云计算平台,还设置为生成所述控制面逻辑端口的通用唯一标识符,为所述控制面虚拟网卡添加所述通用唯一标识符;以及根据所述通用唯一标识符,建立所述控制面虚拟网卡与所述控制面逻辑端口的第四对应关系,在所述第四对应关系中标记所述控制面虚拟网卡网口为第一类型。The cloud computing platform is further configured to generate a universally unique identifier of the control plane logical port, add the universally unique identifier to the control plane virtual network card; and establish the control according to the universally unique identifier The fourth corresponding relationship between the virtual network card and the logical port of the control plane, and the virtual network card network port of the control plane is marked as the first type in the fourth correspondence. 根据权利要求12所述的控制面、业务面分离的系统,其中,A control plane and business plane separation system according to claim 12, wherein 所述云计算平台,还设置为根据所述控制面逻辑端口对应的虚拟网卡网口类型为第一类型,定义所述控制面逻辑端口对应的虚拟网桥网口类型为第一类型;并在建立所述控制面逻辑端口与所述控制面虚拟网桥的第六对应关系后,在所述第六对应关系中标记所述控制面虚拟网桥的网口为第一类型。The cloud computing platform is further configured to: according to the virtual network card network port type corresponding to the control plane logical port, the first type, and the virtual bridge network port type corresponding to the control plane logical port is the first type; After the sixth corresponding relationship between the control plane logical port and the control plane virtual bridge is established, the network port of the control plane virtual bridge is marked as the first type in the sixth correspondence. 根据权利要求13所述的控制面、业务面分离的系统,其中,A control plane and business plane separation system according to claim 13, wherein 所述第二对应关系中所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均标记为第一类型;The network port of the control plane virtual network card and the network port of the control plane virtual bridge in the second correspondence are all marked as the first type; 所述云计算平台,还设置为根据所述第一对应关系、以及根据所述第二对应关系中所述控制面逻辑端口对应的所述控制面虚拟网卡的网口和所述控制面虚拟网桥的网口均为第一类型,生成虚拟机部署文件;以及根据所述虚拟机部署文件,部署所述服务器的 虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform is further configured to: according to the first correspondence, and the network port of the control plane virtual network card corresponding to the control plane logical port in the second corresponding relationship, and the control plane virtual network The network ports of the bridge are all of a first type, and a virtual machine deployment file is generated; and the server is deployed according to the virtual machine deployment file. The virtual machine implements the separation of control plane and service plane traffic in the deployed virtual machine. 根据权利要求14所述的控制面、业务面分离的系统,其中,所述云计算平台,还设置为生成所述业务面逻辑网络的第一通用唯一标识符,为所述业务面虚拟网卡添加所述第一通用唯一标识符,根据所述第一通用唯一标识符,建立所述业务面虚拟网卡与所述业务面逻辑网络的第三对应关系。The control plane and the service plane separation system according to claim 14, wherein the cloud computing platform is further configured to generate a first universal unique identifier of the service plane logical network, and add the service plane virtual network card And establishing, by the first universal unique identifier, a third correspondence between the service plane virtual network card and the service plane logical network according to the first universal unique identifier. 根据权利要求9所述的控制面、业务面分离的系统,其中,所述服务器为多个,每个服务器均创建有一业务面虚拟网桥、一控制面虚拟网桥;The control plane and the service plane separation system according to claim 9, wherein the server is a plurality of servers, and each server is configured with a service plane virtual bridge and a control plane virtual bridge; 所述云计算平台,还设置为当所述服务器为多个时,创建服务器集合,将创建有一业务面虚拟网桥、一控制面虚拟网桥的所有服务器添加至所述服务器集合;以及根据用户的选择指令,从所述服务器集合中选择一服务器,根据所述第一对应关系和所述第二对应关系,部署所选服务器的虚拟机,实现所部署的虚拟机中控制面、业务面流量的分离。The cloud computing platform is further configured to: when the server is multiple, create a server set, add all servers that create a service plane virtual bridge, a control plane virtual bridge to the server set; and according to the user Selecting a server, selecting a server from the set of servers, deploying a virtual machine of the selected server according to the first correspondence and the second correspondence, and implementing control plane and service plane traffic in the deployed virtual machine Separation. 一种服务器,所述服务器为权利要求8-14任一项所述的服务器。A server, the server of any one of claims 8-14. 一种云计算平台,所述云计算平台为权利要求8-14任一项所述的云计算平台。 A cloud computing platform, the cloud computing platform of any one of claims 8-14.
PCT/CN2016/077743 2015-10-13 2016-03-29 Method and system for isolating control plane and service plane, server and cloud computation platform Ceased WO2016177207A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510657754.9A CN106571945B (en) 2015-10-13 2015-10-13 Control plane and service plane separation method and system, server and cloud computing platform
CN201510657754.9 2015-10-13

Publications (1)

Publication Number Publication Date
WO2016177207A1 true WO2016177207A1 (en) 2016-11-10

Family

ID=57217402

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/077743 Ceased WO2016177207A1 (en) 2015-10-13 2016-03-29 Method and system for isolating control plane and service plane, server and cloud computation platform

Country Status (2)

Country Link
CN (1) CN106571945B (en)
WO (1) WO2016177207A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371629A (en) * 2020-03-27 2020-07-03 北京百度网讯科技有限公司 Network construction and out-of-band management method, apparatus, device, medium and cloud platform
CN114095357A (en) * 2021-11-18 2022-02-25 中国光大银行股份有限公司 Business system
CN115421412A (en) * 2022-08-16 2022-12-02 南京赛宁信息技术有限公司 A network shooting range traffic multiplexing monitoring system and method
US12487847B2 (en) * 2023-04-14 2025-12-02 At&T Intellectual Property I, L.P. Virtual firewall for use in a private mobile core

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579988B (en) * 2017-09-25 2020-01-07 新华三技术有限公司 Method and device for configuring security policy
CN108234271A (en) * 2017-10-25 2018-06-29 国云科技股份有限公司 A cloud platform service network IP management method
CN110149614B (en) * 2018-02-13 2021-09-21 西安中兴新软件有限责任公司 Vehicle-mounted data transmission method and device and vehicle-mounted TBOX
CN112202659B (en) * 2020-09-25 2022-04-12 中国船舶重工集团公司第七0七研究所 Method for realizing network bridge under road system
CN119561908A (en) * 2024-11-20 2025-03-04 中移动信息技术有限公司 Data hierarchical transmission method, device, equipment, storage medium and product

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7561531B2 (en) * 2005-04-19 2009-07-14 Intel Corporation Apparatus and method having a virtual bridge to route data frames
CN103825891A (en) * 2014-02-19 2014-05-28 曙光云计算技术有限公司 Security flaw scanning system under cloud network environment
CN103825954A (en) * 2014-03-10 2014-05-28 中国联合网络通信集团有限公司 OpenFlow control method and corresponding insert, platform and network thereof
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 A distributed virtual network implementation method suitable for cloud platform

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710432B (en) * 2012-04-27 2015-04-15 北京云杉世纪网络科技有限公司 System and method for managing virtual network in cloud computation data center
CN104767676B (en) * 2014-01-03 2017-12-12 华为技术有限公司 Data message forwarding method and system in SDN
WO2015123849A1 (en) * 2014-02-20 2015-08-27 Wenbo Mao Method and apparatus for extending the internet into intranets to achieve scalable cloud network
CN104917623B (en) * 2014-03-10 2019-09-13 南京中兴新软件有限责任公司 A method and device for implementing SDN network communication management
CN104506408B (en) * 2014-12-31 2018-02-06 新华三技术有限公司 The method and device of data transfer based on SDN

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7561531B2 (en) * 2005-04-19 2009-07-14 Intel Corporation Apparatus and method having a virtual bridge to route data frames
CN103825891A (en) * 2014-02-19 2014-05-28 曙光云计算技术有限公司 Security flaw scanning system under cloud network environment
CN103825954A (en) * 2014-03-10 2014-05-28 中国联合网络通信集团有限公司 OpenFlow control method and corresponding insert, platform and network thereof
CN104468746A (en) * 2014-11-23 2015-03-25 国云科技股份有限公司 A distributed virtual network implementation method suitable for cloud platform

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111371629A (en) * 2020-03-27 2020-07-03 北京百度网讯科技有限公司 Network construction and out-of-band management method, apparatus, device, medium and cloud platform
CN111371629B (en) * 2020-03-27 2022-11-04 北京百度网讯科技有限公司 Network construction and out-of-band management method, apparatus, device, medium and cloud platform
CN114095357A (en) * 2021-11-18 2022-02-25 中国光大银行股份有限公司 Business system
CN114095357B (en) * 2021-11-18 2024-05-14 中国光大银行股份有限公司 Service system
CN115421412A (en) * 2022-08-16 2022-12-02 南京赛宁信息技术有限公司 A network shooting range traffic multiplexing monitoring system and method
US12487847B2 (en) * 2023-04-14 2025-12-02 At&T Intellectual Property I, L.P. Virtual firewall for use in a private mobile core

Also Published As

Publication number Publication date
CN106571945A (en) 2017-04-19
CN106571945B (en) 2020-07-10

Similar Documents

Publication Publication Date Title
WO2016177207A1 (en) Method and system for isolating control plane and service plane, server and cloud computation platform
US12368649B2 (en) User interface for cloud native software-defined network architectures
CN115801669B (en) Containerized routing protocol process for VPNs
US10880210B2 (en) Cloud network having multiple protocols using virtualization overlays across physical and virtualized workloads
CN107113208B (en) Network virtualization of network infrastructure
Lu et al. Hybnet: Network manager for a hybrid network infrastructure
US20180026884A1 (en) Cloud overlay for operations administration and management
EP3522451A2 (en) Method for implementing network virtualization and related apparatus and communications system
WO2017148219A1 (en) Virtual private network service implementation method and apparatus, and communication system
US9311133B1 (en) Touchless multi-domain VLAN based orchestration in a network environment
CN103763367A (en) Method and system for designing distributed virtual network in cloud calculating data center
Parniewicz et al. Design and implementation of an openflow hardware abstraction layer
CN105051688A (en) Extended tag networking
CN105052078A (en) Extending routing rules from external services
Salsano et al. Hybrid IP/SDN networking: open implementation and experiment management tools
Marschke et al. Software defined networking (SDN): anatomy of OpenFlow Volume I
CN104065553B (en) Virtual network moving method and relevant device
CN106878136A (en) A kind of message forwarding method and device
Turull et al. libNetVirt: the network virtualization library
CN111371608B (en) Method, device and medium for deploying SFC service chain
EP3731462A1 (en) Virtual port group
US20180109472A1 (en) Controller, control method and program
US9762446B2 (en) Methods for dynamic service deployment for virtual/physical multiple device integration
KR101543735B1 (en) System and method for processing packets for nfv
Fernández et al. Distributed virtual scenarios over multi-host Linux environments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16789201

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16789201

Country of ref document: EP

Kind code of ref document: A1