CN104579898A - Tenant isolating method and system - Google Patents
Tenant isolating method and system Download PDFInfo
- Publication number
- CN104579898A CN104579898A CN201510038892.9A CN201510038892A CN104579898A CN 104579898 A CN104579898 A CN 104579898A CN 201510038892 A CN201510038892 A CN 201510038892A CN 104579898 A CN104579898 A CN 104579898A
- Authority
- CN
- China
- Prior art keywords
- tenant
- message
- access switch
- virtual machine
- destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a tenant isolating method and system. The tenant isolating method comprises the steps that corresponding virtual local area network tags are assigned to all virtual machines of all physical hosts by a virtual switch, and the virtual local area network tags are used for identifying messages of tenants; corresponding VTN identifiers are assigned to the tenants through an access switch; the virtual local area network tags of all the virtual machines of the tenants are combined according to the assigned VTN identifiers, corresponding virtual networks are generated for the tenants, and the isolation of the tenants is achieved. According to the tenant isolating method and system, the virtual local area network tags are assigned to the virtual machines of all the physical hosts through the virtual switch, and corresponding VTN identifiers are assigned to the tenants through the access switch. The scale of the virtual machines of the tenants in a cloud computing network is increased while the isolation of the tenants is achieved. The isolation is carried out on the tenants through the VTN identifiers. The management on the rented virtual machines can be conducted by the tenants. Due to the fact that the VTN identifiers are unchanged when the adjustment is conducted by the tenants, the management on a cloud platform management network is unaffected.
Description
Technical field
The present invention relates to field of cloud computer technology, the tenant's partition method in espespecially a kind of cloud computing system and system.
Background technology
Cloud computing is a kind of account form being provided virtual resources by the Internet of dynamically easily expansion, cloud computing is divided into infrastructure namely to serve (Infrastructure as a Service, IaaS), namely platform serves (Platform as a Service, PaaS) and software namely serve the Service Source pond of (Software as a Service, SaaS) three levels.In cloud computing environment, the resource such as CPU, internal memory, hard disk of user forms the resource pool in pond, provides service to user is unified.
In cloud computing environment, the bottom hardware resource that multiple tenant uses unified resource pool to provide.In order to ensure the fail safe of tenant data, need to isolate tenant, the virtual machine of tenant inside can be intercomed mutually, and virtual machine between tenant is mutually isolated.
Traditional cloud computing resource pool, the virtual machine of tenant is carried on the computing node of formation resource pool, carry out intercommunication by the unified network equipment, usually adopt the mode of VLAN (VLAN, Virtual LocalArea Network) to carry out tenant's isolation.Be that each tenant distributes one or more VLAN tag at virtual switch and access switch place, after two layers (data link layers) of the original message head namely sent tenant, add VLAN mark.The message sent due to the virtual machine of different tenant is different because VLAN identifies, the virtual machine of a tenant can not be allowed to access the virtual machine of other tenants at virtual switch and access switch place, make to isolate on two of network layers between tenant, reach the effect of improving information safety.Then three layers of (IP layer) isolating problem that corresponding Access Control List (ACL) (Access Control List is called for short ACL) rule solves network are configured at core switch place.Acl rule refers to: by reading information in heading as source address, destination address, source port, destination interface etc. from routing table, realize the object of access control according to the rule pre-defined.Fig. 1 is the physical structure schematic diagram of cloud computing resource pool.As shown in Figure 1, the virtual machine (VM, Virtual Machine) of tenant is connected with virtual switch, is carried on the computing node of formation resource pool, virtual switch is connected between the virtual machine of tenant and access switch, for responsible connecting virtual machine and outside physical network; Access switch is physical switches.According to existing tenant's partition method, divide different VLAN tag by giving the virtual machine of different tenant; Can identify 4096 virtual machines because VLAN tag is maximum, therefore, tenant's scale is restricted; By the VLAN tag of same tenant is arranged, can not communicate by arranging between tenant, namely distinguishing whether belong to same tenant by VLAN tag, if do not belong to same tenant, then not allow communication, realize two layers of isolation; In third layer, realize isolation by Access Control List (ACL), that is, by the isolation of ACL third layer, the virtual machine of different tenant can not be intercomed mutually at three layers.If adjusted tenant network, then the VLAN tag of each virtual machine of tenant also needs to adjust, and affects network management; In addition, in existing network, the virtual machine of same tenant is often arranged on different physical hosts, obeys the unified planning of cloud platform management network, and tenant cannot carry out effective management to the virtual machine network belonging to it and freely plan.
Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of tenant's partition method and system, the effective isolation in cloud computing system between tenant can be realized, improve tenant's virtual machine scale.
In order to reach the object of the invention, the invention provides a kind of tenant's partition method, comprising:
Virtual switch is that each virtual machine on each physical host distributes accordingly for identifying the virtual local area network tags of tenant's message;
Access switch is that each tenant distributes corresponding virtual tenant network VTN identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generates the corresponding virtual network of each tenant, realizes tenant's isolation.
Further, the method also comprises:
Source access switch, according to the VTN identifier of the destination address of tenant's message in conjunction with this tenant, is used for the two layer message head of physical network route to the encapsulation of tenant's message;
Two layer message hair according to encapsulation send tenant's message to destination access switch, and tenant's message is sent to destination virtual machine according to one deck heading by destination switch.
Further, encapsulation specifically comprises for the two layer message head of physical network route:
Source access switch reads routing table, obtains the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
According to routing address and the described VTN identifier of object access switch, described source access switch carries out the encapsulation of the two layer message head of the physical network route of tenant's message.
Further, encapsulation specifically comprises for the two layer message head of physical network route:
Source access switch reads routing table, obtains the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
Described source access switch adopts user datagram protocol UDP to comprise at one deck heading outer package of described message, obtained by the routing address of object access switch outer media access control OuterMAC, outer Internet protocol Outer IP and outer users data pack protocol Outer UDP, the VTN heading part generated by VTN identifier, form described two layer message head.
On the other hand, the application also provides a kind of virtual machine shielding system, at least comprises virtual switch and access switch, wherein,
Virtual switch, corresponding for identifying the virtual local area network tags of tenant's message for distributing for each virtual machine on each physical host;
Access switch is that each tenant distributes corresponding VTN identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generates the corresponding virtual network of each tenant, realizes tenant's isolation.
Further, access switch comprises source access switch and destination access switch;
Source access switch also for, according to the destination address of the tenant's message VTN identifier in conjunction with this tenant, the encapsulation of tenant's message is used for the two layer message head of physical network route; Two layer message hair according to encapsulation send tenant's message to destination access switch;
Destination access switch, after receiving tenant's message, sends to destination virtual machine according to one deck heading by tenant's message.
Further, source access switch specifically for,
Read routing table, obtain the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
According to routing address and the described VTN identifier of object access switch, described source access switch carries out the encapsulation of the two layer message head of the physical network route of tenant's message;
Two layer message hair according to encapsulation send tenant's message to destination access switch.
Further, source access switch specifically for,
Read routing table, obtain the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
Adopt user datagram protocol UDP to be used for the two layer message head including the routing address of object access switch of physical network route at one deck heading outer package of message, described two layer message head comprises the outer media access control Outer MAC obtained by the routing address of object access switch, outer Internet protocol Outer IP and outer users data pack protocol Outer UDP and described VTN identifier.
Compared with prior art, technical scheme provided by the invention comprises: virtual switch is that each virtual machine on each physical host distributes accordingly for identifying the virtual local area network tags of tenant's message; Access switch is that each tenant distributes corresponding VTN identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generates the corresponding virtual network of each tenant, realizes tenant's isolation.The present invention is by for virtual switch being the virtual machine distribution virtual local area network tags on each physical host, be that each tenant distributes corresponding VTN identifier by access switch, while realizing tenant's isolation, add the scale of tenant's virtual machine in system for cloud computing, by the isolation of VTN identifier to each tenant, tenant can manage the virtual machine that it is rented, when tenant adjusts, because VTN mark is constant, can not impact the management of cloud platform management network.
Accompanying drawing explanation
Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and forms a part for specification, is used from and explains technical scheme of the present invention, do not form the restriction to technical solution of the present invention with the embodiment one of the application.
Fig. 1 is the physical structure schematic diagram of cloud computing resource pool;
Fig. 2 is the schematic flow sheet of tenant's partition method of the present invention;
Fig. 3 is the logical construction schematic diagram of cloud computing resource pool of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, hereinafter will be described in detail to embodiments of the invention by reference to the accompanying drawings.It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combination in any mutually.
Fig. 2 is the schematic flow sheet of tenant's partition method of the present invention, as shown in Figure 2, comprising:
Step 200, virtual switch are that each virtual machine on each physical host distributes accordingly for identifying the virtual local area network tags of tenant's message;
Step 201, access switch are that each tenant distributes corresponding virtual tenant network (VTN) identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generate the corresponding virtual network of each tenant.Because access switch only E-Packets between the virtual machine of identical VTN identifier, therefore the function of tenant's isolation can be realized, can communicate between the virtual machine of guarantee tenant inside, and the virtual machine between different tenant can not communicate, thus promote the fail safe of cloud computing resource pool.
It should be noted that and adopt virtual tenant network (VTN, Virtual Tenant Network) agreement, access switch is that each tenant distributes a virtual network, thus realizes the isolation of tenant.The VLAN tag of tradition VLAN mode has the restricted number of 4096, and tenant's virtual machine scale can not be too large, and tenant's scale also receives impact; The present invention adopts VTN agreement, can carry out generation 16777216 virtual networks according to VTN agreement, and therefore, the largest of tenant can expand 16777216 to, is greatly improved compared to traditional VLAN mode.
After the process completing tenant's isolation, the inventive method also comprises:
Source access switch, according to the VTN identifier of the destination address of tenant's message in conjunction with this tenant, is used for the two layer message head of physical network route to the encapsulation of tenant's message;
Two layer message hair according to encapsulation send tenant's message to destination access switch, and tenant's message is sent to destination virtual machine according to one deck heading by destination switch.
Here, encapsulation specifically comprises for the two layer message head of physical network route:
Source access switch reads routing table, obtains the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
According to routing address and the described VTN identifier of object access switch, described source access switch carries out the encapsulation of the two layer message head of the physical network route of tenant's message.
Preferably, encapsulation specifically comprises for the two layer message head of physical network route:
Source access switch reads routing table, obtains the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
Source access switch adopts user datagram protocol UDP to comprise at one deck heading outer package of described message, is obtained by the routing address of object access switch outer media access control Outer MAC, outer Internet protocol Outer IP and outer users data pack protocol Outer UDP, the VTN heading part generated by VTN identifier, form two layer message head.
After source access switch receives the tenant's message from virtual switch, according to the VLAN Tag of tenant's virtual machine, the two layer message head concrete structure being used for physical network route at one deck heading outer package of message is as shown in table 1:
Table 1
The VTN heading part generated by VTN identifier, its concrete structure is as shown in table 2:
Table 2
Wherein, V represents version number Version, and such as current version is 1;
R represents reservation position Reserved;
VTN Identifier represents the VTN identifier of mark virtual network.
It should be noted that, source access switch here and destination access switch are according to the transmission of tenant's message and reception and relative designations.In original tenant's partition method, message repeating, mainly through adding one deck heading in tenant's message, is searched routing table by the VLAN tag in one deck heading and is obtained the routing address of object access switch and determine the IP address of the destination virtual machine receiving tenant's message.
Because the present invention adjusts tenant's isolation method, because this has been the encapsulation process of two layer message head, can ensure that tenant's message transmits in the virtual network of tenant by the VTN of two layer message head, the IP address of routing table destination virtual machine is read by source access switch, search the routing address of corresponding object access switch according to the IP of destination virtual machine, therefore two layer message head comprises Outer MAC, the Outer IP and Outer UDP and VTN identifier that are obtained by the routing address of object access switch.One deck heading still adopts the heading of the IP address comprising destination virtual machine.In addition, because the IP address of virtual machine exists situation about overlapping, therefore need to be distinguished the virtual machine of different tenant by VTN mark.
Fig. 3 is the logical construction schematic diagram of cloud computing resource pool of the present invention, as shown in Figure 3, at access switch place by VTN identifier, for each tenant distributes virtual network, by the virtual local area network tags that VTN identifier and virtual machine are the distribution of each physical host, virtual network and physical network are distinguished, realizes virtual network and be separated with physical network.
The present invention is by for virtual switch being the virtual machine distribution virtual local area network tags on each physical host, be that each tenant distributes corresponding VTN identifier by access switch, while realizing tenant's isolation, add the scale of tenant's virtual machine in system for cloud computing, by the isolation of VTN identifier to each tenant, tenant can manage the virtual machine that it is rented, when tenant adjusts, because VTN mark is constant, can not impact the management of cloud platform management network.
With reference to figure 1 and Fig. 3, tenant's shielding system of the present invention, at least comprises: virtual switch and access switch, wherein,
Virtual switch, corresponding for identifying the virtual local area network tags of tenant's message for distributing for each virtual machine on each physical host;
Access switch is that each tenant distributes corresponding VTN identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generates the corresponding virtual network of each tenant, realizes tenant's isolation.
Access switch comprises source access switch and destination access switch;
Source access switch also for, according to the destination address of the tenant's message VTN identifier in conjunction with this tenant, the encapsulation of tenant's message is used for the two layer message head of physical network route; Two layer message hair according to encapsulation send tenant's message to destination access switch;
Destination access switch, after receiving tenant's message, sends to destination virtual machine according to one deck heading by tenant's message.
Source access switch specifically for,
Read routing table, obtain the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
According to routing address and the described VTN identifier of object access switch, described source access switch carries out the encapsulation of the two layer message head of the physical network route of tenant's message;
Two layer message hair according to encapsulation send tenant's message to destination access switch.
Source access switch specifically for,
Read routing table, obtain the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
Adopt user datagram protocol UDP to be used for the two layer message head including the routing address of object access switch of physical network route at one deck heading outer package of described message, described two layer message head comprises the outer media access control Outer MAC obtained by the routing address of object access switch, outer Internet protocol Outer IP and outer users data pack protocol Outer UDP and described VTN identifier.
Although the execution mode disclosed by the present invention is as above, the execution mode that described content only adopts for ease of understanding the present invention, and be not used to limit the present invention.Those of skill in the art belonging to any the present invention; under the prerequisite not departing from the spirit and scope disclosed by the present invention; any amendment and change can be carried out in the form implemented and details; but scope of patent protection of the present invention, the scope that still must define with appending claims is as the criterion.
Claims (8)
1. tenant's partition method, is characterized in that, comprising:
Virtual switch is that each virtual machine on each physical host distributes accordingly for identifying the virtual local area network tags of tenant's message;
Access switch is that each tenant distributes corresponding virtual tenant network VTN identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generates the corresponding virtual network of each tenant, realizes tenant's isolation.
2. tenant's partition method according to claim 1, it is characterized in that, the method also comprises:
Source access switch, according to the VTN identifier of the destination address of tenant's message in conjunction with this tenant, is used for the two layer message head of physical network route to the encapsulation of tenant's message;
Two layer message hair according to encapsulation send tenant's message to destination access switch, and tenant's message is sent to destination virtual machine according to one deck heading by destination switch.
3. tenant's partition method according to claim 2, is characterized in that, the two layer message head that described encapsulation is used for physical network route specifically comprises:
Source access switch reads routing table, obtains the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
According to routing address and the described VTN identifier of object access switch, described source access switch carries out the encapsulation of the two layer message head of the physical network route of tenant's message.
4. the tenant's partition method according to Claims 2 or 3, is characterized in that, the two layer message head that described encapsulation is used for physical network route specifically comprises:
Source access switch reads routing table, obtains the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
Described source access switch adopts user datagram protocol UDP to comprise at one deck heading outer package of described message, obtained by the routing address of object access switch outer media access control OuterMAC, outer Internet protocol Outer IP and outer users data pack protocol Outer UDP, the VTN heading part generated by VTN identifier, form described two layer message head.
5. a virtual machine shielding system, is characterized in that, at least comprises virtual switch and access switch, wherein,
Described virtual switch, corresponding for identifying the virtual local area network tags of tenant's message for distributing for each virtual machine on each physical host;
Access switch is that each tenant distributes corresponding VTN identifier, according to the VTN identifier distributed in conjunction with the virtual local area network tags of each virtual machine of this tenant, generates the corresponding virtual network of each tenant, realizes tenant's isolation.
6. virtual machine shielding system according to claim 5, is characterized in that, described access switch comprises source access switch and destination access switch;
Described source access switch also for, according to the destination address of the tenant's message VTN identifier in conjunction with this tenant, the encapsulation of tenant's message is used for the two layer message head of physical network route; Two layer message hair according to encapsulation send tenant's message to destination access switch;
Destination access switch, after receiving tenant's message, sends to destination virtual machine according to one deck heading by tenant's message.
7. virtual machine shielding system according to claim 6, is characterized in that, described source access switch specifically for,
Read routing table, obtain the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
According to routing address and the described VTN identifier of object access switch, described source access switch carries out the encapsulation of the two layer message head of the physical network route of tenant's message;
Two layer message hair according to encapsulation send tenant's message to destination access switch.
8. the virtual machine shielding system according to claim 6 or 7, is characterized in that, described source access switch specifically for,
Read routing table, obtain the IP address of the destination virtual machine of tenant's message, according to the routing address of the IP address lookup routing table destination virtual machine place object access switch of the destination virtual machine of tenant's message;
Adopt user datagram protocol UDP to be used for the two layer message head including the routing address of object access switch of physical network route at one deck heading outer package of described message, described two layer message head comprises the outer media access control Outer MAC obtained by the routing address of object access switch, outer Internet protocol Outer IP and outer users data pack protocol Outer UDP and described VTN identifier.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510038892.9A CN104579898A (en) | 2015-01-26 | 2015-01-26 | Tenant isolating method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510038892.9A CN104579898A (en) | 2015-01-26 | 2015-01-26 | Tenant isolating method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104579898A true CN104579898A (en) | 2015-04-29 |
Family
ID=53095146
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510038892.9A Pending CN104579898A (en) | 2015-01-26 | 2015-01-26 | Tenant isolating method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104579898A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070959A (en) * | 2017-06-28 | 2017-08-18 | 郑州云海信息技术有限公司 | A kind of method and apparatus of Network Isolation |
| CN107592208A (en) * | 2016-07-08 | 2018-01-16 | 中兴通讯股份有限公司 | Flow managing method and device |
| CN107770026A (en) * | 2016-08-17 | 2018-03-06 | 中国电信股份有限公司 | Tenant network data transmission method, tenant network system and relevant device |
| WO2018041135A1 (en) * | 2016-08-30 | 2018-03-08 | 新华三技术有限公司 | Message forwarding |
| CN107864131A (en) * | 2017-11-03 | 2018-03-30 | 郑州云海信息技术有限公司 | A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations |
| CN108111383A (en) * | 2017-12-26 | 2018-06-01 | 北京航空航天大学 | A kind of cross-domain container virtual network construction method based on SDN |
| CN108512811A (en) * | 2017-02-27 | 2018-09-07 | 中国科学院信息工程研究所 | A kind of virtual network partition method and SDN controllers based on SDN |
| CN109445910A (en) * | 2018-11-02 | 2019-03-08 | 郑州云海信息技术有限公司 | A kind of virtual machine vlan management method, apparatus, terminal and storage medium |
| WO2019090523A1 (en) * | 2017-11-08 | 2019-05-16 | 华为技术有限公司 | Business deployment method under serverless architecture and function management platform |
| CN111147345A (en) * | 2019-12-20 | 2020-05-12 | 航天信息股份有限公司 | Cloud environment network isolation device and method and cloud environment |
| CN113472745A (en) * | 2021-05-31 | 2021-10-01 | 山东英信计算机技术有限公司 | Selinux-based openstack public cloud multi-tenant isolation method, system and terminal |
| CN114221859A (en) * | 2022-01-06 | 2022-03-22 | 烽火通信科技股份有限公司 | Method and system for generating tenant network physical link connectivity topology |
| CN114944952A (en) * | 2022-05-20 | 2022-08-26 | 深信服科技股份有限公司 | Data processing method, device, system, equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119276A (en) * | 2007-08-22 | 2008-02-06 | 杭州华三通信技术有限公司 | Method and apparatus for implementing VLAN downlink user isolation |
| US20130054761A1 (en) * | 2011-08-29 | 2013-02-28 | Telefonaktiebolaget L M Ericsson (Publ) | Implementing a 3G Packet Core in a Cloud Computer with Openflow Data and Control Planes |
| CN103973673A (en) * | 2014-04-09 | 2014-08-06 | 汉柏科技有限公司 | Virtual firewall partitioning method and equipment |
| CN104283756A (en) * | 2013-07-02 | 2015-01-14 | 杭州华三通信技术有限公司 | Method and device for realizing distributed type multi-tenant virtual network |
-
2015
- 2015-01-26 CN CN201510038892.9A patent/CN104579898A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119276A (en) * | 2007-08-22 | 2008-02-06 | 杭州华三通信技术有限公司 | Method and apparatus for implementing VLAN downlink user isolation |
| US20130054761A1 (en) * | 2011-08-29 | 2013-02-28 | Telefonaktiebolaget L M Ericsson (Publ) | Implementing a 3G Packet Core in a Cloud Computer with Openflow Data and Control Planes |
| CN104283756A (en) * | 2013-07-02 | 2015-01-14 | 杭州华三通信技术有限公司 | Method and device for realizing distributed type multi-tenant virtual network |
| CN103973673A (en) * | 2014-04-09 | 2014-08-06 | 汉柏科技有限公司 | Virtual firewall partitioning method and equipment |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107592208A (en) * | 2016-07-08 | 2018-01-16 | 中兴通讯股份有限公司 | Flow managing method and device |
| CN107592208B (en) * | 2016-07-08 | 2022-07-29 | 中兴通讯股份有限公司 | Traffic management method and device |
| CN107770026A (en) * | 2016-08-17 | 2018-03-06 | 中国电信股份有限公司 | Tenant network data transmission method, tenant network system and relevant device |
| CN107770026B (en) * | 2016-08-17 | 2020-11-03 | 中国电信股份有限公司 | Tenant network data transmission method, tenant network system and related equipment |
| WO2018041135A1 (en) * | 2016-08-30 | 2018-03-08 | 新华三技术有限公司 | Message forwarding |
| CN107800549A (en) * | 2016-08-30 | 2018-03-13 | 新华三技术有限公司 | The method and apparatus that multi-tenant facility environment MDC is realized in port based on switching equipment |
| US10911356B2 (en) | 2016-08-30 | 2021-02-02 | New H3C Technologies Co., Ltd. | Forwarding packet |
| CN108512811A (en) * | 2017-02-27 | 2018-09-07 | 中国科学院信息工程研究所 | A kind of virtual network partition method and SDN controllers based on SDN |
| CN107070959A (en) * | 2017-06-28 | 2017-08-18 | 郑州云海信息技术有限公司 | A kind of method and apparatus of Network Isolation |
| CN107864131A (en) * | 2017-11-03 | 2018-03-30 | 郑州云海信息技术有限公司 | A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations |
| WO2019090523A1 (en) * | 2017-11-08 | 2019-05-16 | 华为技术有限公司 | Business deployment method under serverless architecture and function management platform |
| US11431794B2 (en) | 2017-11-08 | 2022-08-30 | Huawei Cloud Computing Technologies Co., Ltd. | Service deployment method and function management platform under serverless architecture |
| CN108111383A (en) * | 2017-12-26 | 2018-06-01 | 北京航空航天大学 | A kind of cross-domain container virtual network construction method based on SDN |
| CN109445910A (en) * | 2018-11-02 | 2019-03-08 | 郑州云海信息技术有限公司 | A kind of virtual machine vlan management method, apparatus, terminal and storage medium |
| CN109445910B (en) * | 2018-11-02 | 2022-03-04 | 郑州云海信息技术有限公司 | Virtual machine VLAN management method, device, terminal and storage medium |
| CN111147345A (en) * | 2019-12-20 | 2020-05-12 | 航天信息股份有限公司 | Cloud environment network isolation device and method and cloud environment |
| CN113472745A (en) * | 2021-05-31 | 2021-10-01 | 山东英信计算机技术有限公司 | Selinux-based openstack public cloud multi-tenant isolation method, system and terminal |
| CN114221859A (en) * | 2022-01-06 | 2022-03-22 | 烽火通信科技股份有限公司 | Method and system for generating tenant network physical link connectivity topology |
| CN114221859B (en) * | 2022-01-06 | 2023-12-01 | 烽火通信科技股份有限公司 | Tenant network physical link connectivity topology generation method and system |
| CN114944952A (en) * | 2022-05-20 | 2022-08-26 | 深信服科技股份有限公司 | Data processing method, device, system, equipment and readable storage medium |
| CN114944952B (en) * | 2022-05-20 | 2023-11-07 | 深信服科技股份有限公司 | Data processing method, device, system, equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104579898A (en) | Tenant isolating method and system | |
| CN104580505A (en) | Tenant isolating method and system | |
| US11818040B2 (en) | Systems and methods for a VLAN switching and routing service | |
| US10375015B2 (en) | Methods and system for allocating an IP address for an instance in a network function virtualization (NFV) system | |
| US9658876B2 (en) | Location-aware virtual service provisioning in a hybrid cloud environment | |
| US20150143369A1 (en) | Communications Method and System | |
| EP2905930B1 (en) | Processing method, apparatus and system for multicast | |
| CN103621046B (en) | Network communication method and device | |
| US20150124823A1 (en) | Tenant dhcp in an overlay network | |
| EP3197107B1 (en) | Message transmission method and apparatus | |
| CN107770026B (en) | Tenant network data transmission method, tenant network system and related equipment | |
| CN103118149B (en) | Communication control method between same tenant's server and the network equipment | |
| CN102780601A (en) | Method and system of virtual managed network | |
| CN103475704B (en) | A kind of method for virtual node configuration of Virtual group of planes application | |
| WO2018019092A1 (en) | Method for allocating vlan id in network, and controller | |
| WO2015149253A1 (en) | Data center system and virtual network management method of data center | |
| CN106031116A (en) | Method, apparatus and system for associating NS with VNF | |
| CN109218158A (en) | Data transmission method, control method and controller, gateway, intermediate NE and system based on VxLAN | |
| CN106331206A (en) | Domain name management method and device | |
| CN105635190A (en) | Service execution method and device for data center network | |
| CN105704042A (en) | Message processing method, BNG and BNG cluster system | |
| CN104852846B (en) | A kind of data forwarding controlling method and system | |
| CN104734930B (en) | Method and device for realizing access of Virtual Local Area Network (VLAN) to Variable Frequency (VF) network and Fiber Channel Frequency (FCF) | |
| US20210051076A1 (en) | A node, control system, communication control method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |