CN105991789A - Method for realizing virtual machine port mapping, servers and system - Google Patents
Method for realizing virtual machine port mapping, servers and system Download PDFInfo
- Publication number
- CN105991789A CN105991789A CN201510101153.XA CN201510101153A CN105991789A CN 105991789 A CN105991789 A CN 105991789A CN 201510101153 A CN201510101153 A CN 201510101153A CN 105991789 A CN105991789 A CN 105991789A
- Authority
- CN
- China
- Prior art keywords
- port
- virtual machine
- server
- described virtual
- default security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
Abstract
The invention discloses a method for realizing virtual machine port mapping. When a first server determines a virtual machine which carries out port mapping has an associated default security group, the mapping port corresponding to a virtual machine opening port is selected, and the opening port information of the virtual machine and mapping port information are added to the default security group. The mapping port request of the virtual machine is sent to a second server. The port mapping request is used for indicating the second server to carry out port mapping on the virtual machine according to a preset port mapping rule. The invention also discloses a system for realizing the virtual machine port mapping and the servers.
Description
Technical field
The present invention relates to virtual machine in Openstack cloud computing management platform and carry out the correlation technique of port mapping,
Particularly relate to implementation method, server and the system of a kind of virtual machine port mapping.
Background technology
Openstack is that a cloud of increasing income developed cooperatively by US National Aeronautics and Space Administration and Rackspace is put down
Platform management project, has been widely applied to building of publicly-owned cloud and privately owned cloud, and enterprises and individuals can
To use Openstack to dispose the cloud computing environment of oneself quickly and easily.
On the basis of physical host, multiple fictitious host computer is fictionalized by Intel Virtualization Technology in cloud platform, logical
Cross virtualization achieve the integration to resource utilize, by port mapping can by LAN main frame privately owned mutually
Networking protocol (IP, Internet Protocol) address and port mapping be NAT gateway public network IP address with
One idle port of network address translation (NAT, Network Address Translation) gateway, with
Time NAT gateway record port mapping rule, so can realize being in communication with each other of main frame and public network.
When creating virtual machine can to the virtual machine fixing IP of distribution and Floating IP address, fixing IP for virtual machine it
Between communication, Floating IP address for the communication of public network, and when the service of public network user virtual machine to be accessed,
The waste that IP address will be caused in the IP address of a public network is distributed if each virtual machine;And,
When virtual machine is carried out port mapping, need to add manually port to secure group, to realize described end
The opening of mouth, but this makes the port mapping process complexity of virtual machine, causes the waste of human resources.
Summary of the invention
In view of this, embodiment of the present invention expectation provides the implementation method of a kind of virtual machine port mapping, service
Device and system, it is possible to effective saving IP address resource, simplify the operation carrying out virtual machine port mapping,
Strengthen Consumer's Experience sense.
For reaching above-mentioned purpose, the technical scheme of the embodiment of the present invention is achieved in that
Embodiments providing the implementation method of a kind of virtual machine port mapping, described method includes:
When first server determines the default security group of the virtual machine existence association carrying out port mapping, choose institute
State the mapped port that virtual machine open port is corresponding, and by the open port information of described virtual machine and described in reflect
Penetrate port information to add to described default security group;
Send the port mapping requests of described virtual machine to second server;Described port mapping requests is used for referring to
Show that second server carries out port mapping according to the port mapping rule preset to described virtual machine.
In such scheme, described method also includes:
When first server determines the default security group that described virtual machine does not exist association, create described virtual machine
Default security group, and the default security group of establishment closed be coupled to described virtual machine.
In such scheme, described default security group adds described void with the floating Internet protocol IP of described virtual machine
The name nominating of plan machine, described first server determines that the virtual machine carrying out port mapping exists the acquiescence associated
Secure group includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine
Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association
Default security group.
In such scheme, described method also includes:
When first server deletes the port mapping of described virtual machine, delete the silent of described virtual machine association simultaneously
Recognize open port information corresponding in secure group;
When first server deletes described virtual machine, delete the default security group of described virtual machine association simultaneously,
And notify that described second server deletes the relevant information of described virtual machine.
In such scheme, described virtual machine is carried out by described second server according to the port mapping rule preset
Port mapping includes:
The floating IP address of described virtual machine is mapped as by second server according to the port mapping rule preset
The IP address of self, is mapped as described mapped port by described open port, and joins in the fire wall of self
Put the port mapping rule of described virtual machine.
In such scheme, described in choose described virtual machine open port corresponding mapped port include:
It is PORT_1 to PORT_n that first server sets the port of second server, in reading database
The maximum PORT_max of the port numbers that the described second server of storage has been used, determines the value of max
During less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);Really
When determining the value of max not less than n, travel through all of the port of described second server, determine that existence is not included in
During port in described data base, choose a port being not included in described data base as described virtual
The mapped port that machine open port is corresponding;Wherein, described n, max are positive integer.
The embodiment of the present invention additionally provides a kind of server, and described server includes: processing module and transmission mould
Block;Wherein,
Described processing module, during for determining that the virtual machine carrying out port mapping exists the default security group associated,
Choose the mapped port that described virtual machine open port is corresponding, and by the open port information of described virtual machine and
Described mapped port information is added to described default security group;
Described sending module, for sending the port mapping requests of described virtual machine to second server;Described
Described virtual machine is carried out according to the port mapping rule preset by port mapping requests for indicating second server
Port mapping.
In such scheme, described processing module, it is additionally operable to determine the acquiescence peace that described virtual machine does not exist association
When entirely organizing, create the default security group of described virtual machine, and the default security group pass of establishment is coupled to described void
Plan machine.
In such scheme, described default security group adds the title of described virtual machine with the Floating IP address of described virtual machine
Name;
Accordingly, described processing module, whether deposit specifically for searching in the secure group that described virtual machine associates
The secure group of described virtual machine name nominating is being added, if there is then determining institute with the Floating IP address of described virtual machine
State virtual machine and there is the default security group of association.
In such scheme, described server also includes removing module, reflects for deleting the port of described virtual machine
When penetrating, delete open port information corresponding in the default security group of described virtual machine association simultaneously;And delete
During except described virtual machine, delete the default security group of described virtual machine association simultaneously, and notify described second clothes
The relevant information of described virtual machine deleted by business device.
In such scheme, described processing module, specifically for setting the port of second server as PORT_1
To PORT_n, the maximum of the port numbers that the described second server of storage has been used in reading database
PORT_max, determines when the value of max is less than n, chooses the mapping that the open port of described virtual machine is corresponding
Port is PORT_ (max+1);When determining the value of max not less than n, travel through described second server
All of the port, when determining the port that existence is not included in described data base, chooses one and is not included in described
Port in data base is as mapped port corresponding to described virtual machine open port;Wherein, described n, max
It is positive integer.
The embodiment of the present invention additionally provides the system that realizes of a kind of virtual machine port mapping, and described system includes:
First server and second server;Wherein,
Described first server, for determining that the virtual machine carrying out port mapping exists the default security group of association
Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine
Breath and described mapped port information are added to described default security group, and send the port mapping of described virtual machine
Request is to second server;
Described second server, for receiving the port mapping requests of the described virtual machine that first server sends,
And according to the port mapping rule preset, described virtual machine is carried out port mapping.
In such scheme, described second server, specifically for according to preset port mapping rule by described
The floating IP address of virtual machine is mapped as the IP address of self, and described open port is mapped as described mapping
Port, and in the fire wall of self, configure the port mapping rule of described virtual machine.
The implementation method of virtual machine port mapping, server and the system that the embodiment of the present invention is provided, first
When server determines the default security group of the virtual machine existence association carrying out port mapping, choose described virtual machine
The mapped port that open port is corresponding, and open port information and the described mapped port of described virtual machine are believed
Breath adds to described default security group;Send the port mapping requests of described virtual machine to second server;Institute
State port mapping requests for indicating second server according to the port mapping rule preset, described virtual machine to be entered
Row port mapping.So, first server can be automatically by open port information and the described mapping end of virtual machine
Message breath adds to described default security group, eliminates and manually adds the trouble caused in prior art, simplifies
Carry out the operation of virtual machine port mapping, improve Consumer's Experience sense.
Accompanying drawing explanation
Fig. 1 is the implementation method schematic flow sheet of the embodiment of the present invention one virtual machine port mapping;
Fig. 2 is the implementation method schematic flow sheet of the embodiment of the present invention two virtual machine port mapping;
Fig. 3 is the composition structural representation of embodiment of the present invention server;
Fig. 4 is the composition structural representation of the system that realizes of embodiment of the present invention virtual machine port mapping.
Detailed description of the invention
In embodiments of the present invention, first server determines that the virtual machine carrying out port mapping exists the silent of association
When recognizing secure group, choose the mapped port that described virtual machine open port is corresponding, and opening described virtual machine
Put port information and described mapped port information is added to described default security group, and send described virtual machine
Port mapping requests is to second server;Second server receives the port mapping requests that first server sends,
According to the port mapping rule preset, described virtual machine is carried out port mapping.
Fig. 1 show the implementation method schematic flow sheet of embodiment of the present invention virtual machine port mapping, such as Fig. 1
Shown in, the implementation method of embodiment of the present invention virtual machine port mapping includes:
Step 101: first server determines that the virtual machine carrying out port mapping exists the default security group associated
Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine
Breath and described mapped port information are added to described default security group;
Here, described first server is the server for managing described virtual machine, can be a WEB
Server;
Open port information and the described mapped port information of described virtual machine are added to described default security group
While, described first server is also by all relevant described virtual machines such as the protocol names of described virtual machine
Port mapping information is added to described default security group.
Further, when first server determines the default security group that described virtual machine does not exist association, create
The default security group of described virtual machine, adds the name nominating institute of described virtual machine with the Floating IP address of described virtual machine
State default security group, and the default security group pass of establishment is coupled to described virtual machine;So, with described virtual
The Floating IP address of machine adds default security group described in the name nominating of described virtual machine, it is ensured that described default security group
The uniqueness of title;Generated the default security group of virtual machine by first server, and virtual machine is being carried out
During port mapping, automatically the open port information of described virtual machine and described mapped port information etc. are added extremely
Described default security group, to realize the function of open described virtual machine port.
Further, described first server determines that the virtual machine carrying out port mapping exists the acquiescence peace associated
Full group includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine
Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association
Default security group.
Further, the mapped port choosing described virtual machine open port described in corresponding includes:
First server chooses an idle port of described second server as described virtual machine open port
Corresponding mapped port;This operation specifically includes: described first server set the port of second server as
PORT_1 to PORT_n, the port numbers that in reading database, the described second server of storage has been used
Maximum PORT_max, determines when the value of max is less than n, the open port choosing described virtual machine is corresponding
Mapped port be PORT_ (max+1);When determining the value of max not less than n, travel through described second clothes
The all of the port of business device, when determining the port that existence is not included in described data base, chooses one and does not comprises
Port in the database is as mapped port corresponding to described virtual machine open port;Wherein, described
N, max are positive integer;Here, when the described second server of storage in first server reading database
During the port numbers having been used, do not find when comprising the port numbers having been used in the database, choose
PORT_1 is as mapped port corresponding to the open port of described virtual machine;
Further, when first server travels through all of the port of described second server, described second is determined
When server all of the port comprises in the database the most, send miscue, inform and cannot complete this
Secondary port mapping.
Here, after this step, described method also includes: first server adds the opening of described virtual machine
The mapped port information extremely described data base that port is corresponding;Accordingly, described data base is used for storing described
The port that has been used of described second server that one server adds, i.e. stores and all is entered by second server
The mapped port information that virtual machine open port after row port mapping is corresponding;Described data base both can store
On second server, it is also possible to be positioned on other server.
Further, in described first server reading database, the described second server of storage has been used
Port numbers maximum PORT_max while, lock described data base, prevent described data base simultaneously
Accessed by multiple users and cause conflict.
Further, described method also includes: when first server deletes the port mapping of described virtual machine,
Delete open port information etc. corresponding in the default security group of described virtual machine association simultaneously;
When first server deletes described virtual machine, delete the default security group of described virtual machine association simultaneously,
And notify that described second server deletes the relevant information of described virtual machine;Wherein, described virtual machine is relevant
Information includes the port mapping rule etc. of the described virtual machine that described second server configures.
Step 102: send the port mapping requests of described virtual machine to second server;
Here, described port mapping requests includes: the open port information of described virtual machine, described open end
The mapped port information of mouth correspondence, the floating IP address etc. of described virtual machine;
Described second server is one and is exclusively used in realization described virtual machine carries out port mapping, i.e. IP address
Server with port translation.
Further, described port mapping requests is for indicating second server according to the port mapping rule preset
Then described virtual machine is carried out port mapping;Wherein,
Second server carries out port mapping according to the port mapping rule preset to described virtual machine and includes:
Second server is regular by the floating of virtual machine corresponding for described open port according to the port mapping preset
IP address is mapped as the IP address of self, and described open port is mapped as described mapped port, and in fire prevention
Wall configures the port mapping rule of described virtual machine;So, described second server can be by multiple virtual machines
Floating IP address be mapped as self IP address, it is to avoid prior art is divided for each virtual machine
The IP address waste joining a public network IP address and cause.
Further, second server configures during the port mapping rule of described virtual machine main in fire wall
Including three rules: input (INPUT), network address translation (NAT, Network Address
Translation) and source address conversion (SNAT, Source Network Address Translation), and
Carrying out fault-tolerant processing when configuring the port mapping rule of virtual machine, in above-mentioned three rules, any bar adds mistake,
Then remain the dependency rule added also can be deleted.
Fig. 2 is the implementation method schematic flow sheet of the embodiment of the present invention two virtual machine port mapping;Such as Fig. 2 institute
Showing, the implementation method of embodiment of the present invention virtual machine port mapping includes:
Step 201: first server judges to carry out whether the virtual machine of port mapping exists the acquiescence peace of association
Full group, if there is performing step 202;If it does not, perform step 203;
Here, described default security group adds the name nominating of described virtual machine with the Floating IP address of described virtual machine,
So, it is ensured that the uniqueness of described default security group name;
Described first server determines that the default security group of the virtual machine existence association carrying out port mapping includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine
Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association
Default security group.
Step 202: first server chooses the mapped port that described virtual machine open port is corresponding, and by institute
Open port information and the described mapped port information of stating virtual machine are added to described default security group, and perform
Step 204;
Here, the mapped port choosing described virtual machine open port described in corresponding includes:
First server chooses an idle port of described second server as described virtual machine open port
Corresponding mapped port;This operation specifically includes: described first server set the port of second server as
PORT_1 to PORT_n, the port numbers that in reading database, the described second server of storage has been used
Maximum PORT_max, determines when the value of max is less than n, the open port choosing described virtual machine is corresponding
Mapped port be PORT_ (max+1);When determining the value of max not less than n, travel through described second clothes
The all of the port of business device, when determining the port that existence is not included in described data base, chooses one and does not comprises
Port in the database is as mapped port corresponding to described virtual machine open port;Wherein, described
N, max are positive integer;Here, when the described second server of storage in first server reading database
During the port numbers having been used, do not find when comprising the port numbers having been used in the database, choose
PORT_1 is as mapped port corresponding to the open port of described virtual machine;
Further, when first server travels through all of the port of described second server, described second is determined
When server all of the port comprises in the database the most, send miscue, inform and cannot complete this
Secondary port mapping.
Open port information and the described mapped port information of described virtual machine are added to described default security group
While, described first server is also by all relevant described virtual machines such as the protocol names of described virtual machine
Port mapping information is added to described default security group, so, it is achieved that the merit of open described virtual machine port
Energy;
The port numbers that in described first server reading database, the described second server of storage has been used
While maximum PORT_max, lock described data base, prevent described data base simultaneously by multiple users
Access causes conflict.
Step 203: first server creates the default security group of described virtual machine, and the acquiescence peace that will create
Quan Zuguan is coupled to described virtual machine, and performs step 206;
Here, after first server creates the default security group of described virtual machine, with the floating of described virtual machine
IP adds default security group described in the name nominating of described virtual machine;
The default security group of virtual machine is generated by first server, and when virtual machine is carried out port mapping,
Automatically the open port information of described virtual machine is added to described default security group, to realize open described void
The function of plan machine port.
Step 204: first server sends the port mapping requests of described virtual machine to second server;
Here, described port mapping requests includes: the open port information of described virtual machine, described virtual machine
Mapped port information corresponding to open port, the floating IP address etc. of described virtual machine;
Further, described port mapping requests is for indicating second server according to the port mapping rule preset
Then described virtual machine is carried out port mapping.
Step 205: second server receives described port mapping requests, and according to the port mapping rule preset
Then described virtual machine is carried out port mapping;
This step specifically includes: second server is regular by described open port pair according to the port mapping preset
The floating IP address of the virtual machine answered is mapped as the IP address of self, is mapped as by described open port described
Mapped port, and in fire wall, configure the port mapping rule of described virtual machine;So, described second clothes
The floating IP address of multiple virtual machines can be mapped as self IP address by business device, it is to avoid in prior art
The IP address waste caused for each virtual machine distributes a public network IP address.
Step 206: terminate this handling process.
Fig. 3 is the composition structural representation of embodiment of the present invention server;As it is shown on figure 3, the present invention implements
The composition structure of example server includes: processing module 31 and sending module 32;Wherein,
Described processing module 31, for determining that the virtual machine carrying out port mapping exists the default security group of association
Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine
Breath and described mapped port information are added to described default security group;
Described sending module 32, for sending the port mapping requests of described virtual machine to second server;Institute
State port mapping requests for indicating second server according to the port mapping rule preset, described virtual machine to be entered
Row port mapping.
Further, described processing module 31, it is additionally operable to the information such as the protocol name by described virtual machine and adds
To described default security group.
Further, described processing module 31, it is additionally operable to determine the acquiescence peace that described virtual machine does not exist association
When entirely organizing, create the default security group of described virtual machine, add described virtual machine with the Floating IP address of described virtual machine
Name nominating described in default security group, and the default security group of establishment closed be coupled to described virtual machine.
Further, described default security group adds the title life of described virtual machine with the Floating IP address of described virtual machine
Name;
Accordingly, described processing module 31 determines that the virtual machine carrying out port mapping exists the default security associated
Group, including:
Described processing module 31 search described virtual machine association secure group in whether exist with described virtual machine
Floating IP address add the secure group of described virtual machine name nominating, close if there is then determining that described virtual machine exists
The default security group of connection.
Further, described server also includes removing module 33, reflects for deleting the port of described virtual machine
When penetrating, delete open port information corresponding in the default security group of described virtual machine association simultaneously;And delete
During except described virtual machine, delete the default security group of described virtual machine association simultaneously, and notify described second clothes
The relevant information of described virtual machine deleted by business device;Here, described relevant information includes: described second server
The port mapping rule etc. of the described virtual machine of configuration.
Further, described port mapping requests includes: the open port information of described virtual machine, described in open
Put mapped port information corresponding to port, the floating IP address etc. of described virtual machine.
Further, the port mapping rule that second server foundation is preset carries out port to described virtual machine and reflects
Penetrate and include:
Second server is regular by the floating of virtual machine corresponding for described open port according to the port mapping preset
IP address is mapped as the IP address of self, and described open port is mapped as described mapped port, and in fire prevention
Wall configures the port mapping rule of described virtual machine;So, described second server can be by multiple virtual machines
Floating IP address be mapped as self IP address, it is to avoid prior art is divided for each virtual machine
The IP address waste joining a public network IP address and cause.
Further, described processing module 31 chooses the mapped port that described virtual machine open port is corresponding, bag
Include:
The port that described processing module 31 sets described second server is PORT_1 to PORT_n, reads
In data base, the maximum PORT_max of the port numbers that the described second server of storage has been used, determines
When the value of max is less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_
(max+1);When determining the value of max not less than n, travel through all of the port of described second server, determine
When there is the port being not included in described data base, choose a port being not included in described data base
As the mapped port that the open port of described virtual machine is corresponding;Wherein, described n, max are positive integer;
Further, when described processing module 31 travels through all of the port of described second server, determine and do not deposit
During port in being not included in described data base, send miscue, inform that cannot complete this port reflects
Penetrate;
Here, described processing module 31, it is additionally operable to add to described data base the described mapped port chosen;
Described data base, for storing the port numbers of the port that described second server has been used, both can be stored in
On second server, it is also possible to be positioned on other server.
Further, in described processing module 31 reading database, the described second server of storage has been used
Port numbers maximum PORT_max while, lock described data base, prevent described data base simultaneously
Accessed by multiple users and cause conflict.
Fig. 4 is the composition structural representation of the system that realizes of embodiment of the present invention virtual machine port mapping;Such as figure
Shown in 4, the composition structure of the system that realizes of embodiment of the present invention virtual machine port mapping includes: first service
Device 41 and second server 42;Wherein,
Described first server 41, for determining that the virtual machine carrying out port mapping exists the default security of association
During group, choose the mapped port that described virtual machine open port is corresponding, and by the open port of described virtual machine
Information and described mapped port information are added to described default security group, and the port sending described virtual machine reflects
The request of penetrating is to second server 42;
Described second server 42, for receiving the described port mapping requests that first server 41 sends,
And according to the port mapping rule preset, described virtual machine is carried out port mapping;
Here, described default security group adds described virtual machine with the floating Internet protocol IP of described virtual machine
Name nominating;
Described first server 41 determines that the virtual machine carrying out port mapping exists the default security group bag associated
Include:
Described first server 41 search described virtual machine association secure group in whether exist with described virtual
The Floating IP address of machine adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists
The default security group of association.
Further, when first server 41 determines the default security group that described virtual machine does not exist association, wound
Build the default security group of described virtual machine, add the name nominating of described virtual machine with the Floating IP address of described virtual machine
Described default security group, and the default security group pass of establishment is coupled to described virtual machine.
Further, described first server 41 chooses the mapped port bag that described virtual machine open port is corresponding
Include:
The port that described first server 41 sets second server 42 is PORT_1 to PORT_n, reads
Fetch data the maximum PORT_max of the port numbers that the described second server 42 of storage has been used in storehouse,
When determining the value of max less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_
(max+1);When determining the value of max not less than n, travel through all of the port of described second server 42,
When determining the port that existence is not included in described data base, choose one and be not included in described data base
Port is as mapped port corresponding to described virtual machine open port;Wherein, described n, max are the most whole
Number.
When first server 41 travels through all of the port of described second server 42, determine not exist and do not comprise
During port in the database, send miscue, inform and cannot complete this port mapping;
Here, described first server, it is additionally operable to add to described data base described mapped port information;
Accordingly, described data base is for storing the port numbers of the port that described second server 42 has been used, both
Can be stored on second server, it is also possible to be positioned on other server.
Further, the described second server 42 stored in described first server 41 reading database is
While the maximum PORT_max of the port numbers used, lock described data base, prevent described data
Storehouse is accessed by multiple users simultaneously and causes conflict.
Further, when first server 41 deletes the port mapping of described virtual machine, delete described void simultaneously
Intend open port information corresponding in the default security group of office's connection;
When first server 41 deletes described virtual machine, delete the default security of described virtual machine association simultaneously
Group, and notify that described second server deletes the relevant information of described virtual machine.
Further, described virtual machine is carried out by described second server 42 according to default port mapping rule
Port mapping includes:
The floating IP address of described virtual machine is mapped by second server 42 according to default port mapping rule
For the IP address of self, described open port is mapped as described mapped port, and in the fire wall of self
Configure the port mapping rule of described virtual machine.
In embodiments of the present invention, the processing module 31 in described server, sending module 32 and deletion mould
Block 33 all can be by the central processing unit (CPU, Central Processing Unit) in server or numeral letter
Number processor (DSP, Digital Signal Processor) or field programmable gate array (FPGA, Field
Programmable Gate Array) or integrated circuit (ASIC, Application Specific Integrated
Circuit) realize.
The above, only present pre-ferred embodiments, it is not intended to limit protection scope of the present invention.
Claims (13)
1. the implementation method of a virtual machine port mapping, it is characterised in that described method includes:
When first server determines the default security group of the virtual machine existence association carrying out port mapping, choose institute
State the mapped port that virtual machine open port is corresponding, and by the open port information of described virtual machine and described in reflect
Penetrate port information to add to described default security group;
Send the port mapping requests of described virtual machine to second server;Described port mapping requests is used for referring to
Show that second server carries out port mapping according to the port mapping rule preset to described virtual machine.
Method the most according to claim 1, it is characterised in that described method also includes:
When first server determines the default security group that described virtual machine does not exist association, create described virtual machine
Default security group, and the default security group of establishment closed be coupled to described virtual machine.
Method the most according to claim 1 or claim 2, it is characterised in that described default security group is with described void
The floating Internet protocol IP of plan machine adds the name nominating of described virtual machine;
Described first server determines that the default security group of the virtual machine existence association carrying out port mapping includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine
Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association
Default security group.
Method the most according to claim 1 or claim 2, it is characterised in that described method also includes:
When first server deletes the port mapping of described virtual machine, delete the silent of described virtual machine association simultaneously
Recognize open port information corresponding in secure group;
When first server deletes described virtual machine, delete the default security group of described virtual machine association simultaneously,
And notify that described second server deletes the relevant information of described virtual machine.
Method the most according to claim 1 or claim 2, it is characterised in that described in choose described virtual machine open
The mapped port that port is corresponding includes:
It is PORT_1 to PORT_n that first server sets the port of second server, in reading database
The maximum PORT_max of the port numbers that the described second server of storage has been used, determines the value of max
During less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);Really
When determining the value of max not less than n, travel through all of the port of described second server, determine that existence is not included in
During port in described data base, choose a port being not included in described data base as described virtual
The mapped port that machine open port is corresponding;Wherein, described n, max are positive integer.
Method the most according to claim 1 or claim 2, it is characterised in that described second server is according to presetting
Port mapping rule described virtual machine carried out port mapping include:
The floating IP address of described virtual machine is mapped as by second server according to the port mapping rule preset
The IP address of self, is mapped as described mapped port by described open port, and joins in the fire wall of self
Put the port mapping rule of described virtual machine.
7. a server, it is characterised in that described server includes: processing module and sending module;Its
In,
Described processing module, during for determining that the virtual machine carrying out port mapping exists the default security group associated,
Choose the mapped port that described virtual machine open port is corresponding, and by the open port information of described virtual machine and
Described mapped port information is added to described default security group;
Described sending module, for sending the port mapping requests of described virtual machine to second server;Described
Described virtual machine is carried out according to the port mapping rule preset by port mapping requests for indicating second server
Port mapping.
The most according to claim 7, server, it is characterised in that described processing module, be additionally operable to determine
When described virtual machine does not exist the default security group of association, create the default security group of described virtual machine, and will
The default security group created is closed and is coupled to described virtual machine.
9. according to server described in claim 7 or 8, it is characterised in that described default security group is with described
The Floating IP address of virtual machine adds the name nominating of described virtual machine;
Accordingly, described processing module, whether deposit specifically for searching in the secure group that described virtual machine associates
The secure group of described virtual machine name nominating is being added, if there is then determining institute with the Floating IP address of described virtual machine
State virtual machine and there is the default security group of association.
10. according to server described in claim 7 or 8, it is characterised in that described server also includes deleting
Except module, during for deleting the port mapping of described virtual machine, delete the acquiescence of described virtual machine association simultaneously
Open port information corresponding in secure group;And when deleting described virtual machine, delete described virtual machine simultaneously
The default security group of association, and notify that described second server deletes the relevant information of described virtual machine.
11. according to server described in claim 7 or 8, it is characterised in that described processing module, specifically
Being PORT_1 to PORT_n for setting the port of second server, in reading database, storage is described
The maximum PORT_max of the port numbers that second server has been used, determines when the value of max is less than n,
The mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);Determine max's
When value is not less than n, travels through all of the port of described second server, determine that existence is not included in described data
During port in storehouse, choose a port being not included in described data base as described virtual machine open end
The mapped port that mouth is corresponding;Wherein, described n, max are positive integer.
12. 1 kinds of virtual machine port mapping realize system, it is characterised in that described system includes: first
Server and second server;Wherein,
Described first server, for determining that the virtual machine carrying out port mapping exists the default security group of association
Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine
Breath and described mapped port information are added to described default security group, and send the port mapping of described virtual machine
Request is to second server;
Described second server, for receiving the port mapping requests of the described virtual machine that first server sends,
And according to the port mapping rule preset, described virtual machine is carried out port mapping.
13. according to system described in claim 12, it is characterised in that described second server, specifically for
According to the port mapping rule preset, the floating IP address of described virtual machine is mapped as the IP address of self,
Described open port is mapped as described mapped port, and in the fire wall of self, configures described virtual machine
Port mapping rule.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510101153.XA CN105991789A (en) | 2015-03-06 | 2015-03-06 | Method for realizing virtual machine port mapping, servers and system |
PCT/CN2015/098201 WO2016141749A1 (en) | 2015-03-06 | 2015-12-22 | Port mapping implementation method and system for virtual machine, server and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510101153.XA CN105991789A (en) | 2015-03-06 | 2015-03-06 | Method for realizing virtual machine port mapping, servers and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105991789A true CN105991789A (en) | 2016-10-05 |
Family
ID=56878917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510101153.XA Withdrawn CN105991789A (en) | 2015-03-06 | 2015-03-06 | Method for realizing virtual machine port mapping, servers and system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105991789A (en) |
WO (1) | WO2016141749A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
CN114978890A (en) * | 2022-05-16 | 2022-08-30 | 南京信息职业技术学院 | Port mapping system and mapping method thereof |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114024772B (en) * | 2022-01-05 | 2022-04-26 | 北京赛宁网安科技有限公司 | Network attack and defense platform port mapping method and system |
CN115622815B (en) * | 2022-12-19 | 2023-02-24 | 苏州浪潮智能科技有限公司 | Port isolation implementation method, device, equipment and medium based on virtualization environment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102594660A (en) * | 2012-01-19 | 2012-07-18 | 华为技术有限公司 | Virtual interface exchange method, device and system |
CN103109516A (en) * | 2010-09-15 | 2013-05-15 | 国际商业机器公司 | Multiple virtual machines sharing a single ip address |
CN103412519A (en) * | 2013-04-24 | 2013-11-27 | 昆山三泰新电子科技有限公司 | Remote peripheral control system, method and remote server thereof |
US8639783B1 (en) * | 2009-08-28 | 2014-01-28 | Cisco Technology, Inc. | Policy based configuration of interfaces in a virtual machine environment |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8761187B2 (en) * | 2011-06-14 | 2014-06-24 | Futurewei Technologies, Inc. | System and method for an in-server virtual switch |
CN103825954B (en) * | 2014-03-10 | 2017-12-01 | 中国联合网络通信集团有限公司 | A kind of OpenFlow control methods and corresponding plug-in unit, platform and network |
-
2015
- 2015-03-06 CN CN201510101153.XA patent/CN105991789A/en not_active Withdrawn
- 2015-12-22 WO PCT/CN2015/098201 patent/WO2016141749A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8639783B1 (en) * | 2009-08-28 | 2014-01-28 | Cisco Technology, Inc. | Policy based configuration of interfaces in a virtual machine environment |
CN103109516A (en) * | 2010-09-15 | 2013-05-15 | 国际商业机器公司 | Multiple virtual machines sharing a single ip address |
CN102594660A (en) * | 2012-01-19 | 2012-07-18 | 华为技术有限公司 | Virtual interface exchange method, device and system |
CN103412519A (en) * | 2013-04-24 | 2013-11-27 | 昆山三泰新电子科技有限公司 | Remote peripheral control system, method and remote server thereof |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878482A (en) * | 2017-01-03 | 2017-06-20 | 新华三技术有限公司 | Method for network address translation and device |
CN106878482B (en) * | 2017-01-03 | 2020-01-03 | 新华三技术有限公司 | Network address translation method and device |
CN114978890A (en) * | 2022-05-16 | 2022-08-30 | 南京信息职业技术学院 | Port mapping system and mapping method thereof |
CN114978890B (en) * | 2022-05-16 | 2024-01-23 | 南京信息职业技术学院 | Port mapping system and mapping method thereof |
Also Published As
Publication number | Publication date |
---|---|
WO2016141749A1 (en) | 2016-09-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11658971B1 (en) | Virtual firewalls for multi-tenant distributed services | |
EP3640823B1 (en) | Service data storage method, device, storage medium, and electronic device | |
WO2021017279A1 (en) | Cluster security management method and apparatus based on kubernetes and network domain, and storage medium | |
CN107241344B (en) | Client is intercepted to the method, apparatus and system of the access of hostile network server | |
JP2019067398A (en) | Automated reduction in electronic mail-based security threat | |
US11681757B2 (en) | Similar email spam detection | |
CN107317887B (en) | A kind of load-balancing method, device and system | |
CN108616490A (en) | A kind of method for network access control, apparatus and system | |
CN103810444B (en) | The method and system of multi-tenant application isolation in a kind of cloud computing platform | |
CN106878343B (en) | It is the system serviced that network security is provided under a kind of cloud computing environment | |
WO2014101777A1 (en) | Flow table matching method and device, and switch | |
WO2007078577A2 (en) | Combining communication policies into common rules store | |
CN1761244A (en) | Method for setting up notification function for route selection according to border gateway protocol | |
CN105991789A (en) | Method for realizing virtual machine port mapping, servers and system | |
CN110226155A (en) | Context property is collected and handled on host | |
US20130247208A1 (en) | System, method, and computer program product for preventing data leakage utilizing a map of data | |
CN107870734A (en) | The exchange method and device of a kind of distributed file system | |
WO2012034525A1 (en) | Microblog client, method for aggregating microblog messages, and instant communication client | |
CN110351208A (en) | A kind of message forwarding method, device, equipment and computer readable storage medium | |
US20180205790A1 (en) | Distributed data structure in a software defined networking environment | |
CN107249038A (en) | Business datum retransmission method and system | |
CN103442096B (en) | NAT method based on mobile Internet and system | |
US20080155263A1 (en) | Systems and Methods for Tracking Electronic Files in Computer Networks Using Electronic Signatures | |
US11494408B2 (en) | Asynchronous row to object enrichment of database change streams | |
CN110049081A (en) | For build and using high availability Docker private library method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20161005 |
|
WW01 | Invention patent application withdrawn after publication |