CN105991789A - Method for realizing virtual machine port mapping, servers and system - Google Patents

Method for realizing virtual machine port mapping, servers and system Download PDF

Info

Publication number
CN105991789A
CN105991789A CN201510101153.XA CN201510101153A CN105991789A CN 105991789 A CN105991789 A CN 105991789A CN 201510101153 A CN201510101153 A CN 201510101153A CN 105991789 A CN105991789 A CN 105991789A
Authority
CN
China
Prior art keywords
port
virtual machine
server
described virtual
default security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510101153.XA
Other languages
Chinese (zh)
Inventor
刘磊
刘亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510101153.XA priority Critical patent/CN105991789A/en
Priority to PCT/CN2015/098201 priority patent/WO2016141749A1/en
Publication of CN105991789A publication Critical patent/CN105991789A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Abstract

The invention discloses a method for realizing virtual machine port mapping. When a first server determines a virtual machine which carries out port mapping has an associated default security group, the mapping port corresponding to a virtual machine opening port is selected, and the opening port information of the virtual machine and mapping port information are added to the default security group. The mapping port request of the virtual machine is sent to a second server. The port mapping request is used for indicating the second server to carry out port mapping on the virtual machine according to a preset port mapping rule. The invention also discloses a system for realizing the virtual machine port mapping and the servers.

Description

Implementation method, server and the system of a kind of virtual machine port mapping
Technical field
The present invention relates to virtual machine in Openstack cloud computing management platform and carry out the correlation technique of port mapping, Particularly relate to implementation method, server and the system of a kind of virtual machine port mapping.
Background technology
Openstack is that a cloud of increasing income developed cooperatively by US National Aeronautics and Space Administration and Rackspace is put down Platform management project, has been widely applied to building of publicly-owned cloud and privately owned cloud, and enterprises and individuals can To use Openstack to dispose the cloud computing environment of oneself quickly and easily.
On the basis of physical host, multiple fictitious host computer is fictionalized by Intel Virtualization Technology in cloud platform, logical Cross virtualization achieve the integration to resource utilize, by port mapping can by LAN main frame privately owned mutually Networking protocol (IP, Internet Protocol) address and port mapping be NAT gateway public network IP address with One idle port of network address translation (NAT, Network Address Translation) gateway, with Time NAT gateway record port mapping rule, so can realize being in communication with each other of main frame and public network.
When creating virtual machine can to the virtual machine fixing IP of distribution and Floating IP address, fixing IP for virtual machine it Between communication, Floating IP address for the communication of public network, and when the service of public network user virtual machine to be accessed, The waste that IP address will be caused in the IP address of a public network is distributed if each virtual machine;And, When virtual machine is carried out port mapping, need to add manually port to secure group, to realize described end The opening of mouth, but this makes the port mapping process complexity of virtual machine, causes the waste of human resources.
Summary of the invention
In view of this, embodiment of the present invention expectation provides the implementation method of a kind of virtual machine port mapping, service Device and system, it is possible to effective saving IP address resource, simplify the operation carrying out virtual machine port mapping, Strengthen Consumer's Experience sense.
For reaching above-mentioned purpose, the technical scheme of the embodiment of the present invention is achieved in that
Embodiments providing the implementation method of a kind of virtual machine port mapping, described method includes:
When first server determines the default security group of the virtual machine existence association carrying out port mapping, choose institute State the mapped port that virtual machine open port is corresponding, and by the open port information of described virtual machine and described in reflect Penetrate port information to add to described default security group;
Send the port mapping requests of described virtual machine to second server;Described port mapping requests is used for referring to Show that second server carries out port mapping according to the port mapping rule preset to described virtual machine.
In such scheme, described method also includes:
When first server determines the default security group that described virtual machine does not exist association, create described virtual machine Default security group, and the default security group of establishment closed be coupled to described virtual machine.
In such scheme, described default security group adds described void with the floating Internet protocol IP of described virtual machine The name nominating of plan machine, described first server determines that the virtual machine carrying out port mapping exists the acquiescence associated Secure group includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association Default security group.
In such scheme, described method also includes:
When first server deletes the port mapping of described virtual machine, delete the silent of described virtual machine association simultaneously Recognize open port information corresponding in secure group;
When first server deletes described virtual machine, delete the default security group of described virtual machine association simultaneously, And notify that described second server deletes the relevant information of described virtual machine.
In such scheme, described virtual machine is carried out by described second server according to the port mapping rule preset Port mapping includes:
The floating IP address of described virtual machine is mapped as by second server according to the port mapping rule preset The IP address of self, is mapped as described mapped port by described open port, and joins in the fire wall of self Put the port mapping rule of described virtual machine.
In such scheme, described in choose described virtual machine open port corresponding mapped port include:
It is PORT_1 to PORT_n that first server sets the port of second server, in reading database The maximum PORT_max of the port numbers that the described second server of storage has been used, determines the value of max During less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);Really When determining the value of max not less than n, travel through all of the port of described second server, determine that existence is not included in During port in described data base, choose a port being not included in described data base as described virtual The mapped port that machine open port is corresponding;Wherein, described n, max are positive integer.
The embodiment of the present invention additionally provides a kind of server, and described server includes: processing module and transmission mould Block;Wherein,
Described processing module, during for determining that the virtual machine carrying out port mapping exists the default security group associated, Choose the mapped port that described virtual machine open port is corresponding, and by the open port information of described virtual machine and Described mapped port information is added to described default security group;
Described sending module, for sending the port mapping requests of described virtual machine to second server;Described Described virtual machine is carried out according to the port mapping rule preset by port mapping requests for indicating second server Port mapping.
In such scheme, described processing module, it is additionally operable to determine the acquiescence peace that described virtual machine does not exist association When entirely organizing, create the default security group of described virtual machine, and the default security group pass of establishment is coupled to described void Plan machine.
In such scheme, described default security group adds the title of described virtual machine with the Floating IP address of described virtual machine Name;
Accordingly, described processing module, whether deposit specifically for searching in the secure group that described virtual machine associates The secure group of described virtual machine name nominating is being added, if there is then determining institute with the Floating IP address of described virtual machine State virtual machine and there is the default security group of association.
In such scheme, described server also includes removing module, reflects for deleting the port of described virtual machine When penetrating, delete open port information corresponding in the default security group of described virtual machine association simultaneously;And delete During except described virtual machine, delete the default security group of described virtual machine association simultaneously, and notify described second clothes The relevant information of described virtual machine deleted by business device.
In such scheme, described processing module, specifically for setting the port of second server as PORT_1 To PORT_n, the maximum of the port numbers that the described second server of storage has been used in reading database PORT_max, determines when the value of max is less than n, chooses the mapping that the open port of described virtual machine is corresponding Port is PORT_ (max+1);When determining the value of max not less than n, travel through described second server All of the port, when determining the port that existence is not included in described data base, chooses one and is not included in described Port in data base is as mapped port corresponding to described virtual machine open port;Wherein, described n, max It is positive integer.
The embodiment of the present invention additionally provides the system that realizes of a kind of virtual machine port mapping, and described system includes: First server and second server;Wherein,
Described first server, for determining that the virtual machine carrying out port mapping exists the default security group of association Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine Breath and described mapped port information are added to described default security group, and send the port mapping of described virtual machine Request is to second server;
Described second server, for receiving the port mapping requests of the described virtual machine that first server sends, And according to the port mapping rule preset, described virtual machine is carried out port mapping.
In such scheme, described second server, specifically for according to preset port mapping rule by described The floating IP address of virtual machine is mapped as the IP address of self, and described open port is mapped as described mapping Port, and in the fire wall of self, configure the port mapping rule of described virtual machine.
The implementation method of virtual machine port mapping, server and the system that the embodiment of the present invention is provided, first When server determines the default security group of the virtual machine existence association carrying out port mapping, choose described virtual machine The mapped port that open port is corresponding, and open port information and the described mapped port of described virtual machine are believed Breath adds to described default security group;Send the port mapping requests of described virtual machine to second server;Institute State port mapping requests for indicating second server according to the port mapping rule preset, described virtual machine to be entered Row port mapping.So, first server can be automatically by open port information and the described mapping end of virtual machine Message breath adds to described default security group, eliminates and manually adds the trouble caused in prior art, simplifies Carry out the operation of virtual machine port mapping, improve Consumer's Experience sense.
Accompanying drawing explanation
Fig. 1 is the implementation method schematic flow sheet of the embodiment of the present invention one virtual machine port mapping;
Fig. 2 is the implementation method schematic flow sheet of the embodiment of the present invention two virtual machine port mapping;
Fig. 3 is the composition structural representation of embodiment of the present invention server;
Fig. 4 is the composition structural representation of the system that realizes of embodiment of the present invention virtual machine port mapping.
Detailed description of the invention
In embodiments of the present invention, first server determines that the virtual machine carrying out port mapping exists the silent of association When recognizing secure group, choose the mapped port that described virtual machine open port is corresponding, and opening described virtual machine Put port information and described mapped port information is added to described default security group, and send described virtual machine Port mapping requests is to second server;Second server receives the port mapping requests that first server sends, According to the port mapping rule preset, described virtual machine is carried out port mapping.
Fig. 1 show the implementation method schematic flow sheet of embodiment of the present invention virtual machine port mapping, such as Fig. 1 Shown in, the implementation method of embodiment of the present invention virtual machine port mapping includes:
Step 101: first server determines that the virtual machine carrying out port mapping exists the default security group associated Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine Breath and described mapped port information are added to described default security group;
Here, described first server is the server for managing described virtual machine, can be a WEB Server;
Open port information and the described mapped port information of described virtual machine are added to described default security group While, described first server is also by all relevant described virtual machines such as the protocol names of described virtual machine Port mapping information is added to described default security group.
Further, when first server determines the default security group that described virtual machine does not exist association, create The default security group of described virtual machine, adds the name nominating institute of described virtual machine with the Floating IP address of described virtual machine State default security group, and the default security group pass of establishment is coupled to described virtual machine;So, with described virtual The Floating IP address of machine adds default security group described in the name nominating of described virtual machine, it is ensured that described default security group The uniqueness of title;Generated the default security group of virtual machine by first server, and virtual machine is being carried out During port mapping, automatically the open port information of described virtual machine and described mapped port information etc. are added extremely Described default security group, to realize the function of open described virtual machine port.
Further, described first server determines that the virtual machine carrying out port mapping exists the acquiescence peace associated Full group includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association Default security group.
Further, the mapped port choosing described virtual machine open port described in corresponding includes:
First server chooses an idle port of described second server as described virtual machine open port Corresponding mapped port;This operation specifically includes: described first server set the port of second server as PORT_1 to PORT_n, the port numbers that in reading database, the described second server of storage has been used Maximum PORT_max, determines when the value of max is less than n, the open port choosing described virtual machine is corresponding Mapped port be PORT_ (max+1);When determining the value of max not less than n, travel through described second clothes The all of the port of business device, when determining the port that existence is not included in described data base, chooses one and does not comprises Port in the database is as mapped port corresponding to described virtual machine open port;Wherein, described N, max are positive integer;Here, when the described second server of storage in first server reading database During the port numbers having been used, do not find when comprising the port numbers having been used in the database, choose PORT_1 is as mapped port corresponding to the open port of described virtual machine;
Further, when first server travels through all of the port of described second server, described second is determined When server all of the port comprises in the database the most, send miscue, inform and cannot complete this Secondary port mapping.
Here, after this step, described method also includes: first server adds the opening of described virtual machine The mapped port information extremely described data base that port is corresponding;Accordingly, described data base is used for storing described The port that has been used of described second server that one server adds, i.e. stores and all is entered by second server The mapped port information that virtual machine open port after row port mapping is corresponding;Described data base both can store On second server, it is also possible to be positioned on other server.
Further, in described first server reading database, the described second server of storage has been used Port numbers maximum PORT_max while, lock described data base, prevent described data base simultaneously Accessed by multiple users and cause conflict.
Further, described method also includes: when first server deletes the port mapping of described virtual machine, Delete open port information etc. corresponding in the default security group of described virtual machine association simultaneously;
When first server deletes described virtual machine, delete the default security group of described virtual machine association simultaneously, And notify that described second server deletes the relevant information of described virtual machine;Wherein, described virtual machine is relevant Information includes the port mapping rule etc. of the described virtual machine that described second server configures.
Step 102: send the port mapping requests of described virtual machine to second server;
Here, described port mapping requests includes: the open port information of described virtual machine, described open end The mapped port information of mouth correspondence, the floating IP address etc. of described virtual machine;
Described second server is one and is exclusively used in realization described virtual machine carries out port mapping, i.e. IP address Server with port translation.
Further, described port mapping requests is for indicating second server according to the port mapping rule preset Then described virtual machine is carried out port mapping;Wherein,
Second server carries out port mapping according to the port mapping rule preset to described virtual machine and includes:
Second server is regular by the floating of virtual machine corresponding for described open port according to the port mapping preset IP address is mapped as the IP address of self, and described open port is mapped as described mapped port, and in fire prevention Wall configures the port mapping rule of described virtual machine;So, described second server can be by multiple virtual machines Floating IP address be mapped as self IP address, it is to avoid prior art is divided for each virtual machine The IP address waste joining a public network IP address and cause.
Further, second server configures during the port mapping rule of described virtual machine main in fire wall Including three rules: input (INPUT), network address translation (NAT, Network Address Translation) and source address conversion (SNAT, Source Network Address Translation), and Carrying out fault-tolerant processing when configuring the port mapping rule of virtual machine, in above-mentioned three rules, any bar adds mistake, Then remain the dependency rule added also can be deleted.
Fig. 2 is the implementation method schematic flow sheet of the embodiment of the present invention two virtual machine port mapping;Such as Fig. 2 institute Showing, the implementation method of embodiment of the present invention virtual machine port mapping includes:
Step 201: first server judges to carry out whether the virtual machine of port mapping exists the acquiescence peace of association Full group, if there is performing step 202;If it does not, perform step 203;
Here, described default security group adds the name nominating of described virtual machine with the Floating IP address of described virtual machine, So, it is ensured that the uniqueness of described default security group name;
Described first server determines that the default security group of the virtual machine existence association carrying out port mapping includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association Default security group.
Step 202: first server chooses the mapped port that described virtual machine open port is corresponding, and by institute Open port information and the described mapped port information of stating virtual machine are added to described default security group, and perform Step 204;
Here, the mapped port choosing described virtual machine open port described in corresponding includes:
First server chooses an idle port of described second server as described virtual machine open port Corresponding mapped port;This operation specifically includes: described first server set the port of second server as PORT_1 to PORT_n, the port numbers that in reading database, the described second server of storage has been used Maximum PORT_max, determines when the value of max is less than n, the open port choosing described virtual machine is corresponding Mapped port be PORT_ (max+1);When determining the value of max not less than n, travel through described second clothes The all of the port of business device, when determining the port that existence is not included in described data base, chooses one and does not comprises Port in the database is as mapped port corresponding to described virtual machine open port;Wherein, described N, max are positive integer;Here, when the described second server of storage in first server reading database During the port numbers having been used, do not find when comprising the port numbers having been used in the database, choose PORT_1 is as mapped port corresponding to the open port of described virtual machine;
Further, when first server travels through all of the port of described second server, described second is determined When server all of the port comprises in the database the most, send miscue, inform and cannot complete this Secondary port mapping.
Open port information and the described mapped port information of described virtual machine are added to described default security group While, described first server is also by all relevant described virtual machines such as the protocol names of described virtual machine Port mapping information is added to described default security group, so, it is achieved that the merit of open described virtual machine port Energy;
The port numbers that in described first server reading database, the described second server of storage has been used While maximum PORT_max, lock described data base, prevent described data base simultaneously by multiple users Access causes conflict.
Step 203: first server creates the default security group of described virtual machine, and the acquiescence peace that will create Quan Zuguan is coupled to described virtual machine, and performs step 206;
Here, after first server creates the default security group of described virtual machine, with the floating of described virtual machine IP adds default security group described in the name nominating of described virtual machine;
The default security group of virtual machine is generated by first server, and when virtual machine is carried out port mapping, Automatically the open port information of described virtual machine is added to described default security group, to realize open described void The function of plan machine port.
Step 204: first server sends the port mapping requests of described virtual machine to second server;
Here, described port mapping requests includes: the open port information of described virtual machine, described virtual machine Mapped port information corresponding to open port, the floating IP address etc. of described virtual machine;
Further, described port mapping requests is for indicating second server according to the port mapping rule preset Then described virtual machine is carried out port mapping.
Step 205: second server receives described port mapping requests, and according to the port mapping rule preset Then described virtual machine is carried out port mapping;
This step specifically includes: second server is regular by described open port pair according to the port mapping preset The floating IP address of the virtual machine answered is mapped as the IP address of self, is mapped as by described open port described Mapped port, and in fire wall, configure the port mapping rule of described virtual machine;So, described second clothes The floating IP address of multiple virtual machines can be mapped as self IP address by business device, it is to avoid in prior art The IP address waste caused for each virtual machine distributes a public network IP address.
Step 206: terminate this handling process.
Fig. 3 is the composition structural representation of embodiment of the present invention server;As it is shown on figure 3, the present invention implements The composition structure of example server includes: processing module 31 and sending module 32;Wherein,
Described processing module 31, for determining that the virtual machine carrying out port mapping exists the default security group of association Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine Breath and described mapped port information are added to described default security group;
Described sending module 32, for sending the port mapping requests of described virtual machine to second server;Institute State port mapping requests for indicating second server according to the port mapping rule preset, described virtual machine to be entered Row port mapping.
Further, described processing module 31, it is additionally operable to the information such as the protocol name by described virtual machine and adds To described default security group.
Further, described processing module 31, it is additionally operable to determine the acquiescence peace that described virtual machine does not exist association When entirely organizing, create the default security group of described virtual machine, add described virtual machine with the Floating IP address of described virtual machine Name nominating described in default security group, and the default security group of establishment closed be coupled to described virtual machine.
Further, described default security group adds the title life of described virtual machine with the Floating IP address of described virtual machine Name;
Accordingly, described processing module 31 determines that the virtual machine carrying out port mapping exists the default security associated Group, including:
Described processing module 31 search described virtual machine association secure group in whether exist with described virtual machine Floating IP address add the secure group of described virtual machine name nominating, close if there is then determining that described virtual machine exists The default security group of connection.
Further, described server also includes removing module 33, reflects for deleting the port of described virtual machine When penetrating, delete open port information corresponding in the default security group of described virtual machine association simultaneously;And delete During except described virtual machine, delete the default security group of described virtual machine association simultaneously, and notify described second clothes The relevant information of described virtual machine deleted by business device;Here, described relevant information includes: described second server The port mapping rule etc. of the described virtual machine of configuration.
Further, described port mapping requests includes: the open port information of described virtual machine, described in open Put mapped port information corresponding to port, the floating IP address etc. of described virtual machine.
Further, the port mapping rule that second server foundation is preset carries out port to described virtual machine and reflects Penetrate and include:
Second server is regular by the floating of virtual machine corresponding for described open port according to the port mapping preset IP address is mapped as the IP address of self, and described open port is mapped as described mapped port, and in fire prevention Wall configures the port mapping rule of described virtual machine;So, described second server can be by multiple virtual machines Floating IP address be mapped as self IP address, it is to avoid prior art is divided for each virtual machine The IP address waste joining a public network IP address and cause.
Further, described processing module 31 chooses the mapped port that described virtual machine open port is corresponding, bag Include:
The port that described processing module 31 sets described second server is PORT_1 to PORT_n, reads In data base, the maximum PORT_max of the port numbers that the described second server of storage has been used, determines When the value of max is less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);When determining the value of max not less than n, travel through all of the port of described second server, determine When there is the port being not included in described data base, choose a port being not included in described data base As the mapped port that the open port of described virtual machine is corresponding;Wherein, described n, max are positive integer;
Further, when described processing module 31 travels through all of the port of described second server, determine and do not deposit During port in being not included in described data base, send miscue, inform that cannot complete this port reflects Penetrate;
Here, described processing module 31, it is additionally operable to add to described data base the described mapped port chosen; Described data base, for storing the port numbers of the port that described second server has been used, both can be stored in On second server, it is also possible to be positioned on other server.
Further, in described processing module 31 reading database, the described second server of storage has been used Port numbers maximum PORT_max while, lock described data base, prevent described data base simultaneously Accessed by multiple users and cause conflict.
Fig. 4 is the composition structural representation of the system that realizes of embodiment of the present invention virtual machine port mapping;Such as figure Shown in 4, the composition structure of the system that realizes of embodiment of the present invention virtual machine port mapping includes: first service Device 41 and second server 42;Wherein,
Described first server 41, for determining that the virtual machine carrying out port mapping exists the default security of association During group, choose the mapped port that described virtual machine open port is corresponding, and by the open port of described virtual machine Information and described mapped port information are added to described default security group, and the port sending described virtual machine reflects The request of penetrating is to second server 42;
Described second server 42, for receiving the described port mapping requests that first server 41 sends, And according to the port mapping rule preset, described virtual machine is carried out port mapping;
Here, described default security group adds described virtual machine with the floating Internet protocol IP of described virtual machine Name nominating;
Described first server 41 determines that the virtual machine carrying out port mapping exists the default security group bag associated Include:
Described first server 41 search described virtual machine association secure group in whether exist with described virtual The Floating IP address of machine adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists The default security group of association.
Further, when first server 41 determines the default security group that described virtual machine does not exist association, wound Build the default security group of described virtual machine, add the name nominating of described virtual machine with the Floating IP address of described virtual machine Described default security group, and the default security group pass of establishment is coupled to described virtual machine.
Further, described first server 41 chooses the mapped port bag that described virtual machine open port is corresponding Include:
The port that described first server 41 sets second server 42 is PORT_1 to PORT_n, reads Fetch data the maximum PORT_max of the port numbers that the described second server 42 of storage has been used in storehouse, When determining the value of max less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);When determining the value of max not less than n, travel through all of the port of described second server 42, When determining the port that existence is not included in described data base, choose one and be not included in described data base Port is as mapped port corresponding to described virtual machine open port;Wherein, described n, max are the most whole Number.
When first server 41 travels through all of the port of described second server 42, determine not exist and do not comprise During port in the database, send miscue, inform and cannot complete this port mapping;
Here, described first server, it is additionally operable to add to described data base described mapped port information; Accordingly, described data base is for storing the port numbers of the port that described second server 42 has been used, both Can be stored on second server, it is also possible to be positioned on other server.
Further, the described second server 42 stored in described first server 41 reading database is While the maximum PORT_max of the port numbers used, lock described data base, prevent described data Storehouse is accessed by multiple users simultaneously and causes conflict.
Further, when first server 41 deletes the port mapping of described virtual machine, delete described void simultaneously Intend open port information corresponding in the default security group of office's connection;
When first server 41 deletes described virtual machine, delete the default security of described virtual machine association simultaneously Group, and notify that described second server deletes the relevant information of described virtual machine.
Further, described virtual machine is carried out by described second server 42 according to default port mapping rule Port mapping includes:
The floating IP address of described virtual machine is mapped by second server 42 according to default port mapping rule For the IP address of self, described open port is mapped as described mapped port, and in the fire wall of self Configure the port mapping rule of described virtual machine.
In embodiments of the present invention, the processing module 31 in described server, sending module 32 and deletion mould Block 33 all can be by the central processing unit (CPU, Central Processing Unit) in server or numeral letter Number processor (DSP, Digital Signal Processor) or field programmable gate array (FPGA, Field Programmable Gate Array) or integrated circuit (ASIC, Application Specific Integrated Circuit) realize.
The above, only present pre-ferred embodiments, it is not intended to limit protection scope of the present invention.

Claims (13)

1. the implementation method of a virtual machine port mapping, it is characterised in that described method includes:
When first server determines the default security group of the virtual machine existence association carrying out port mapping, choose institute State the mapped port that virtual machine open port is corresponding, and by the open port information of described virtual machine and described in reflect Penetrate port information to add to described default security group;
Send the port mapping requests of described virtual machine to second server;Described port mapping requests is used for referring to Show that second server carries out port mapping according to the port mapping rule preset to described virtual machine.
Method the most according to claim 1, it is characterised in that described method also includes:
When first server determines the default security group that described virtual machine does not exist association, create described virtual machine Default security group, and the default security group of establishment closed be coupled to described virtual machine.
Method the most according to claim 1 or claim 2, it is characterised in that described default security group is with described void The floating Internet protocol IP of plan machine adds the name nominating of described virtual machine;
Described first server determines that the default security group of the virtual machine existence association carrying out port mapping includes:
Whether the secure group of described first server lookup described virtual machine association exists with described virtual machine Floating IP address adds the secure group of described virtual machine name nominating, if there is then determining that described virtual machine exists association Default security group.
Method the most according to claim 1 or claim 2, it is characterised in that described method also includes:
When first server deletes the port mapping of described virtual machine, delete the silent of described virtual machine association simultaneously Recognize open port information corresponding in secure group;
When first server deletes described virtual machine, delete the default security group of described virtual machine association simultaneously, And notify that described second server deletes the relevant information of described virtual machine.
Method the most according to claim 1 or claim 2, it is characterised in that described in choose described virtual machine open The mapped port that port is corresponding includes:
It is PORT_1 to PORT_n that first server sets the port of second server, in reading database The maximum PORT_max of the port numbers that the described second server of storage has been used, determines the value of max During less than n, the mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);Really When determining the value of max not less than n, travel through all of the port of described second server, determine that existence is not included in During port in described data base, choose a port being not included in described data base as described virtual The mapped port that machine open port is corresponding;Wherein, described n, max are positive integer.
Method the most according to claim 1 or claim 2, it is characterised in that described second server is according to presetting Port mapping rule described virtual machine carried out port mapping include:
The floating IP address of described virtual machine is mapped as by second server according to the port mapping rule preset The IP address of self, is mapped as described mapped port by described open port, and joins in the fire wall of self Put the port mapping rule of described virtual machine.
7. a server, it is characterised in that described server includes: processing module and sending module;Its In,
Described processing module, during for determining that the virtual machine carrying out port mapping exists the default security group associated, Choose the mapped port that described virtual machine open port is corresponding, and by the open port information of described virtual machine and Described mapped port information is added to described default security group;
Described sending module, for sending the port mapping requests of described virtual machine to second server;Described Described virtual machine is carried out according to the port mapping rule preset by port mapping requests for indicating second server Port mapping.
The most according to claim 7, server, it is characterised in that described processing module, be additionally operable to determine When described virtual machine does not exist the default security group of association, create the default security group of described virtual machine, and will The default security group created is closed and is coupled to described virtual machine.
9. according to server described in claim 7 or 8, it is characterised in that described default security group is with described The Floating IP address of virtual machine adds the name nominating of described virtual machine;
Accordingly, described processing module, whether deposit specifically for searching in the secure group that described virtual machine associates The secure group of described virtual machine name nominating is being added, if there is then determining institute with the Floating IP address of described virtual machine State virtual machine and there is the default security group of association.
10. according to server described in claim 7 or 8, it is characterised in that described server also includes deleting Except module, during for deleting the port mapping of described virtual machine, delete the acquiescence of described virtual machine association simultaneously Open port information corresponding in secure group;And when deleting described virtual machine, delete described virtual machine simultaneously The default security group of association, and notify that described second server deletes the relevant information of described virtual machine.
11. according to server described in claim 7 or 8, it is characterised in that described processing module, specifically Being PORT_1 to PORT_n for setting the port of second server, in reading database, storage is described The maximum PORT_max of the port numbers that second server has been used, determines when the value of max is less than n, The mapped port choosing the open port of described virtual machine corresponding is PORT_ (max+1);Determine max's When value is not less than n, travels through all of the port of described second server, determine that existence is not included in described data During port in storehouse, choose a port being not included in described data base as described virtual machine open end The mapped port that mouth is corresponding;Wherein, described n, max are positive integer.
12. 1 kinds of virtual machine port mapping realize system, it is characterised in that described system includes: first Server and second server;Wherein,
Described first server, for determining that the virtual machine carrying out port mapping exists the default security group of association Time, choose the mapped port that described virtual machine open port is corresponding, and by the open end message of described virtual machine Breath and described mapped port information are added to described default security group, and send the port mapping of described virtual machine Request is to second server;
Described second server, for receiving the port mapping requests of the described virtual machine that first server sends, And according to the port mapping rule preset, described virtual machine is carried out port mapping.
13. according to system described in claim 12, it is characterised in that described second server, specifically for According to the port mapping rule preset, the floating IP address of described virtual machine is mapped as the IP address of self, Described open port is mapped as described mapped port, and in the fire wall of self, configures described virtual machine Port mapping rule.
CN201510101153.XA 2015-03-06 2015-03-06 Method for realizing virtual machine port mapping, servers and system Withdrawn CN105991789A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510101153.XA CN105991789A (en) 2015-03-06 2015-03-06 Method for realizing virtual machine port mapping, servers and system
PCT/CN2015/098201 WO2016141749A1 (en) 2015-03-06 2015-12-22 Port mapping implementation method and system for virtual machine, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510101153.XA CN105991789A (en) 2015-03-06 2015-03-06 Method for realizing virtual machine port mapping, servers and system

Publications (1)

Publication Number Publication Date
CN105991789A true CN105991789A (en) 2016-10-05

Family

ID=56878917

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510101153.XA Withdrawn CN105991789A (en) 2015-03-06 2015-03-06 Method for realizing virtual machine port mapping, servers and system

Country Status (2)

Country Link
CN (1) CN105991789A (en)
WO (1) WO2016141749A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878482A (en) * 2017-01-03 2017-06-20 新华三技术有限公司 Method for network address translation and device
CN114978890A (en) * 2022-05-16 2022-08-30 南京信息职业技术学院 Port mapping system and mapping method thereof

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024772B (en) * 2022-01-05 2022-04-26 北京赛宁网安科技有限公司 Network attack and defense platform port mapping method and system
CN115622815B (en) * 2022-12-19 2023-02-24 苏州浪潮智能科技有限公司 Port isolation implementation method, device, equipment and medium based on virtualization environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594660A (en) * 2012-01-19 2012-07-18 华为技术有限公司 Virtual interface exchange method, device and system
CN103109516A (en) * 2010-09-15 2013-05-15 国际商业机器公司 Multiple virtual machines sharing a single ip address
CN103412519A (en) * 2013-04-24 2013-11-27 昆山三泰新电子科技有限公司 Remote peripheral control system, method and remote server thereof
US8639783B1 (en) * 2009-08-28 2014-01-28 Cisco Technology, Inc. Policy based configuration of interfaces in a virtual machine environment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8761187B2 (en) * 2011-06-14 2014-06-24 Futurewei Technologies, Inc. System and method for an in-server virtual switch
CN103825954B (en) * 2014-03-10 2017-12-01 中国联合网络通信集团有限公司 A kind of OpenFlow control methods and corresponding plug-in unit, platform and network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8639783B1 (en) * 2009-08-28 2014-01-28 Cisco Technology, Inc. Policy based configuration of interfaces in a virtual machine environment
CN103109516A (en) * 2010-09-15 2013-05-15 国际商业机器公司 Multiple virtual machines sharing a single ip address
CN102594660A (en) * 2012-01-19 2012-07-18 华为技术有限公司 Virtual interface exchange method, device and system
CN103412519A (en) * 2013-04-24 2013-11-27 昆山三泰新电子科技有限公司 Remote peripheral control system, method and remote server thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878482A (en) * 2017-01-03 2017-06-20 新华三技术有限公司 Method for network address translation and device
CN106878482B (en) * 2017-01-03 2020-01-03 新华三技术有限公司 Network address translation method and device
CN114978890A (en) * 2022-05-16 2022-08-30 南京信息职业技术学院 Port mapping system and mapping method thereof
CN114978890B (en) * 2022-05-16 2024-01-23 南京信息职业技术学院 Port mapping system and mapping method thereof

Also Published As

Publication number Publication date
WO2016141749A1 (en) 2016-09-15

Similar Documents

Publication Publication Date Title
US11658971B1 (en) Virtual firewalls for multi-tenant distributed services
EP3640823B1 (en) Service data storage method, device, storage medium, and electronic device
WO2021017279A1 (en) Cluster security management method and apparatus based on kubernetes and network domain, and storage medium
CN107241344B (en) Client is intercepted to the method, apparatus and system of the access of hostile network server
JP2019067398A (en) Automated reduction in electronic mail-based security threat
US11681757B2 (en) Similar email spam detection
CN107317887B (en) A kind of load-balancing method, device and system
CN108616490A (en) A kind of method for network access control, apparatus and system
CN103810444B (en) The method and system of multi-tenant application isolation in a kind of cloud computing platform
CN106878343B (en) It is the system serviced that network security is provided under a kind of cloud computing environment
WO2014101777A1 (en) Flow table matching method and device, and switch
WO2007078577A2 (en) Combining communication policies into common rules store
CN1761244A (en) Method for setting up notification function for route selection according to border gateway protocol
CN105991789A (en) Method for realizing virtual machine port mapping, servers and system
CN110226155A (en) Context property is collected and handled on host
US20130247208A1 (en) System, method, and computer program product for preventing data leakage utilizing a map of data
CN107870734A (en) The exchange method and device of a kind of distributed file system
WO2012034525A1 (en) Microblog client, method for aggregating microblog messages, and instant communication client
CN110351208A (en) A kind of message forwarding method, device, equipment and computer readable storage medium
US20180205790A1 (en) Distributed data structure in a software defined networking environment
CN107249038A (en) Business datum retransmission method and system
CN103442096B (en) NAT method based on mobile Internet and system
US20080155263A1 (en) Systems and Methods for Tracking Electronic Files in Computer Networks Using Electronic Signatures
US11494408B2 (en) Asynchronous row to object enrichment of database change streams
CN110049081A (en) For build and using high availability Docker private library method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20161005

WW01 Invention patent application withdrawn after publication