CN109361764A - The interior service access method across VPC, device, equipment and readable storage medium storing program for executing - Google Patents

The interior service access method across VPC, device, equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN109361764A
CN109361764A CN201811443660.1A CN201811443660A CN109361764A CN 109361764 A CN109361764 A CN 109361764A CN 201811443660 A CN201811443660 A CN 201811443660A CN 109361764 A CN109361764 A CN 109361764A
Authority
CN
China
Prior art keywords
vpc
shared
access
service
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811443660.1A
Other languages
Chinese (zh)
Other versions
CN109361764B (en
Inventor
杜鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dt Dream Technology Co Ltd
Original Assignee
Hangzhou Dt Dream Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dt Dream Technology Co Ltd filed Critical Hangzhou Dt Dream Technology Co Ltd
Priority to CN201811443660.1A priority Critical patent/CN109361764B/en
Publication of CN109361764A publication Critical patent/CN109361764A/en
Application granted granted Critical
Publication of CN109361764B publication Critical patent/CN109361764B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses, across the service access method of VPC, access message can be directly sent in other VPC belonged in a cloud platform system by this method without outer net in one kind.And due to being communicated by shared two layers of net with destination virtual router when sending access message, the shared service VM in target VPC can not expose, and the safety of shared service VM is unaffected.In addition, since shared double layer network can belong to the virtual router of each VPC in cloud platform system in the same subnet, thus belonging to each user in a cloud platform system can be by shared two layers of net access shared service or offer shared service.The invention also discloses in one kind across VPC service access apparatus, equipment and readable storage medium storing program for executing and a kind of cloud platform system, have corresponding technical effect.

Description

The interior service access method across VPC, device, equipment and readable storage medium storing program for executing
Technical field
The present invention relates to fields of communication technology, more particularly to the service access method in one kind across VPC, device, equipment And readable storage medium storing program for executing and a kind of cloud platform system.
Background technique
The VPC provided in cloud platform system realizes the subnet isolation of different tenants, and the network between difference VPC is can to weigh It is multiple, be it is invisible and inaccessible, the network under same VPC realizes three layer intercommunications by the router in VPC.Although The isolation in cloud platform system between each subnet can be realized using VPC, but some services need in cloud platform system across VPC Access, such as the data analysis service of tenant A may be supplied to tenant B use, and A and B adhere to different VPC separately;For another example, cloud Platform itself internal some public services such as RDS service, OSS service etc., these services need other tenant VPC that can make With.
In response to the above problems, presently, there are two kinds of common solutions: scheme one, referring to FIG. 1, passing through extranet access Other VPC shared services.The SLB that agency service is provided in as VPC distributes outer net EIP, the VM of other VPC passes through outer net channel Access its service;Scheme two, referring to FIG. 2, creation intra-sharing network, the VM or SLB for providing shared service directly use This network, while the Router of all VPC is arrived in this network connection, by being done on Router when tenant VM accesses these services DNAT.Scheme one and scheme two have the shortcomings that its is corresponded to, i.e. the scheme bandwidth that additionally occupies external network for a moment, can in outside Gateway forms bottleneck hot spot, and flow forms flow pressure to gateway node in system, internal services can be exposed to cloud platform Outside system, safety problem is introduced.Wherein, outer net IP resource, especially internet are additionally occupied, public network IP is very expensive and tight Scarce resource.The VM that scheme two provides shared service is directly accessed shared network, can not access outer net, be unfavorable for service hierarchy and set Meter, service VM are directly exposed in shared network, and encapsulation is bad, can only realize that more VPC access the service of the same area, can not It realizes and service is externally provided between any VPC, the service in customized VPC can not be shared to other VPC by user.
In conclusion the problems such as how efficiently solving across VPC offer service, is that current those skilled in the art are badly in need of solution Certainly the technical issues of.
Summary of the invention
The object of the present invention is to provide in one kind across VPC service access method, device, equipment and readable storage medium storing program for executing and A kind of cloud platform system to ensure the safety of shared service, and reduces and occupies outer net resource.
In order to solve the above technical problems, the invention provides the following technical scheme:
Service access method across VPC in a kind of, comprising:
The first access message that local VPC consumer VM is sent is received, the destination in the first access message is read Location;
Judge the destination address is for the shared address of the destination virtual configuration of routers of target VPC with shared two layers of net It is no identical;Wherein, shared two layers of net are the double layer network that the virtual router of each VPC is connected in cloud platform system;
If it is, carrying out SNAT processing to the first access message, the second access message is obtained;
The second access message is transmitted directly to the destination virtual router, so as to the destination virtual router Processing is forwarded to the second access message.
Preferably, the destination virtual router is forwarded processing to the second access message, comprising:
Destination virtual router carries out DNAT processing to the second access message, obtains third and accesses message;
The shared service VM that third access message is sent in the target VPC is handled.
Preferably, the shared service VM that third access message is sent in the target VPC is handled, Include:
Third access message is sent into the shared service SLB in the target VPC, so as to the shared service SLB Third access message is sent to the share and access VM to handle.
Preferably, described that SNAT processing is carried out to the first access message, obtain the second access message, comprising:
It modifies to the source address in the first access message, obtains the second access message.
Preferably, it modifies to the source address in the first access message, obtains the second access message, packet It includes:
Source address in the first access message is replaced with into local shared address, obtains the second access message.
Preferably, after the second access message is transmitted directly to the destination virtual router, further includes:
Receive the response message that the destination virtual router returns through undo DNAT processing;
Undo SNAT processing is carried out to the response message, obtains target response message;
The target response message is sent to the local VPC consumer VM.
Service access apparatus across VPC in a kind of, comprising:
Destination address read module, the first access message sent for receiving local VPC consumer VM read described the Destination address in one access message;
Judgment module, for judging that the destination address is matched with shared two layers of net for the destination virtual router of target VPC Whether the shared address set is identical;Wherein, shared two layers of net are the virtual router that each VPC is connected in cloud platform system Double layer network;
SNAT processing module is used for if it is, carrying out SNAT processing, the second access of acquisition to the first access message Message;
Message sending module, for the second access message to be transmitted directly to the destination virtual router, so as to The destination virtual router is forwarded processing to the second access message.
Service access equipment across VPC in a kind of, comprising:
Memory, for storing computer program;
Processor is realized when for executing the computer program such as the step of the above-mentioned interior service access method across VPC.
A kind of cloud platform system, comprising:
At least two VPC and the shared two layers of net for connecting the VPC;Wherein, shared two layers of net are in the VPC Virtual router is configured with shared address;Virtual router in the VPC is accessed by shared two layers of net across the VPC Shared service VM.
A kind of readable storage medium storing program for executing is stored with computer program, the computer program quilt on the readable storage medium storing program for executing Processor realizes the step of service access method in above-mentioned across VPC when executing.
Using method provided by the embodiment of the present invention, the first access message that local VPC consumer VM is sent is received, is read Take the destination address in the first access message;Judge destination address and shared two layers of net for the destination virtual router of target VPC Whether the shared address of configuration is identical;Wherein, sharing two layers of net is the virtual router that each VPC is connected in cloud platform system Double layer network;If it is, carrying out SNAT processing to the first access message, the second access message is obtained;Message is accessed by second It is transmitted directly to destination virtual router, so that destination virtual router is forwarded processing to the second access message.
The virtual router of VPC in cloud platform system receives the first access message that local VPC consumer VM is sent When, read the destination address in the first access message.Then, judge destination address and shared two layers of net for the target of target VPC Whether the shared address of virtual router configuration is identical.If identical, that is, show that local VPC consumer VM requests access to cloud platform The shared service VM in target VPC in system.Again because there is shared double layer network, and shared two layers of net are cloud platform system The double layer network of the virtual router of the middle each VPC of connection, i.e. the destination virtual router are and the direct phase of this virtual router Therefore router even is carrying out SNAT processing to the first access message, after obtaining the second access message, can visit second Ask that message is transmitted directly to destination virtual router.So that destination virtual router is forwarded place to the second access message Reason.In this way, directly access message can be sent in other VPC belonged in a cloud platform system without outer net. It is shared in target VPC and due to being communicated by shared two layers of net with destination virtual router when sending access message Service VM can not expose, and the safety of shared service VM is unaffected.In addition, since shared double layer network can be by cloud platform system The virtual router of each VPC in system belongs in the same subnet, thus belongs to each in a cloud platform system User can access shared service by shared two layers of net or provide shared service.
Correspondingly, the embodiment of the invention also provides corresponding with the above-mentioned interior service access method across VPC interior across VPC Service access apparatus, equipment and readable storage medium storing program for executing and a kind of cloud platform system, have above-mentioned technique effect, it is no longer superfluous herein It states.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the shared service schematic diagram for passing through other VPC of extranet access in cloud platform system;
Fig. 2 in cloud platform system by create intra-sharing network shared service schematic diagram is provided;
Fig. 3 is the implementation flow chart of the service access method across VPC in a kind of in the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of shared two layers of net in the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of cloud platform system in the embodiment of the present invention;
Fig. 6 is one of embodiment of the present invention cloud platform system schematic;
Fig. 7 is a kind of Message processing process schematic of across VPC carry out service access in the embodiment of the present invention;
Fig. 8 is the structural schematic diagram of the service access apparatus across VPC in a kind of in the embodiment of the present invention;
Fig. 9 is the structural schematic diagram of the service access equipment across VPC in a kind of in the embodiment of the present invention;
Figure 10 is the structural schematic diagram of the service access equipment across VPC in a kind of in the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
For the convenience of description, using following initialism when being hereafter illustrated to technical solution:
Shared service:, can be by the service of the VM of other VPC access in cloud platform system.
Shared service VM: the VM of shared service is provided.
Consumer VM: it using the client virtual machine of shared service, is refered in particular in this scheme with shared service VM not same The client virtual machine of one VPC.
Shared service SLB: for acting on behalf of the SLB of shared service, generally also VM form, rear end connects one or more Shared service VM, and (can same network segment or cross-network segment) be in the same VPC with the shared service VM of rear end.
Shared net: shared net is the internal network cooked up, and is a special private network, two layers big, and connection is all VPC Router, consumer VM requests shared service to this network IP, and the difference of shared net and the customized private network of user exists In this network is in all VPC as it can be seen that and cannot have with the customized private network of user in VPC overlapping.
Shared net service IP: virtual Router in the network segment of shared net, passes through one for the IP of shared service distribution, the IP DNAT mode than one corresponds on the private network IP of shared service SLB.
Shared net NAT-IP: virtual Router in the network segment of shared net, for consumers all under the VPC distribute one or The multiple IP of person access source IP when shared service as consumer VM.
Embodiment one:
Referring to FIG. 3, Fig. 3 is the flow chart of the service access method across VPC in a kind of in the embodiment of the present invention.This method It can be applied in the virtual router of each VPC in cloud platform system, method includes the following steps:
S101, the first access message that local VPC consumer VM is sent is received, reads the destination in the first access message Location.
When local VPC consumer VM needs to access the shared service of the offer of other VPC in cloud platform system, can will disappear The first access message that expense person VM is generated is sent to local virtual router by virtual switch, can also be transmitted directly to local Virtual router.Wherein, VM refers to that the unit that simulation computer is provided in cloud platform system becomes fictitious host computer, and abbreviation VM, it has Complete analog network, mock disc, analog peripheral, compared to not having difference on traditional calculations host function, the service of user can It is lower to be deployed to VM cost, it manages more flexible abundant.
Virtual switch receives the first access message that local VPC consumer sends, using communication protocol from first Destination address is read in access message.Wherein, destination address concretely purpose IP address.
S102, judge destination address and shared two layers of net for the shared address of the destination virtual configuration of routers of target VPC It is whether identical.
Wherein, sharing two layers of net is the double layer network that the virtual router of each VPC is connected in cloud platform system.
In embodiments of the present invention, planning one can be disposed in cloud platform system in advance and shares two layers of net, please referred to Fig. 4, Fig. 4 are a kind of structural schematic diagram of shared two layers of net in the embodiment of the present invention.Shared two layers of net is i.e. by cloud platform system In each VPC the double layer network that is connected of virtual router.That is, matching for the virtual router in each VPC Shared address is set, and each shared address belongs in the corresponding network segment of shared two layers of net.It should be noted that shared two Layer net is similar to the private network in VPC, but unlike private network, and the shared all VPCs of the two layers of net in cloud platform system are equal As it can be seen that and cannot be Chong Die with the customized private network of user in any one VPC in cloud platform system.
After reading destination address, can by reading routing table, judge the destination address whether with shared two layers of net be Whether the shared address of the virtual router configuration of target VPC is identical.Wherein, target VPC can be any in cloud platform system One VPC.If identical, show the shared clothes in the target VPC in local VPC consumer VM cloud platform system to be accessed Be engaged in VM, and step S103 can be performed at this time;If it is different, then showing the net other than local consumer VM cloud platform system to be accessed Network can execute step S105, i.e., be sent to access message directly according to the processing mode of current processing access message at this time Outer net.
S103, SNAT processing is carried out to the first access message, obtains the second access message.
It is when determining the shared service VM in the target VPC in the VPC consumer VM cloud platform system to be accessed of local, then right First access message carries out SNAT processing, obtains the second access message.Wherein, SNAT, that is, source address conversion, effect is by ip The source address of data packet is converted into another address.SNAT processing in embodiments of the present invention refers to the first access message In source address modify, obtain second access message.Specifically, accessing the source address in message for first replaces with local Shared address obtains the second access message, i.e., private net address of the local VPC consumer VM in private network is converted to virtual flow-line Address is shared in the local of device, obtains the second access message.
S104, the second access message is transmitted directly to destination virtual router, so that destination virtual router is to second Access message is forwarded processing.
After obtaining the second access message, the virtual router for being connected to each VPC due to sharing two layers of net, that is, It says, the virtual router of each VPC at least has a port and is in together in shared two layers of net, at this time can be directly by the second access Message is sent to destination virtual router, so that destination virtual router is forwarded processing to the second access message.
Wherein, it when destination virtual router is forwarded processing to the second access message, specifically includes:
Step 1: destination virtual router carries out DNAT processing to the second access message, obtains third and access message;
Step 2: the shared service VM that third access message is sent in target VPC is handled.
It is illustrated for ease of description, below combining above-mentioned two step.
After destination virtual router receives the second access message, DNAT processing is carried out to the second access message first, It can get third and access message.Wherein, DNAT (Destination Network Address Translation, destination address Conversion) it is usually used in firewall.The effect of destination address conversion: globally to one group by the address of cache inside one group of local Location.In embodiments of the present invention, i.e., the destination address in message is accessed by second be converted to the corresponding address shared service VM.
Using method provided by the embodiment of the present invention, the first access message that local VPC consumer VM is sent is received, is read Take the destination address in the first access message;Judge destination address and shared two layers of net for the destination virtual router of target VPC Whether the shared address of configuration is identical;Wherein, sharing two layers of net is the virtual router that each VPC is connected in cloud platform system Double layer network;If it is, carrying out SNAT processing to the first access message, the second access message is obtained;Message is accessed by second It is transmitted directly to destination virtual router, so that destination virtual router is forwarded processing to the second access message.
The virtual router of VPC in cloud platform system receives the first access message that local VPC consumer VM is sent When, read the destination address in the first access message.Then, judge destination address and shared two layers of net for the target of target VPC Whether the shared address of virtual router configuration is identical.If identical, that is, show that local VPC consumer VM requests access to cloud platform The shared service VM in target VPC in system.Again because there is shared double layer network, and shared two layers of net are cloud platform system The double layer network of the virtual router of the middle each VPC of connection, i.e. the destination virtual router are and the direct phase of this virtual router Therefore router even is carrying out SNAT processing to the first access message, after obtaining the second access message, can visit second Ask that message is transmitted directly to destination virtual router.So that destination virtual router is forwarded place to the second access message Reason.In this way, directly access message can be sent in other VPC belonged in a cloud platform system without outer net. It is shared in target VPC and due to being communicated by shared two layers of net with destination virtual router when sending access message Service VM can not expose, and the safety of shared service VM is unaffected.In addition, since shared double layer network can be by cloud platform system The virtual router of each VPC in system belongs in the same subnet, thus belongs to each in a cloud platform system User can access shared service by shared two layers of net or provide shared service.
It should be noted that based on the above embodiment, the embodiment of the invention also provides be correspondingly improved scheme.Excellent It can mutually be referred between step or corresponding steps same with the above-mentioned embodiment involved in choosing/improvement embodiment, it is corresponding beneficial Effect can also be cross-referenced, no longer repeats one by one in preferred/improvement embodiment of this paper.
Preferably, for the pressure of shared service VM each in equalization target VPC, can also be arranged in target VPC shared SLB is serviced, with counterpressure, improves performance.Wherein four layers of SLB offer or seven layers of load balancing and High Availabitity handoff functionality, SLB can be set up to act on behalf of the service of VM in (such as WEB server) front end VM for providing service, done so following benefit:
SLB only decontrols serve port, shields real server (VM), preferably protects server-side;
Some services need HTTPS to pack, and IP6 conversion does so more easily realization extension function;
One SLB can connect multiple rear ends VM, realizes load balancing and avoids Single Point of Faliure;
Unlatching, closing, traffic monitoring, the performance evaluation of better management service.
In this way, third when handling third access message, can be accessed message and sent by destination virtual router Shared service SLB in target VPC is handled so that third access message is sent to share and access VM by shared service SLB. Shared service SLB receives third access message, is sent to third access message accordingly according to pre-set distribution rules Shared service VM, so that shared service VM does respective acknowledgement processing.Shared service VM carries out handling it to third access message Afterwards, original response message will be generated, original response message can be sent to mesh by shared service SLB by shared service VM at this time Mark virtual router.
Preferably, after destination virtual router receives the original response message, original response message is done first Undo DNAT processing, obtaining can be in shared two layers of response message transmitted on the net.Destination virtual router is by response message It is transmitted directly to the virtual router of the shared address in response message.
That is, virtual router is to response message after the second access message is transmitted directly to destination virtual router Treatment process it is as follows:
Step 1: receiving the response message that destination virtual router returns through undo DNAT processing;
Step 2: carrying out undo SNAT processing to response message, target response message is obtained;
Step 3: target response message is sent to local VPC consumer VM.
It is illustrated for ease of description, below combining above three step.
Virtual router receives the response message that destination virtual router returns through undo DNAT processing, then right Response message carries out undo SNAT processing, can obtain can be transmitted to the target response message of local VPC consumer VM.At this time Target response message directly can be sent to local VPC consumer VM, can also be sent out target response message by virtual switch It send to local VPC consumer CM.
Embodiment two:
It is described below the embodiment of the invention also provides a kind of cloud platform system corresponding to above method embodiment Cloud platform system can correspond to each other reference with the above-described interior service access method across VPC.
Shown in Figure 5, which includes:
At least two VPC's (VPC1 and VPC2) and connection VPC shares two layers of net (M);
Wherein, sharing two layers of net is that the virtual router (illustrating virtual Router) in VPC is configured with shared address (diagram In shared net NAT-IP);Virtual router in VPC is by sharing across the VPC access shared service VM of two layers of net.
When disposing shared two layers of net, the virtual router in as each VPC distributes shared address, it should be noted that The shared address belongs to and shares two layers of net.When the specific deployment of shared two layers of net, reference can be made to disposed in VPC subnet/ The mode of private network is cross-referenced, but it is noted that shared two layers of net cannot be with any one subnet weight in cloud platform system It is folded.
In this way, the consumer VM in VPC can access any one VPC in cloud platform system by sharing two layers of net Shared service.Specifically, can refer to above-mentioned implementation by the implementation method of shared across the VPC carry out service access of two layers of netting gear body Service access method across VPC in provided by example one, details are not described herein.
Embodiment three:
Technical solution provided by embodiment to facilitate the understanding of the present invention, below by the interior service access method across VPC In conjunction with specific cloud platform system, it is provided for the embodiments of the invention technical solution and is described in detail.
Core of the invention is: planning and create the big two layers of shared net in an inside, which connects the void of all VPC It is that each shared service distributes a shared service IP on quasi- Router, the VPC where shared service, Router;In consumer VPC where VM, Router are that consumer VM distributes one or more shared NAT-IP;All shared services in cloud platform IP shares NAT-IP all in two layers of network segment, i.e., without configuring gateway.
When consumer VM accesses shared service, destination address is shared service IP, and message is at the Router of local VPC SNAT processing is done, source address is changed to shared NAT-IP from private network IP;Message reaches the Router of purpose VPC by two layers of forwarding Afterwards, DNAT processing is done, destination address is changed to the private network IP of shared service SLB from shared service IP, and shared service SLB will be requested It is transmitted to the shared service VM of rear end.
It after shared service SLB receives the response message of shared service VM, is sent to Router, Router is undo DNAT processing, source address are changed to shared service IP from the private network IP of SLB;Response message continues to be forwarded to where consumer VM After Router, undo SNAT processing is done, destination address is changed to the private network IP of consumer VM from shared NAT-IP, to reach Consumer VM.
This shared net can be initialized in deployment, can also be modified after deployment.
It wherein, is optional by the strategy that SLB acts on behalf of shared service, in order to shield non-serving port, tolerance Single Point of Faliure and holding load are shared, if, without increasing SLB, shared net service IP is mapped directly to altogether without these demands On the private network IP for enjoying service VM.
The specific implementation process is as follows:
1, shared network is cooked up when cloud platform is disposed, this network does not have gateway, double layered communication.
2, VPC, one virtual Router of default creation in VPC are created for shared service.
(1) network is shared in virtual Router connection.
(2) 1 or multiple private networks, these private network access of virtual Router are created in VPC.
It (3) is one or more shared services of same service-creation VM by above-mentioned private network in VPC, VM is obtained Private net address.
(4) VM of 1 shared service SLB is created by one of above-mentioned private network in VPC, VM obtains private net address, SLB monitors front end using this address and connects, and rear end connects above-mentioned shared service VM.
(5) IP of a shared network is bound on the virtual Router in VPC, referred to herein as shared net service IP, and One-to-one DNAT conversion is configured, is SLB private network IP by the message change destination address of shared net service IP is sent to.
3, consumer VM creates VPC, one virtual Router of default creation in VPC.
(1) network is shared in virtual Router connection.
(2) 1 or multiple private networks, these private network access of virtual Router are created in VPC.
(3) multiple consumer VM are created by above-mentioned private network in VPC, VM obtains private net address.
(4) one or more IP of this shared network is bound on the virtual Router in VPC, referred to herein as shared net NAT-IP, and one-to-one or many-to-one SNAT conversion is configured, so that the message of VM access shared service is by virtual Router does SNAT processing, and source address is changed to the shared net NAT-IP of binding.
Below by taking Fig. 6 as an example, Fig. 6 is one of embodiment of the present invention cloud platform system schematic, is lifted to deployment Example explanation.
To reach consumer VM across VPC access RDS service and DNS service, and RDS service and DNS service done using SLB it is negative The purpose shared is carried, following network configuration can be carried out:
Plan a shared net, network segment 10.20.0.0/16, no gateway.
Create 2 VPC, respectively VPC1 and VPC2, each VPC create a Router be respectively Router1 and Router2,2 Router connect shared net.It should be noted that 2 VPC are only created here for convenient for description, at this 2 or more VPC can be also created in the other embodiments of invention, creation mode can refer to and this, is not repeating herein.
2 private networks, respectively private network 1 and private network 2 are created in VPC1, wherein the network segment of private network 1 is 192.168.1.0/24, Gateway is 192.168.1.1;The network segment of private network 2 is 192.168.2.0/24, gateway 192.168.2.1.Two private networks all connect Router1 is met, and gateway is all tied on Router.
Be respectively created consumer VM1 using private network 1 and private network 2 on VPC1, VM2, IP be respectively 192.168.1.2 and 192.168.2.6。
Distribute IP, 10.20.0.1 from shared net on Router1, and configure SNAT list item: matching source address is 192.168.1.0/24 or 192.168.2.0/24, destination address be 10.20.0.0/16 message, change source address be 10.20.0.1。
2 private networks, respectively private network 3 and private network 4 are created on VPC2, wherein the network segment of private network 3 is 192.168.1.0/ 16, gateway 192.168.1.1;The network segment of private network 4 is 192.168.2.0/16, and gateway is that (i.e. private network exists 192.168.2.1 It is isolation between VPC, i.e., private network is repeatable or is overlapped).Two private networks all connect Router2, and gateway is all tied to On Router.
VM4, VM5, VM6, VM7, VM8 is respectively created using private network 3 and private network 4 on VPC2, specific incidence relation is as schemed Shown, IP is respectively 192.168.1.2,192.168.1.3,192.168.1.4,192.168.2.2,192.168.2.3.Wherein VM4 is shared service SLB void machine, and VM5 and VM7 are RDS service virtual machine, and VM6 and VM8 are DNS service void machine.
2 service brokers are configured on SLB, configuration is respectively as follows: RDS and acts on behalf of: 192.168.1.2:6000- > 192.168.1.3:6000,192.168.2.2:6000;DNS proxy: 192.168.1.2:53- > 192.168.1.4:53, 192.168.2.3:53。
Distribute IP, 10.20.0.2 from shared net on Router2, and configure DNAT list item: matching destination address is 10.20.0.2 message, change destination address be 192.168.1.2.That is, may have access in cloud platform by 10.20.0.2 RDS and DNS service.
It should be noted that details are not described herein, is scheming since the configuration of connection outer net can refer to existing configuration mode 6 also do not draw, and consumer VM and shared service VM still are able to continue to access outer net.
Referring to FIG. 7, Fig. 7 is a kind of Message processing process signal of across VPC carry out service access in the embodiment of the present invention Figure.Message processing process is as follows, to simplify explanation, only takes the request and response message citing of VM1 access RDS service:
Wherein, step F1-F4 is four processing stages of request message:
F1:VM1 request RDS service request message, four-tuple be 192.168.1.2:56555 (random port) -> 10.20.0.2:6000, it is forwarded on gateway Router1;
Do SNAT processing on F2:Router1, four-tuple be revised as 10.20.0.1:60123 (random port) -> 10.20.0.2:6000, continue to forward on Router2;
DNAT processing is done on F3:Router2, four-tuple is revised as 10.20.0.1:60123- > 192.168.1.2:6000, Continue to forward to shared service SLB;
F4:SLB does 4 layers of load balancing, does DNAT-and-SNAT processing, forwards a request to VM5, and four-tuple is (192.168.1.2:45895 random port) -> 192.168.1.3:6000;
F5-F8 is the processing stage of response message:
F5:VM5, which has been handled, to be sent response message and returns to SLB, and four-tuple 192.168.1.3:6000- > 192.168.1.2:45895;
F6:SLB be undo DNAT-and-SNAT processing, modification four-tuple for 192.168.1.2:6000- > 10.20.0.1:60123 continuing to forward to Router2;
Undo DNAT processing is done on F7:Router2, modification four-tuple is 10.20.0.2:6000- > 10.20.0.1: 60123, continue to forward to Router1;
Undo SNAT processing is done on F8:Router1, modification four-tuple is 10.20.0.2:6000- > 192.168.1.2: 56555, continue to forward to VM1.
The router of all VPC is connected by the way that intra-sharing net is arranged.This is shared the IP of net by DNAT by the router It is mapped as shared service VM (or shared service SLB) private network IP.When consumer VM accesses shared service, by the local road VPC Source address is changed to by shared net IP by SNAT by device.In this way, the shared service of oneself can be total to by each VPC by this The IP for enjoying network is released, i.e. the VM that service in the customized VPC of tenant can share to other VPC by internal network makes With.VM of the cloud platform also with built-in some public services to all VPC is used.In addition, the Deta bearer of request shared service exists Independent interior online, i.e., the data distribution of request shared service is not take up outer net bandwidth and outer net on the router of each VPC IP resource also would not bring extra pressure to outer network router.Shared service only exposes serve port and service IP, and is isolated Serving backend is realized.Shared service is only as it can be seen that will not externally expose in cloud platform system.The VM for providing shared service can be with The service of normal access outer net and other VPC.
Example IV:
Corresponding to above method embodiment, the embodiment of the invention also provides in one kind across the service access apparatus of VPC, The service access apparatus across VPC can correspond to each other ginseng with the above-described interior service access method across VPC in described below According to.
Shown in Figure 8, which comprises the following modules:
Destination address read module 101, the first access message sent for receiving local VPC consumer VM read the Destination address in one access message;
Judgment module 102, for judging destination address and shared two layers of net for the destination virtual configuration of routers of target VPC Shared address it is whether identical;Wherein, sharing two layers of net is two layers of virtual router that each VPC is connected in cloud platform system Network;
SNAT processing module 103 is used for if it is, carrying out SNAT processing, the second access of acquisition to the first access message Message;
Message sending module 104, for the second access message to be transmitted directly to destination virtual router, so as to target void Quasi- router is forwarded processing to the second access message.
Using device provided by the embodiment of the present invention, the first access message that local VPC consumer VM is sent is received, is read Take the destination address in the first access message;Judge destination address and shared two layers of net for the destination virtual router of target VPC Whether the shared address of configuration is identical;Wherein, sharing two layers of net is the virtual router that each VPC is connected in cloud platform system Double layer network;If it is, carrying out SNAT processing to the first access message, the second access message is obtained;Message is accessed by second It is transmitted directly to destination virtual router, so that destination virtual router is forwarded processing to the second access message.
The virtual router of VPC in cloud platform system receives the first access message that local VPC consumer VM is sent When, read the destination address in the first access message.Then, judge destination address and shared two layers of net for the target of target VPC Whether the shared address of virtual router configuration is identical.If identical, that is, show that local VPC consumer VM requests access to cloud platform The shared service VM in target VPC in system.Again because there is shared double layer network, and shared two layers of net are cloud platform system The double layer network of the virtual router of the middle each VPC of connection, i.e. the destination virtual router are and the direct phase of this virtual router Therefore router even is carrying out SNAT processing to the first access message, after obtaining the second access message, can visit second Ask that message is transmitted directly to destination virtual router.So that destination virtual router is forwarded place to the second access message Reason.In this way, directly access message can be sent in other VPC belonged in a cloud platform system without outer net. It is shared in target VPC and due to being communicated by shared two layers of net with destination virtual router when sending access message Service VM can not expose, and the safety of shared service VM is unaffected.In addition, since shared double layer network can be by cloud platform system The virtual router of each VPC in system belongs in the same subnet, thus belongs to each in a cloud platform system User can access shared service by shared two layers of net or provide shared service.
In a kind of specific embodiment of the invention, the second access that the interior service access apparatus across VPC is sent is received The destination virtual router of message is specifically used for carrying out DNAT processing to the second access message, obtains third and access message;By The shared service VM that three access messages are sent in target VPC is handled.Wherein, destination virtual router can be cloud platform
In a kind of specific embodiment of the invention, destination virtual router is specifically used for third access message hair The shared service SLB in target VPC is sent, so that third access message is sent at share and access VM by shared service SLB Reason.
In a kind of specific embodiment of the invention, SNAT processing module 103 is specifically used for in the first access message Source address modify, obtain second access message.
In a kind of specific embodiment of the invention, SNAT processing module 103 is specifically used for accessing first in message Source address replace with local shared address, obtain the second access message.
In a kind of specific embodiment of the invention, destination virtual router, further includes:
Response message processing module, for connecing after the second access message is transmitted directly to destination virtual router Receive the response message that destination virtual router returns through undo DNAT processing;Undo SNAT processing is carried out to response message, Obtain target response message;Target response message is sent to local VPC consumer VM.
Embodiment five:
Corresponding to above method embodiment, the embodiment of the invention also provides the service access equipment in one kind across VPC, A kind of interior service access equipment across VPC described below can phase with the service access method across VPC in above-described one kind Mutually to should refer to.
Shown in Figure 9, which includes:
Memory D1, for storing computer program;
Processor D2 realizes the service access side across VPC in above method embodiment when for executing computer program The step of method.
Specifically, referring to FIG. 10, Figure 10 is a kind of the specific of interior service access equipment across VPC provided in this embodiment Structural schematic diagram, the interior service access equipment across VPC can generate bigger difference because configuration or performance are different, can wrap One or more processors (central processing units, CPU) 322 is included (for example, at one or more Manage device) and memory 332, one or more store storage medium 330 (such as one of application programs 342 or data 344 Or more than one mass memory unit).Wherein, memory 332 and storage medium 330 can be of short duration storage or persistent storage. The program for being stored in storage medium 330 may include one or more modules (diagram does not mark), and each module can wrap It includes to the series of instructions operation in data processing equipment.Further, central processing unit 322 can be set to be situated between with storage Matter 330 communicates, and executes the series of instructions operation in storage medium 330 in the service access equipment 301 across VPC inside.
The interior service access equipment 301 across VPC can also include one or more power supplys 326, one or one with Upper wired or wireless network interface 350, one or more input/output interfaces 358, and/or, one or more behaviour Make system 341.For example, Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..
Step in as described above in the service access method across VPC can be by the interior service access equipment across VPC Structure realize.
Embodiment six:
Corresponding to above method embodiment, the embodiment of the invention also provides a kind of readable storage medium storing program for executing, are described below A kind of readable storage medium storing program for executing with it is above-described it is a kind of in the service access method across VPC can correspond to each other reference.
A kind of readable storage medium storing program for executing is stored with computer program on readable storage medium storing program for executing, and computer program is held by processor The step of interior service access method across VPC of above method embodiment is realized when row.
The readable storage medium storing program for executing be specifically as follows USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), the various program storage generations such as random access memory (Random Access Memory, RAM), magnetic or disk The readable storage medium storing program for executing of code.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.

Claims (10)

1. the service access method across VPC in a kind of characterized by comprising
The first access message that local VPC consumer VM is sent is received, the destination address in the first access message is read;
Judge the destination address and shared two layers of net for the shared address of the destination virtual configuration of routers of target VPC whether phase Together;Wherein, shared two layers of net are the double layer network that the virtual router of each VPC is connected in cloud platform system;
If it is, carrying out SNAT processing to the first access message, the second access message is obtained;
The second access message is transmitted directly to the destination virtual router, so that the destination virtual router is to institute It states the second access message and is forwarded processing.
2. the service access method across VPC according to claim 1, which is characterized in that the destination virtual router Processing is forwarded to the second access message, comprising:
Destination virtual router carries out DNAT processing to the second access message, obtains third and accesses message;
The shared service VM that third access message is sent in the target VPC is handled.
3. the service access method across VPC according to claim 2, which is characterized in that described to access the third The shared service VM that message is sent in the target VPC is handled, comprising:
Third access message is sent into the shared service SLB in the target VPC, so that the shared service SLB is by institute Third access message is stated to be sent to the share and access VM and handled.
4. the service access method across VPC according to claim 1, which is characterized in that described to first access Message carries out SNAT processing, obtains the second access message, comprising:
It modifies to the source address in the first access message, obtains the second access message.
5. the service access method across VPC according to claim 4, which is characterized in that the first access message In source address modify, obtain it is described second access message, comprising:
Source address in the first access message is replaced with into local shared address, obtains the second access message.
6. the service access method across VPC according to any one of claims 1 to 5, which is characterized in that by described the Two access messages are transmitted directly to after the destination virtual router, further includes:
Receive the response message that the destination virtual router returns through undo DNAT processing;
Undo SNAT processing is carried out to the response message, obtains target response message;
The target response message is sent to the local VPC consumer VM.
7. the service access apparatus across VPC in a kind of characterized by comprising
Destination address read module, the first access message sent for receiving local VPC consumer VM, reads described first and visits Ask the destination address in message;
Judgment module, for judging the destination address and shared two layers of net for the destination virtual configuration of routers of target VPC Whether shared address is identical;Wherein, shared two layers of net be connected in cloud platform system each VPC virtual router two Layer network;
SNAT processing module is used for if it is, carrying out SNAT processing, acquisition the second access report to the first access message Text;
Message sending module, for the second access message to be transmitted directly to the destination virtual router, so as to described Destination virtual router is forwarded processing to the second access message.
8. the service access equipment across VPC in a kind of characterized by comprising
Memory, for storing computer program;
Processor realizes the service across VPC in as described in any one of claim 1 to 6 when for executing the computer program The step of access method.
9. a kind of cloud platform system characterized by comprising
At least two VPC and the shared two layers of net for connecting the VPC;Wherein, shared two layers of net are virtual in the VPC The shared address of configuration of routers;Virtual router in the VPC is shared across VPC access by shared two layers of net Service VM.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with computer program, the meter on the readable storage medium storing program for executing The step of the service access method across VPC in as described in any one of claim 1 to 6 is realized when calculation machine program is executed by processor Suddenly.
CN201811443660.1A 2018-11-29 2018-11-29 Service access method, device and equipment of inter-VPC and readable storage medium Active CN109361764B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811443660.1A CN109361764B (en) 2018-11-29 2018-11-29 Service access method, device and equipment of inter-VPC and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811443660.1A CN109361764B (en) 2018-11-29 2018-11-29 Service access method, device and equipment of inter-VPC and readable storage medium

Publications (2)

Publication Number Publication Date
CN109361764A true CN109361764A (en) 2019-02-19
CN109361764B CN109361764B (en) 2021-02-05

Family

ID=65343332

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811443660.1A Active CN109361764B (en) 2018-11-29 2018-11-29 Service access method, device and equipment of inter-VPC and readable storage medium

Country Status (1)

Country Link
CN (1) CN109361764B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936629A (en) * 2019-02-27 2019-06-25 山东浪潮云信息技术有限公司 A kind of mixed cloud network interconnecting method and system
CN109995759A (en) * 2019-03-04 2019-07-09 平安科技(深圳)有限公司 A kind of method and relevant apparatus of physical machine access VPC
CN110336730A (en) * 2019-07-09 2019-10-15 腾讯科技(深圳)有限公司 A kind of network system and data transmission method
CN111404801A (en) * 2020-03-27 2020-07-10 四川虹美智能科技有限公司 Data processing method, device and system for cross-cloud manufacturer
CN111698338A (en) * 2019-03-15 2020-09-22 华为技术有限公司 Data transmission method and computer system
CN111694519A (en) * 2020-05-29 2020-09-22 北京世纪互联宽带数据中心有限公司 Method and system for mounting cloud hard disk on bare metal server and server
CN111866124A (en) * 2020-07-17 2020-10-30 北京金山云网络技术有限公司 Method, device, server and machine-readable storage medium for accessing webpage
CN111917649A (en) * 2019-05-10 2020-11-10 华为技术有限公司 Virtual private cloud communication and configuration method and related device
WO2020238835A1 (en) * 2019-05-24 2020-12-03 华为技术有限公司 Control method for main master cluster and control node
CN112583949A (en) * 2020-11-26 2021-03-30 新华三云计算技术有限公司 VPC (virtual private network) public network access method and VPC equipment
WO2021136311A1 (en) * 2019-12-30 2021-07-08 华为技术有限公司 Method and device for communication between vpcs
CN113645210A (en) * 2021-08-02 2021-11-12 上海云轴信息科技有限公司 Government affair cloud multi-region nano management method and equipment
CN114025010A (en) * 2021-10-20 2022-02-08 北京奥星贝斯科技有限公司 Method for establishing connection and network equipment
CN114124896A (en) * 2021-11-03 2022-03-01 中盈优创资讯科技有限公司 Method and device for solving isolation of broadcast domain between client and service system
CN114125025A (en) * 2021-11-23 2022-03-01 北京奥星贝斯科技有限公司 Data transmission method and device under multi-target network
CN114726827A (en) * 2022-03-31 2022-07-08 阿里云计算有限公司 Multi-cluster service system, service access and information configuration method, device and medium
CN115102903A (en) * 2022-06-17 2022-09-23 济南浪潮数据技术有限公司 VPC equipment connection method, system, equipment and medium based on cloud platform
CN115412527A (en) * 2022-08-29 2022-11-29 北京火山引擎科技有限公司 Method and communication device for one-way communication between virtual private networks
CN115426313A (en) * 2022-08-31 2022-12-02 中电云数智科技有限公司 NAT optimization device and method based on OVN virtual machine network
CN115499434A (en) * 2022-07-29 2022-12-20 天翼云科技有限公司 Cross-VPC flow forwarding method
CN115913824A (en) * 2023-02-10 2023-04-04 中航金网(北京)电子商务有限公司 VPC-crossing virtual server communication method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104394130A (en) * 2014-11-12 2015-03-04 国云科技股份有限公司 A multi-tenant virtual network isolating method
CN105099779A (en) * 2015-07-29 2015-11-25 北京京东尚科信息技术有限公司 Multi-tenant cloud platform architecture
CN105379227A (en) * 2013-05-07 2016-03-02 环球互连及数据中心公司 A direct connect virtual private interface for a one to many connection with multiple virtual private clouds
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN105721306A (en) * 2016-02-04 2016-06-29 杭州数梦工场科技有限公司 Configuration information transmission method and device
US20160294731A1 (en) * 2015-04-01 2016-10-06 Brocade Communications Systems, Inc. Techniques For Facilitating Port Mirroring In Virtual Networks
CN106789367A (en) * 2017-02-23 2017-05-31 郑州云海信息技术有限公司 The construction method and device of a kind of network system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105379227A (en) * 2013-05-07 2016-03-02 环球互连及数据中心公司 A direct connect virtual private interface for a one to many connection with multiple virtual private clouds
CN104394130A (en) * 2014-11-12 2015-03-04 国云科技股份有限公司 A multi-tenant virtual network isolating method
US20160294731A1 (en) * 2015-04-01 2016-10-06 Brocade Communications Systems, Inc. Techniques For Facilitating Port Mirroring In Virtual Networks
CN105099779A (en) * 2015-07-29 2015-11-25 北京京东尚科信息技术有限公司 Multi-tenant cloud platform architecture
CN105391771A (en) * 2015-10-16 2016-03-09 张陵 Multi-tenant-oriented cloud network architecture
CN105721306A (en) * 2016-02-04 2016-06-29 杭州数梦工场科技有限公司 Configuration information transmission method and device
CN106789367A (en) * 2017-02-23 2017-05-31 郑州云海信息技术有限公司 The construction method and device of a kind of network system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JUNJIE NI: "Virtual machine mapping policy based on load balancing in private cloud environment", 《2011 INTERNATIONAL CONFERENCE ON CLOUD AND SERVICE COMPUTING》 *
李文刚: "基于OpenStack的私有云设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936629B (en) * 2019-02-27 2021-09-03 浪潮云信息技术股份公司 Hybrid cloud network interconnection method and system
CN109936629A (en) * 2019-02-27 2019-06-25 山东浪潮云信息技术有限公司 A kind of mixed cloud network interconnecting method and system
CN109995759A (en) * 2019-03-04 2019-07-09 平安科技(深圳)有限公司 A kind of method and relevant apparatus of physical machine access VPC
CN111698338B (en) * 2019-03-15 2021-10-01 华为技术有限公司 Data transmission method and computer system
CN111698338A (en) * 2019-03-15 2020-09-22 华为技术有限公司 Data transmission method and computer system
US11451509B2 (en) 2019-03-15 2022-09-20 Huawei Technologies Co., Ltd. Data transmission method and computer system
CN111917649B (en) * 2019-05-10 2022-06-28 华为云计算技术有限公司 Virtual private cloud communication and configuration method and related device
CN111917893B (en) * 2019-05-10 2022-07-12 华为云计算技术有限公司 Virtual private cloud and data center under cloud communication and configuration method and related device
CN111917649A (en) * 2019-05-10 2020-11-10 华为技术有限公司 Virtual private cloud communication and configuration method and related device
CN111917893A (en) * 2019-05-10 2020-11-10 华为技术有限公司 Virtual private cloud and data center under cloud communication and configuration method and related device
US11729102B2 (en) 2019-05-24 2023-08-15 Huawei Cloud Computing Technologies Co., Ltd. Active-active cluster control method and control node
WO2020238835A1 (en) * 2019-05-24 2020-12-03 华为技术有限公司 Control method for main master cluster and control node
CN110336730B (en) * 2019-07-09 2022-01-18 腾讯科技(深圳)有限公司 Network system and data transmission method
CN110336730A (en) * 2019-07-09 2019-10-15 腾讯科技(深圳)有限公司 A kind of network system and data transmission method
CN113132201A (en) * 2019-12-30 2021-07-16 华为技术有限公司 Communication method and device between VPCs
CN113132201B (en) * 2019-12-30 2022-11-25 华为云计算技术有限公司 Communication method and device between VPCs
WO2021136311A1 (en) * 2019-12-30 2021-07-08 华为技术有限公司 Method and device for communication between vpcs
CN111404801A (en) * 2020-03-27 2020-07-10 四川虹美智能科技有限公司 Data processing method, device and system for cross-cloud manufacturer
CN111694519B (en) * 2020-05-29 2023-11-21 北京世纪互联宽带数据中心有限公司 Method, system and server for mounting cloud hard disk on bare metal server
CN111694519A (en) * 2020-05-29 2020-09-22 北京世纪互联宽带数据中心有限公司 Method and system for mounting cloud hard disk on bare metal server and server
CN111866124A (en) * 2020-07-17 2020-10-30 北京金山云网络技术有限公司 Method, device, server and machine-readable storage medium for accessing webpage
CN112583949A (en) * 2020-11-26 2021-03-30 新华三云计算技术有限公司 VPC (virtual private network) public network access method and VPC equipment
CN113645210A (en) * 2021-08-02 2021-11-12 上海云轴信息科技有限公司 Government affair cloud multi-region nano management method and equipment
CN114025010A (en) * 2021-10-20 2022-02-08 北京奥星贝斯科技有限公司 Method for establishing connection and network equipment
CN114025010B (en) * 2021-10-20 2024-04-16 北京奥星贝斯科技有限公司 Method for establishing connection and network equipment
CN114124896A (en) * 2021-11-03 2022-03-01 中盈优创资讯科技有限公司 Method and device for solving isolation of broadcast domain between client and service system
CN114124896B (en) * 2021-11-03 2023-08-08 中盈优创资讯科技有限公司 Method and device for solving isolation of broadcasting domain between client and service system
CN114125025A (en) * 2021-11-23 2022-03-01 北京奥星贝斯科技有限公司 Data transmission method and device under multi-target network
CN114125025B (en) * 2021-11-23 2024-02-13 北京奥星贝斯科技有限公司 Data transmission method and device under multi-target network
CN114726827A (en) * 2022-03-31 2022-07-08 阿里云计算有限公司 Multi-cluster service system, service access and information configuration method, device and medium
CN114726827B (en) * 2022-03-31 2022-11-15 阿里云计算有限公司 Multi-cluster service system, service access and information configuration method, device and medium
CN115102903A (en) * 2022-06-17 2022-09-23 济南浪潮数据技术有限公司 VPC equipment connection method, system, equipment and medium based on cloud platform
CN115499434A (en) * 2022-07-29 2022-12-20 天翼云科技有限公司 Cross-VPC flow forwarding method
CN115412527B (en) * 2022-08-29 2024-03-01 北京火山引擎科技有限公司 Method and device for unidirectional communication between virtual private networks
CN115412527A (en) * 2022-08-29 2022-11-29 北京火山引擎科技有限公司 Method and communication device for one-way communication between virtual private networks
CN115426313B (en) * 2022-08-31 2023-08-18 中电云数智科技有限公司 NAT optimization device and method based on OVN virtual machine network
CN115426313A (en) * 2022-08-31 2022-12-02 中电云数智科技有限公司 NAT optimization device and method based on OVN virtual machine network
CN115913824A (en) * 2023-02-10 2023-04-04 中航金网(北京)电子商务有限公司 VPC-crossing virtual server communication method and system
CN115913824B (en) * 2023-02-10 2023-07-25 中航金网(北京)电子商务有限公司 Virtual server communication method and system crossing VPC

Also Published As

Publication number Publication date
CN109361764B (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN109361764A (en) The interior service access method across VPC, device, equipment and readable storage medium storing program for executing
CN109120494B (en) The method of physical machine is accessed in cloud computing system
CN108449282B (en) Load balancing method and device
CA3106407C (en) Multi-cloud connectivity using srv6 and bgp
US11128493B2 (en) Method for implementing residential gateway service function, and server
CN103051737B (en) The method and system of the network capabilities merged on interconnection architecture is provided
US20210126966A1 (en) Load balancing in distributed computing systems
KR102138619B1 (en) Message clustering method and load balancer based on server cluster
CN106953788B (en) virtual network controller and control method
CN103997414B (en) Generate method and the network control unit of configuration information
CN107645444A (en) System, apparatus and method for the quick route transmission between virtual machine and cloud service computing device
CN107566441A (en) Method and system for the quick route transmission between virtual machine and cloud service computing device
JP2022546802A (en) Virtual private cloud communication and configuration methods and related equipment
CN106790675A (en) Load-balancing method, equipment and system in a kind of cluster
CN107483390A (en) A kind of cloud rendering web deployment subsystem, system and cloud rendering platform
CN109937400A (en) The stream mode of real-time migration for virtual machine transmits
CN104243427B (en) The online moving method of virtual machine, data pack transmission method and equipment
CN112671938B (en) Business service providing method and system and remote acceleration gateway
CN106453023B (en) It is a kind of for physical equipment and the communication means of virtual network, equipment and system
US10237235B1 (en) System for network address translation
US11595303B2 (en) Packet handling in software-defined net working (SDN) environments
CN105208053A (en) Method for realizing load balance, device and load balance service system
CN106815059A (en) Linux virtual server LVS automates O&M method and operational system
US20220263793A1 (en) Cloud infrastructure resources for connecting a service provider private network to a customer private network
CN107276826A (en) A kind of capacitor network collocation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant