阅读说明：本技术 一种实现云内网和云外网互通的方法、系统、设备和介质 (Method, system, equipment and medium for realizing intercommunication between cloud internal network and cloud external network ) 是由 陈显桂 于 2021-08-10 设计创作，主要内容包括：本发明提出了一种实现云内网和云外网互通的方法、系统、设备和介质,该方法包括对配置后网关集群中每台裸金属服务器均安装虚拟交换机、数据库和同步组件,将云内网和虚拟交换机的信息一次同步至数据库中；将虚拟IP地址作为数据传输隧道端点地址注册到一次同步后的数据库中,同步组件将收集的OVN上的虚拟交换机网卡信息二次同步至数据库；在二次同步后的数据库中注册逻辑网络,在裸金属服务器上配置与云外网通信的虚拟局域网,建立虚拟扩展局域网和虚拟局域网的映射；使用虚拟扩展局域网创建虚拟机,通过虚拟机与云外网通信。基于该方法还提出实现云内网和云外网互通的系统、设备和介质,本发明提高了生产环境业务正常运行的稳定性。(The invention provides a method, a system, equipment and a medium for realizing intercommunication between a cloud internal network and a cloud external network, wherein the method comprises the steps of installing a virtual switch, a database and a synchronization component on each bare metal server in a configured gateway cluster, and synchronizing the information of the cloud internal network and the information of the virtual switch into the database at one time; registering the virtual IP address as a data transmission tunnel endpoint address into a database after primary synchronization, and secondarily synchronizing the collected network card information of the virtual switch on OVN to the database by a synchronization component; registering a logic network in a database after secondary synchronization, configuring a virtual local area network communicated with an extracloud network on a bare metal server, and establishing mapping between a virtual extended local area network and the virtual local area network; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine. Based on the method, the invention also provides a system, equipment and a medium for realizing the intercommunication of the cloud internal network and the cloud external network, and the invention improves the stability of normal operation of the production environment service.)

1. A method for realizing intercommunication between a cloud internal network and a cloud external network is characterized by comprising the following steps:

installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in the configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch to the vtep database once through the synchronization component;

registering a virtual IP address adopted when a gateway cluster is configured as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and secondarily synchronizing the collected virtual switch network card information on the distributed SDN controller to the vtep database by a synchronization component;

registering a logic network in a vtep database after secondary synchronization, wherein the logic network corresponds to a virtual extended local area network in a cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine.

2. The method according to claim 1, wherein the process of configuring the gateway cluster comprises:

building a gateway cluster, and installing high-availability software for each bare metal server in the gateway cluster;

setting one bare metal server in the gateway cluster as a main node, and taking the rest bare metal servers except the main node as standby nodes;

configuring an IP address as a virtual IP address of all nodes; all nodes comprise a main node and a standby node.

3. The method for realizing the intercommunication between the cloud intranet and the cloud extranet according to claim 1, wherein the vtep database is a database of a virtual switch; the vtep database is used for storing the logic network, the bare metal server network card, the binding relationship between the virtual local area network and the logic network and the mac address information of the cloud intranet virtual machine.

4. The method according to claim 1, wherein the process of synchronizing the information of the cloud intranet and the virtual switch to the vtep database at one time by the synchronization component is as follows: the process north direction is connected with the distributed SDN controller, the south direction is connected with the vtep database, and the distributed SDN controller is used for synchronizing the information of the cloud intranet and the virtual switch into the vtep database.

5. The method according to claim 1, wherein a logical network is registered in a vtep database after the secondary synchronization, and corresponds to a virtual extended local area network in the cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an extracloud network on a bare metal server, wherein the process of establishing mapping between a virtual extended LAN and the VLAN comprises the following steps:

creating a virtual extended local area network in the cloud intranet for communicating with the cloud extranet;

registering a logical network in a vtep database, wherein the logical network corresponds to the virtual extensible local area network;

binding a network card port on a bare metal server which needs to be communicated with the virtual expansion local area network to a logic network; the flow table simulator generates a flow table of the virtual local area network according to the binding relationship;

a vtep port is established in the cloud intranet, the data transmission tunnel endpoint address of the vtep port is configured to be a virtual IP address, and the network name corresponding to the vtep port is the name of the logic network.

6. The method for realizing the intercommunication between the cloud intranet and the cloud extranet according to claim 5, wherein: after the mapping between the virtual extended local area network and the virtual local area network is established, the method further comprises the following steps: the method comprises the steps that a flow table simulator, a synchronization component and high-availability software are started on a bare metal server, and changes of binding relations and health activity conditions of main and standby nodes are monitored in real time; the flow table simulator is used for generating a vtep endpoint on the bare metal server and processing the sending and receiving of the virtual expansion local area network data packet; and reading the binding relationship in the vtep database, generating a relevant receiving flow table on the network card of the bare metal server, a virtual expansion local area network and a virtual local area network conversion flow table, and processing and forwarding the data packet.

7. The method according to claim 1, wherein the process of creating a virtual machine using the virtual extended lan, and communicating with the cloud extranet through the virtual machine, comprises:

establishing a vtep port on a virtual expansion local area network of a cloud intranet, and configuring a data transmission tunnel endpoint address of the vtep port as a virtual IP address;

and configuring a logic flow table in the distributed SDN controller to enable all unknown mac address data packets to point to a vtep port, and enabling the vtep port to send the data packets to the main node bare metal server through a virtual IP address through a virtual expansion local area network tunnel.

8. A system for realizing intercommunication between a cloud internal network and a cloud external network is characterized by comprising a first synchronization module, a second synchronization module and a communication module;

the first synchronization module is used for installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in the configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch to the vtep database at one time through the synchronization component;

the second synchronization module is used for registering a virtual IP address adopted in configuring a gateway cluster as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and the synchronization component secondarily synchronizes the collected virtual switch network card information on the distributed SDN controller to the vtep database;

the communication module is used for registering a logic network in the vtep database after secondary synchronization and corresponding to a virtual extended local area network in the cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine.

9. An apparatus, comprising:

a memory for storing a computer program;

a processor for implementing the method steps of any one of claims 1 to 7 when executing the computer program.

10. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method steps of any one of claims 1 to 7.

Technical Field

The invention belongs to the technical field of cloud computing, and particularly relates to a method, a system, equipment and a medium for realizing intercommunication between a cloud intranet and a cloud extranet.

Background

In recent years, cloud computing has been deeply integrated into our daily lives. OpenStack is a relatively mature open source cloud computing management platform, covers various basic functional services such as computing, storage, network and the like, and is widely recognized in the industry. By means of large-scale application of OpenStack in various industries, OpenStack has become an industry standard, OVN is developed and designed based on OpenStack network standards and interface standards, and completely adapts to various functions of OpenStack. The ovn (open Virtual network) is a distributed SDN software system supporting Virtual networks, and OVN supports Virtual network abstractions such as L2 and L3 networks and security groups natively on the basis of existing functions of the OVS. OVN, the L2, L3 and security group related functions are implemented based on OVS flow tables.

At present, the business of many customers is also migrated to the cloud from the local, but in practice, the service of some customers has higher requirements on the performance of the machine, and the service needs to be operated in a physical machine, such as: database service, and the like, most of the database service of the traditional service is operated on a physical machine in a local data center, and in order to meet the requirement that the service in the cloud can access the database outside the cloud, the OVN community provides a scheme for intercommunication between the network in the cloud and the network outside the cloud, but the scheme is not highly available, single-point failure is easy to occur, so that the intercommunication between the network in the cloud and the network outside the cloud is caused, the normal service operation of a user is influenced, and poor use experience is brought to the user.

Disclosure of Invention

In order to solve the technical problems, the invention provides a method, a system, equipment and a medium for realizing the intercommunication of a cloud intranet and a cloud extranet, which are realized through software, get rid of the dependence on hardware, effectively solve the problem of hardware manufacturer binding, improve the product competitiveness, effectively avoid single-point faults with high availability and enhance the user stickiness.

In order to achieve the purpose, the invention adopts the following technical scheme:

a method for realizing intercommunication between a cloud internal network and a cloud external network comprises the following steps:

installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in the configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch to the vtep database once through the synchronization component;

registering a virtual IP address adopted when a gateway cluster is configured as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and secondarily synchronizing the collected virtual switch network card information on the distributed SDN controller to the vtep database by a synchronization component;

registering a logic network in a vtep database after secondary synchronization, wherein the logic network corresponds to a virtual extended local area network in a cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine.

Further, the process of configuring the gateway cluster includes:

building a gateway cluster, and installing high-availability software for each bare metal server in the gateway cluster;

setting one bare metal server in the gateway cluster as a main node, and taking the rest bare metal servers except the main node as standby nodes;

configuring an IP address as a virtual IP address of all nodes; all nodes comprise a main node and a standby node.

Further, the vtep database is a database of the virtual switch; the vtep database is used for storing the logic network, the bare metal server network card, the binding relationship between the virtual local area network and the logic network and the mac address information of the cloud intranet virtual machine.

Further, the process of synchronizing the information of the cloud intranet and the virtual switch to the vtep database through the synchronization component at one time is as follows: the process north direction is connected with the distributed SDN controller, the south direction is connected with the vtep database, and the distributed SDN controller is used for synchronizing the information of the cloud intranet and the virtual switch into the vtep database.

Further, a logic network is registered in the vtep database after the secondary synchronization, and corresponds to a virtual extended local area network in the cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an extracloud network on a bare metal server, wherein the process of establishing mapping between a virtual extended LAN and the VLAN comprises the following steps:

creating a virtual extended local area network in the cloud intranet for communicating with the cloud extranet;

registering a logical network in a vtep database, wherein the logical network corresponds to the virtual extensible local area network;

binding a network card port on a bare metal server which needs to be communicated with the virtual expansion local area network to a logic network; the flow table simulator generates a flow table of the virtual local area network according to the binding relationship;

a vtep port is established in the cloud intranet, the data transmission tunnel endpoint address of the vtep port is configured to be a virtual IP address, and the network name corresponding to the vtep port is the name of the logic network.

Further, after establishing the mapping between the virtual expansion lan and the virtual lan, the method further includes: the method comprises the steps that a flow table simulator, a synchronization component and high-availability software are started on a bare metal server, and changes of binding relations and health activity conditions of main and standby nodes are monitored in real time; the flow table simulator is used for generating a vtep endpoint on the bare metal server and processing the sending and receiving of the virtual expansion local area network data packet; and reading the binding relationship in the vtep database, generating a relevant receiving flow table on the network card of the bare metal server, a virtual expansion local area network and a virtual local area network conversion flow table, and processing and forwarding the data packet.

Further, the process of creating a virtual machine using the virtual expansion lan and communicating with the extracloud network through the virtual machine is as follows:

establishing a vtep port on a virtual expansion local area network of a cloud intranet, and configuring a data transmission tunnel endpoint address of the vtep port as a virtual IP address;

and configuring a logic flow table in the distributed SDN controller to enable all unknown mac address data packets to point to a vtep port, and enabling the vtep port to send the data packets to the main node bare metal server through a virtual IP address through a virtual expansion local area network tunnel.

The invention also provides a system for realizing the intercommunication of the cloud internal network and the cloud external network, which comprises a first synchronization module, a second synchronization module and a communication module;

the first synchronization module is used for installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in the configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch to the vtep database at one time through the synchronization component;

the second synchronization module is used for registering a virtual IP address adopted in configuring a gateway cluster as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and the synchronization component secondarily synchronizes the collected virtual switch network card information on the distributed SDN controller to the vtep database;

the communication module is used for registering a logic network in the vtep database after secondary synchronization and corresponding to a virtual extended local area network in the cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine.

The invention also proposes a device comprising:

a memory for storing a computer program;

a processor for implementing the method steps when executing the computer program.

The invention also proposes a readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the method steps.

The effect provided in the summary of the invention is only the effect of the embodiment, not all the effects of the invention, and one of the above technical solutions has the following advantages or beneficial effects:

the invention provides a method, a system, equipment and a medium for realizing intercommunication between a cloud intranet and a cloud extranet, wherein the method comprises the steps of installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in a configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch into the vtep database at one time through the synchronization component; registering a virtual IP address adopted when a gateway cluster is configured as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and secondarily synchronizing the collected virtual switch network card information on the distributed SDN controller to the vtep database by a synchronization component; registering a logic network in a vtep database after secondary synchronization, wherein the logic network corresponds to a virtual extended local area network in a cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine. According to the method, intercommunication between an intra-cloud vxlan network and an extra-cloud vlan network is realized on an OpenStack platform based on OVN, keepalive software is used, a master-standby mode is adopted, each node uses VIP to register a tunnel to OVN, the VIP is located on a main node under normal conditions and provides intercommunication service through the main node, when the main node fails, the keepalive selects one main node from standby nodes based on a vrrp protocol, the VIP drifts to the selected standby node to become the main node, and intercommunication service is provided. The keepalived software is open source software, can save cost for customers, and can flexibly expand capacity. The method is realized by software, so that the dependence on hardware is eliminated, the problem of binding by hardware manufacturers is effectively solved, the product competitiveness is improved, the single-point failure is effectively avoided with high availability, and the user stickiness is enhanced. High availability is ingeniously realized, and the stability of normal operation of production environment services is improved.

Based on a method for realizing the intercommunication between the cloud intranet and the cloud extranet, the invention also provides a system, equipment and a storage medium for realizing the intercommunication between the cloud intranet and the cloud extranet, and the system, the equipment and the storage medium also have the functions of the method, and are not described herein again.

Drawings

Fig. 1 is a schematic diagram of an architecture connection for implementing intercommunication between a cloud intranet and a cloud extranet in embodiment 1 of the present invention;

fig. 2 is a flowchart of a method for implementing intercommunication between a cloud intranet and a cloud extranet in embodiment 1 of the present invention;

fig. 3 is a schematic diagram of a system for implementing intercommunication between a cloud intranet and a cloud extranet in embodiment 2 of the present invention.

Detailed Description

In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.

Example 1

Embodiment 1 of the present invention provides a method for implementing intercommunication between a cloud intranet and a cloud extranet, which implements intercommunication between an in-cloud vlan network and an out-cloud vlan network based on OVN on an OpenStack platform. The core of the method is that keepalive software is used, a master-backup mode is adopted, each node uses a virtual IP address VIP to register a tunnel to OVN, the virtual IP address VIP is located on a master node under normal conditions and provides intercommunication service by the master node, when the master node fails, the master node is selected from the slave nodes based on a vrrp protocol, the VIP drifts to the selected slave node to become the master node, and intercommunication service is provided.

Wherein Ovn: an Open Virtual Network distributed SDN controller;

vxlan: virtual eXtensible Local Area Network Virtual expansion Local Area Network;

and (3) Vlan: virtual Local Area Network.

Keepalived: software for realizing high availability of service based on vrrp protocol

The implementation process of the invention is not limited to Keepalived software, and Heartbeat software can be selected.

The overall process realized in the invention is as follows: installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in the configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch to the vtep database once through the synchronization component;

registering a virtual IP address adopted when a gateway cluster is configured as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and secondarily synchronizing the collected virtual switch network card information on the distributed SDN controller to the vtep database by a synchronization component;

registering a logic network in a vtep database after secondary synchronization, wherein the logic network corresponds to a virtual extended local area network in a cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine.

Fig. 1 is a schematic diagram of an architecture connection for implementing intercommunication between a cloud intranet and a cloud extranet in embodiment 1 of the present invention. Fig. 2 is a flowchart of a method for implementing intercommunication between a cloud intranet and a cloud extranet in embodiment 1 of the present invention;

in step S201, n (n >1) bare metal servers are prepared to build a gateway cluster, and an operating system and keepalived software are installed on the n bare metals; in this step, the kernel emulated software is installed using the yum install emulated command.

In step S202, a bare metal server is selected as a master node, other nodes are standby nodes, and keepalived is configured in the master/standby mode.

In the step, the state in the/etc/keepalive. conf configuration file of the main node is configured as MASTER, and the state in the/etc/keepalive. conf configuration files of other standby nodes is configured as BACKUP; selecting an unused IP from a management network as a virtual IP address VIP and configuring the unused IP into virtual _ ipaddress configuration options in the keepalive. conf of all nodes;

in step S203, installing an operating system on all bare metal servers and configuring OpenvSwitch and vtep databases, where OpenvSwitch is a virtual switch; the vtep database is a database of OpenvSwitch. The vtep database is used for storing a logic network (corresponding to the OpenStack vxlan network), a bare metal server network card, a binding relationship between the vlan network and the logic network, mac address information of a virtual machine in the OpenStack, and the like.

In step S204, ovn-vtep component is configured on the bare metal server, and the process is northbound to OVN and the southbound to vtep database, which are used to synchronize the network in the OpenStack cloud and the information related to the virtual machine to the vtep database. Wherein the ovn-vtep component is a ovn gateway data synchronization component, which is simplified into a synchronization component in the invention.

In step S205, registering on the bare metal server using the virtual IP address VIP in step S202 as a tunnel address into a vtep database, and the OVN-vtep component discovering and registering tunnel information to the OVN, which manages the corresponding bare metal server; ovn-vtep component synchronizes the collected OVN network card information (such as mac address) of the virtual machine to the vtep database, and provides a data source for generating a flow table for internal and external mutual access of the cloud; wherein the tunnel address is the data transmission tunnel endpoint address.

In step S206, a vxlan-type network is created on the OpenStack platform for the network communicating with outside the cloud.

In step S207, a logical network is registered in the vtep data, and the logical network corresponds to a vxlan network in the OpenStack network.

In step S208, the network card port on the bare metal server that needs to communicate with the vxlan network in the cloud is bound to the logic network created above, where the network card port includes information such as the name of the network card port and the vlan number, and the vtep simulator generates a flow table related to the modified vlan according to the binding relationship. The vtep simulator is a script file, runs as a resident process and mainly generates a flow table; i.e. the vtep simulator is a flow table simulator.

In step S209, a vtep port is created on the OpenStack network, an options option tunnel address of the vtep port is configured as a VIP address, and a corresponding network name is a logical network name in the vtep database.

In step S210, the vtep simulator, ovn-vtep component, and keepalived are respectively started on the bare metal, and they are used as a resident process to monitor the binding relationship change and the health status of the host and the standby in real time. The vtep simulator is used for generating a vtep endpoint on the bare metal server and processing the sending and receiving of the vxlan data packet; reading the binding relationship in the vtep database, generating a receiving related flow table on the bare metal network card and a vxlan and vlan conversion flow table, and processing and forwarding the data packet;

in step S211, a virtual machine is created on the OpenStack platform using a vxlan network, and an out-of-cloud host accessing the same network segment in the virtual machine except the created virtual machine can normally communicate;

in the step, a vtep port is established on a vxlan network on OpenStack, and the corresponding relation between the vtep port and a VIP address as well as a logic network in a vtep database is configured; configuring a logical flow table in OVN to point all OVN unknown mac address data packets to the vtep port, and sending the data packets to the primary node bare metal server through the VIP through the vxlan tunnel by the vtep port;

the method also comprises the steps that the bare metal server of the main node simulates the fault through shutdown, and after shutdown, the cloud external host in the same network segment is continuously accessed inside the virtual machine to be capable of normally communicating, namely high availability is verified, and normal communication is not influenced by single-node faults.

According to the method, intercommunication between an intra-cloud vxlan network and an extra-cloud vlan network is realized on an OpenStack platform based on OVN, keepalive software is used, a master-standby mode is adopted, each node uses VIP to register a tunnel to OVN, the VIP is located on a main node under normal conditions and provides intercommunication service through the main node, when the main node fails, the keepalive selects one main node from standby nodes based on a vrrp protocol, the VIP drifts to the selected standby node to become the main node, and intercommunication service is provided. The keepalived software is open source software, can save cost for customers, and can flexibly expand capacity. The method is realized by software, so that the dependence on hardware is eliminated, the problem of binding by hardware manufacturers is effectively solved, the product competitiveness is improved, the single-point failure is effectively avoided with high availability, and the user stickiness is enhanced. High availability is ingeniously realized, and the stability of normal operation of production environment services is improved.

Example 2

Based on the method for realizing the intercommunication between the cloud intranet and the cloud extranet provided by the embodiment 1 of the invention, the embodiment 2 of the invention also provides a system for realizing the intercommunication between the cloud intranet and the cloud extranet. Fig. 3 is a schematic diagram of a system for implementing intercommunication between a cloud intranet and a cloud extranet in embodiment 2 of the present invention. The system comprises: the system comprises a first synchronization module, a second synchronization module and a communication module;

the first synchronization module is used for installing a virtual switch, a vtep database and a configuration synchronization component on each bare metal server in the configured gateway cluster, and synchronizing the information of the cloud intranet and the virtual switch to the vtep database at one time through the synchronization component;

the second synchronization module is used for registering a virtual IP address adopted in configuring a gateway cluster as a data transmission tunnel endpoint address into a vtep database after primary synchronization, and the synchronization component secondarily synchronizes the collected virtual switch network card information on the distributed SDN controller to the vtep database;

the communication module is used for registering a logic network in the vtep database after secondary synchronization and corresponding to a virtual extended local area network in the cloud intranet; configuring a Virtual Local Area Network (VLAN) which is communicated with an external cloud network on a bare metal server, and establishing mapping between a virtual extended LAN and the VLAN; and creating a virtual machine by using the virtual extended local area network, and communicating with the cloud extranet through the virtual machine.

The first synchronization module realizes the following processes:

preparing n (n >1) bare metal servers to build a gateway cluster, and installing an operating system and keepalived software on the n bare metals; in this step, the kernel emulated software is installed using the yum install emulated command.

A bare metal server is selected as a main node, other nodes are standby nodes, and keepalived is configured into a main standby mode. The state in the/etc/keepalive. conf configuration file of the MASTER node is configured as MASTER, and the state in the/etc/keepalive. conf configuration file of other standby nodes is configured as BACKUP; selecting an unused IP from a management network as a virtual IP address VIP and configuring the unused IP into virtual _ ipaddress configuration options in the keepalive. conf of all nodes;

installing an operating system on all bare metal servers and configuring OpenvSwitch and a vtep database, wherein the OpenvSwitch is a virtual switch; the vtep database is a database of OpenvSwitch. The vtep database is used for storing a logic network (corresponding to the OpenStack vxlan network), a bare metal server network card, a binding relationship between the vlan network and the logic network, mac address information of a virtual machine in the OpenStack, and the like.

Ovn-vtep components are configured on the bare metal server, a process northbound connection OVN and a southbound connection vtep database are configured on the bare metal server, and the method is used for synchronizing the related information of the network and the virtual machine in the OpenStack cloud to the vtep database. Wherein the ovn-vtep component is a ovn gateway data synchronization component, which is simplified into a synchronization component in the invention.

The second synchronization module realizes the following processes: registering on the bare metal server using the virtual IP address VIP in step S202 as a tunnel address into a vtep database, the OVN-vtep component discovering and registering tunnel information to the OVN, the OVN hosting the corresponding bare metal server; ovn-vtep component synchronizes the collected OVN network card information (such as mac address) of the virtual machine to the vtep database, and provides a data source for generating a flow table for internal and external mutual access of the cloud; wherein the tunnel address is the data transmission tunnel endpoint address.

The communication module realizes the following processes:

a vxlan-type network is created on the OpenStack platform for use in a network that communicates with outside the cloud.

And registering a logical network in vtep data, wherein the logical network corresponds to a vxlan network in the OpenStack network.

And binding a network card port on a bare metal server which needs to be communicated with the vxlan network in the cloud to the logic network established above, wherein the network card port comprises information such as the name of the network card port, the number of the vlan and the like, and the vtep simulator can generate a flow table for modifying the vlan according to the binding relationship. The vtep simulator is a script file, runs as a resident process and mainly generates a flow table; i.e. the vtep simulator is a flow table simulator.

Creating a vtep port on the OpenStack network, configuring an options option tunnel address of the vtep port as a VIP address, and setting a corresponding network name as a logical network name in a vtep database.

Respectively starting a vtep simulator, an ovn-vtep component and a keepalived on bare metal, and using the vtep simulator, the ovn-vtep component and the keepalived as resident processes to monitor the change of the binding relationship and the health activity conditions of the main and standby devices in real time. The vtep simulator is used for generating a vtep endpoint on the bare metal server and processing the sending and receiving of the vxlan data packet; reading the binding relationship in the vtep database, generating a receiving related flow table on the bare metal network card and a vxlan and vlan conversion flow table, and processing and forwarding the data packet;

the method comprises the steps that a virtual machine is established on an OpenStack platform through a vxlan network, and a cloud external host accessing the same network segment in the virtual machine can normally communicate after the virtual machine is established; establishing a vtep port on a vxlan network on OpenStack, and configuring a corresponding relation between the vtep port and a VIP address as well as a logic network in a vtep database; configuring a logical flow table in OVN to point all OVN unknown mac address data packets to the vtep port, and sending the data packets to the primary node bare metal server through the VIP through the vxlan tunnel by the vtep port;

the module also comprises a bare metal server of the main node, wherein the bare metal server simulates a fault through shutdown, and after shutdown, the bare metal server continues to access the out-of-cloud host in the same network segment inside the virtual machine to be capable of normally communicating, namely high availability is verified, and normal communication is not influenced by single-node faults.

Example 3

The invention also proposes a device comprising:

a memory for storing a computer program;

a processor for implementing the method steps when executing the computer program as follows:

in step S201, n (n >1) bare metal servers are prepared to build a gateway cluster, and an operating system and keepalived software are installed on the n bare metals; in this step, the kernel emulated software is installed using the yum install emulated command.

In step S202, a bare metal server is selected as a master node, other nodes are standby nodes, and keepalived is configured in the master/standby mode.

In the step, the state in the/etc/keepalive. conf configuration file of the main node is configured as MASTER, and the state in the/etc/keepalive. conf configuration files of other standby nodes is configured as BACKUP; selecting an unused IP from a management network as a virtual IP address VIP and configuring the unused IP into virtual _ ipaddress configuration options in the keepalive. conf of all nodes;

in step S203, installing an operating system on all bare metal servers and configuring OpenvSwitch and vtep databases, where OpenvSwitch is a virtual switch; the vtep database is a database of OpenvSwitch. The vtep database is used for storing a logic network (corresponding to the OpenStack vxlan network), a bare metal server network card, a binding relationship between the vlan network and the logic network, mac address information of a virtual machine in the OpenStack, and the like.

In step S204, ovn-vtep component is configured on the bare metal server, and the process is northbound to OVN and the southbound to vtep database, which are used to synchronize the network in the OpenStack cloud and the information related to the virtual machine to the vtep database. Wherein the ovn-vtep component is a ovn gateway data synchronization component, which is simplified into a synchronization component in the invention.

In step S205, registering on the bare metal server using the virtual IP address VIP in step S202 as a tunnel address into a vtep database, and the OVN-vtep component discovering and registering tunnel information to the OVN, which manages the corresponding bare metal server; ovn-vtep component synchronizes the collected OVN network card information (such as mac address) of the virtual machine to the vtep database, and provides a data source for generating a flow table for internal and external mutual access of the cloud; wherein the tunnel address is the data transmission tunnel endpoint address.

In step S206, a vxlan-type network is created on the OpenStack platform for the network communicating with outside the cloud.

In step S207, a logical network is registered in the vtep data, and the logical network corresponds to a vxlan network in the OpenStack network.

In step S208, the network card port on the bare metal server that needs to communicate with the vxlan network in the cloud is bound to the logic network created above, where the network card port includes information such as the name of the network card port and the vlan number, and the vtep simulator generates a flow table related to the modified vlan according to the binding relationship. The vtep simulator is a script file, runs as a resident process and mainly generates a flow table; i.e. the vtep simulator is a flow table simulator.

In step S209, a vtep port is created on the OpenStack network, an options option tunnel address of the vtep port is configured as a VIP address, and a corresponding network name is a logical network name in the vtep database.

In step S210, the vtep simulator, ovn-vtep component, and keepalived are respectively started on the bare metal, and they are used as a resident process to monitor the binding relationship change and the health status of the host and the standby in real time. The vtep simulator is used for generating a vtep endpoint on the bare metal server and processing the sending and receiving of the vxlan data packet; reading the binding relationship in the vtep database, generating a receiving related flow table on the bare metal network card and a vxlan and vlan conversion flow table, and processing and forwarding the data packet;

in step S211, a virtual machine is created on the OpenStack platform using a vxlan network, and an out-of-cloud host accessing the same network segment in the virtual machine except the created virtual machine can normally communicate;

in the step, a vtep port is established on a vxlan network on OpenStack, and the corresponding relation between the vtep port and a VIP address as well as a logic network in a vtep database is configured; configuring a logical flow table in OVN to point all OVN unknown mac address data packets to the vtep port, and sending the data packets to the primary node bare metal server through the VIP through the vxlan tunnel by the vtep port;

the method also comprises the steps that the bare metal server of the main node simulates the fault through shutdown, and after shutdown, the cloud external host in the same network segment is continuously accessed inside the virtual machine to be capable of normally communicating, namely high availability is verified, and normal communication is not influenced by single-node faults.

Need to explain: the technical solution of the present invention also provides an electronic device, including: the communication interface can carry out information interaction with other equipment such as network equipment and the like; the processor is connected with the communication interface to realize information interaction with other equipment, and is used for executing the method for realizing the intercommunication between the cloud intranet and the cloud extranet provided by one or more technical schemes when running a computer program, and the computer program is stored on the memory. Of course, in practice, the various components in an electronic device are coupled together by a bus system. It will be appreciated that a bus system is used to enable communications among the components. The bus system includes a power bus, a control bus, and a status signal bus in addition to a data bus. The memory in the embodiments of the present application is used to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program for operating on an electronic device. It will be appreciated that the memory can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memories described in the embodiments of the present application are intended to comprise, without being limited to, these and any other suitable types of memory. The method disclosed in the embodiments of the present application may be applied to a processor, or may be implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor may be a general purpose processor, a DSP (Digital Signal Processing, i.e., a chip capable of implementing Digital Signal Processing technology), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The processor may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in a memory where a processor reads the programs in the memory and in combination with its hardware performs the steps of the method as previously described. When the processor executes the program, corresponding processes in the methods of the embodiments of the present application are implemented, and for brevity, are not described herein again.

Example 4

The invention also proposes a readable storage medium on which a computer program is stored, which, when executed by a processor, implements the method steps of:

in step S201, n (n >1) bare metal servers are prepared to build a gateway cluster, and an operating system and keepalived software are installed on the n bare metals; in this step, the kernel emulated software is installed using the yum install emulated command.

In step S202, a bare metal server is selected as a master node, other nodes are standby nodes, and keepalived is configured in the master/standby mode.

In the step, the state in the/etc/keepalive. conf configuration file of the main node is configured as MASTER, and the state in the/etc/keepalive. conf configuration files of other standby nodes is configured as BACKUP; selecting an unused IP from a management network as a virtual IP address VIP and configuring the unused IP into virtual _ ipaddress configuration options in the keepalive. conf of all nodes;

in step S203, installing an operating system on all bare metal servers and configuring OpenvSwitch and vtep databases, where OpenvSwitch is a virtual switch; the vtep database is a database of OpenvSwitch. The vtep database is used for storing a logic network (corresponding to the OpenStack vxlan network), a bare metal server network card, a binding relationship between the vlan network and the logic network, mac address information of a virtual machine in the OpenStack, and the like.

In step S204, ovn-vtep component is configured on the bare metal server, and the process is northbound to OVN and the southbound to vtep database, which are used to synchronize the network in the OpenStack cloud and the information related to the virtual machine to the vtep database. Wherein the ovn-vtep component is a ovn gateway data synchronization component, which is simplified into a synchronization component in the invention.

In step S205, registering on the bare metal server using the virtual IP address VIP in step S202 as a tunnel address into a vtep database, and the OVN-vtep component discovering and registering tunnel information to the OVN, which manages the corresponding bare metal server; ovn-vtep component synchronizes the collected OVN network card information (such as mac address) of the virtual machine to the vtep database, and provides a data source for generating a flow table for internal and external mutual access of the cloud; wherein the tunnel address is the data transmission tunnel endpoint address.

In step S206, a vxlan-type network is created on the OpenStack platform for the network communicating with outside the cloud.

In step S207, a logical network is registered in the vtep data, and the logical network corresponds to a vxlan network in the OpenStack network.

In step S208, the network card port on the bare metal server that needs to communicate with the vxlan network in the cloud is bound to the logic network created above, where the network card port includes information such as the name of the network card port and the vlan number, and the vtep simulator generates a flow table related to the modified vlan according to the binding relationship. The vtep simulator is a script file, runs as a resident process and mainly generates a flow table; i.e. the vtep simulator is a flow table simulator.

In step S209, a vtep port is created on the OpenStack network, an options option tunnel address of the vtep port is configured as a VIP address, and a corresponding network name is a logical network name in the vtep database.

In step S210, the vtep simulator, ovn-vtep component, and keepalived are respectively started on the bare metal, and they are used as a resident process to monitor the binding relationship change and the health status of the host and the standby in real time. The vtep simulator is used for generating a vtep endpoint on the bare metal server and processing the sending and receiving of the vxlan data packet; reading the binding relationship in the vtep database, generating a receiving related flow table on the bare metal network card and a vxlan and vlan conversion flow table, and processing and forwarding the data packet;

in step S211, a virtual machine is created on the OpenStack platform using a vxlan network, and an out-of-cloud host accessing the same network segment in the virtual machine except the created virtual machine can normally communicate;

in the step, a vtep port is established on a vxlan network on OpenStack, and the corresponding relation between the vtep port and a VIP address as well as a logic network in a vtep database is configured; configuring a logical flow table in OVN to point all OVN unknown mac address data packets to the vtep port, and sending the data packets to the primary node bare metal server through the VIP through the vxlan tunnel by the vtep port;

the method also comprises the steps that the bare metal server of the main node simulates the fault through shutdown, and after shutdown, the cloud external host in the same network segment is continuously accessed inside the virtual machine to be capable of normally communicating, namely high availability is verified, and normal communication is not influenced by single-node faults.

For a description of a relevant part in the device and the storage medium for implementing the intercommunication between the cloud intranet and the cloud extranet provided in the embodiment of the present application, reference may be made to a detailed description of a corresponding part in the method for implementing the intercommunication between the cloud intranet and the cloud extranet provided in embodiment 1 of the present application, and details are not repeated here.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include elements inherent in the list. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element. In addition, parts of the above technical solutions provided in the embodiments of the present application, which are consistent with the implementation principles of corresponding technical solutions in the prior art, are not described in detail so as to avoid redundant description.

Although the embodiments of the present invention have been described with reference to the accompanying drawings, the scope of the present invention is not limited thereto. Various modifications and alterations will occur to those skilled in the art based on the foregoing description. And are neither required nor exhaustive of all embodiments. On the basis of the technical scheme of the invention, various modifications or changes which can be made by a person skilled in the art without creative efforts are still within the protection scope of the invention.