Method and device for achieving function of security group

A security group and function technology, applied in the field of network communication, can solve problems such as system resource waste, system performance degradation, increased configuration workload, etc., to achieve the effect of avoiding waste and improving work efficiency

Inactive Publication Date: 2015-03-04
NEW H3C TECH CO LTD
View PDF8 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When there are a large number of virtual machines in the network, it is necessary to create the same number of bridges, which causes a waste of system resources and increases the workload of configuration.
At the same time, the message transmission needs to be forwarded twice by the bridge and the virtual switch before reaching the virtual machine, resulting in system performance degradation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for achieving function of security group
  • Method and device for achieving function of security group
  • Method and device for achieving function of security group

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] In order to make the purpose, technical solutions and advantages of the present application clearer, the solutions described in the present application will be further described in detail below with reference to the accompanying drawings.

[0020] figure 1 Shown is a schematic diagram of the SDN network structure in the virtual environment. This SDN network comprises server 1, server 2 and controller, wherein, server 1 comprises virtual machine VM1, VM2 and virtual switch OVS1, and VM1 is connected on the port S1 of OVS1, and VM2 is connected on the port S2 of OVS1; Including virtual machines VM3, VM4 and virtual switch OVS2, VM3 is connected to port S3 of OVS2, and VM4 is connected to port S4 of OVS2. The controller instructs the virtual switch to process service packets according to the flow entry by delivering the flow entry to the virtual switch.

[0021] When implementing security group policies for service packets in an SDN network, the existing technical soluti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The application provides a method and device for achieving function of security group; the method and device for achieving function of security group are applied for software definition network SDN controller. The method comprises the following steps: receiving a flow table entry request message uploaded by a virtual switch; matching a message characteristic of a service message carried in the flow table entry request message with a preset security group policy; issuing a flow table entry for processing the service message to the virtual switch based on the match result. By carrying out the security group check in the controller, the method and device for achieving function of security group avoids wasting the system resources, and increases the work efficiency of the system.

Description

technical field [0001] The present application relates to the technical field of network communication, and in particular to a method and device for implementing a security group function. Background technique [0002] Currently, in an SDN (Software Defined Networks, software-defined network) network, the SDN controller sends a flow entry to the virtual switch, and the virtual switch processes the service packets of the virtual machine according to the flow entry. The virtual machine and the virtual switch are connected through a bridge (network bridge) of Linux, and the security group function is realized by running IPtables (Internet Protocol address table) for IP (Internet Protocol, Internet Protocol) packet filtering on the bridge. A security group is a collection of a series of network security policies, which limit the type and direction of network traffic allowed to pass through a specific port. [0003] The existing security group implementation scheme needs to crea...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/741H04L29/06H04L45/74
Inventor 温涛林涛丁波叶镖翔
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap