Virtual firewall configuration method based on OVS, electronic equipment and storage medium

A technology of virtual firewall and configuration method, applied in the field of virtual firewall configuration based on OVS, can solve problems such as poor performance, and achieve the effect of rich configuration strategies

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
A technology of virtual firewall and configuration method, applied in the field of virtual firewall configuration based on OVS, can solve problems such as poor performance, and achieve the effect of rich configuration strategies

CN108322467AActive Publication Date: 2018-07-24云宏信息科技股份有限公司 +1

5 Cites 11 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.

Viewing Examples

Smart Image

Examples

Experimental program

Comparison scheme

Effect test

Embodiment Construction

[0030] Below, the present invention will be further described in conjunction with the accompanying drawings and specific implementation methods. It should be noted that, under the premise of not conflicting, the various embodiments described below or the technical features can be combined arbitrarily to form new embodiments. .

[0031] The present invention provides a kind of virtual firewall configuration method based on OVS, mainly comprises following key steps:

[0032] 1. Load the firewall rules saved in the system database. When the system starts, the firewall rules saved by the system are checked out from the database and loaded into the memory. Firewall rules belong to the physical host, source type (IP, IP segment, MAC), source object value, protocol, port number, target type (IP, IP segment, MAC), target object value, and unidirectional and bidirectional information. 2. Send the rules to the OVS of the physical host. When the system starts, establish an ssh (ssh is...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

PUM

Login to View More

Abstract

The invention discloses a virtual firewall configuration method based a OVS. The method comprises the following steps: enabling all virtual machines under each physical host to be isolated or connected in pairs, and writing a MAC address of a virtual machine into an openflow table; establishing a white list flow table rule or a blacklist flow table rule according to the MAC address, issuing the white list flow table rule or the blacklist flow table rule to the OVS of the homed physical host; judging whether the attribute of a data packet flowing through the OVS is matched with the white list flow table rule with the highest priority; if the attribute of the data packet flowing through the OVS is matched with the white list flow table rule with the highest priority, enabling the data packetto pass through a bridge on the physical host OVS; or abandoning the data packet. The function of the virtual firewall can be realized by configuring a network traffic filtering rule based on the openflow table of the OVS, the situation that the traditional virtual firewall configuration needs a firewall controller or firewall software is avoided, thereby achieving the aim of evading the defectsof the traditional virtual firewall, and the configuration policy is abundant and flexible.

Description

technical field [0001] The present invention relates to a firewall security technology, in particular to an OVS-based virtual firewall configuration method. Background technique [0002] At present, the cloud resource management platform is a virtualization platform for unified management of physical resources, virtual resources, and business resources through the network. The virtual machine is an important node of cloud computing virtual network communication. The security of the virtual machine can be configured by the firewall service of the virtual machine system itself, such as the iptables service of the linux system. For virtual network network traffic control firewall solutions, it can be divided into two types: virtual machine switch-based configuration access control list control strategy and virtual machine firewall software running in virtual machines. [0003] Chinese patent application 201410252561.0 discloses a distributed virtual firewall device and method,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

Application Information

Patent Timeline

24 Jul 2018

Publication

CN108322467A

IPC: H04L29/06

CPC: H04L63/0263; H04L63/0272; H04L63/20

Inventors: 陈来威; 张为杰