Virtual firewall configuration method based on OVS, electronic equipment and storage medium

A technology of virtual firewall and configuration method, applied in the field of virtual firewall configuration based on OVS, can solve problems such as poor performance, and achieve the effect of rich configuration strategies

Active Publication Date: 2018-07-24
云宏信息科技股份有限公司 +1
View PDF5 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, some firewall software filtering rules need to fil

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual firewall configuration method based on OVS, electronic equipment and storage medium
  • Virtual firewall configuration method based on OVS, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] Below, the present invention will be further described in conjunction with the accompanying drawings and specific implementation methods. It should be noted that, under the premise of not conflicting, the various embodiments described below or the technical features can be combined arbitrarily to form new embodiments. .

[0031] The present invention provides a kind of virtual firewall configuration method based on OVS, mainly comprises following key steps:

[0032] 1. Load the firewall rules saved in the system database. When the system starts, the firewall rules saved by the system are checked out from the database and loaded into the memory. Firewall rules belong to the physical host, source type (IP, IP segment, MAC), source object value, protocol, port number, target type (IP, IP segment, MAC), target object value, and unidirectional and bidirectional information. 2. Send the rules to the OVS of the physical host. When the system starts, establish an ssh (ssh is...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a virtual firewall configuration method based a OVS. The method comprises the following steps: enabling all virtual machines under each physical host to be isolated or connected in pairs, and writing a MAC address of a virtual machine into an openflow table; establishing a white list flow table rule or a blacklist flow table rule according to the MAC address, issuing the white list flow table rule or the blacklist flow table rule to the OVS of the homed physical host; judging whether the attribute of a data packet flowing through the OVS is matched with the white list flow table rule with the highest priority; if the attribute of the data packet flowing through the OVS is matched with the white list flow table rule with the highest priority, enabling the data packetto pass through a bridge on the physical host OVS; or abandoning the data packet. The function of the virtual firewall can be realized by configuring a network traffic filtering rule based on the openflow table of the OVS, the situation that the traditional virtual firewall configuration needs a firewall controller or firewall software is avoided, thereby achieving the aim of evading the defectsof the traditional virtual firewall, and the configuration policy is abundant and flexible.

Description

technical field [0001] The present invention relates to a firewall security technology, in particular to an OVS-based virtual firewall configuration method. Background technique [0002] At present, the cloud resource management platform is a virtualization platform for unified management of physical resources, virtual resources, and business resources through the network. The virtual machine is an important node of cloud computing virtual network communication. The security of the virtual machine can be configured by the firewall service of the virtual machine system itself, such as the iptables service of the linux system. For virtual network network traffic control firewall solutions, it can be divided into two types: virtual machine switch-based configuration access control list control strategy and virtual machine firewall software running in virtual machines. [0003] Chinese patent application 201410252561.0 discloses a distributed virtual firewall device and method,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0263H04L63/0272H04L63/20
Inventor 陈来威张为杰邹理贤涂华奇
Owner 云宏信息科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap