Virtualization platform east-west direction flow isolation protection method

A virtualization platform and traffic technology, which is applied in the field of security protection of east-west traffic between virtual machines inside the virtualization platform, can solve the problem that the network security system cannot adapt to the requirements of network virtualization security prevention and control, and it is difficult to realize cloud host traffic protection. and other problems, to achieve the effect of solving the uncontrollable east-west traffic flow, realizing flexible control, and solving security protection.

Inactive Publication Date: 2019-01-11
北京安数云信息技术有限公司
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the development of computer network virtualization, traditional network security systems cannot meet the security prevention and control requirements of network virtualization
Since the cloud platforms are all closed, the security issues in the cloud system are particularly important. Since the communication between the virtual machines on the same network segment in the same host cannot reach the host, it is difficult for the traditional network security system to realize the east-west direction of the cloud host. traffic protection
With the development of cloud computing, traditional network security protection solutions and existing cloud security solutions are more about solving north-south security protection issues, and rarely involve the isolation and protection of east-west traffic.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtualization platform east-west direction flow isolation protection method
  • Virtualization platform east-west direction flow isolation protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention will be further described below in conjunction with accompanying drawing.

[0018] attached figure 1 It is a flowchart of a virtualization platform east-west traffic isolation protection method of the present invention, and refer to the attached figure 2 . When the communication between virtual machines under the cloud platform needs to be protected, take the communication between vm1 and vm2 as an example, and specifically include the following steps:

[0019] 1. Create a Trunk All network portGroup under the cloud platform, and use this portgroup to create a diversion plug-in virtual machine. Since the network interface of the diversion virtual machine is Trunk All, the network traffic of other virtual machines under the cloud platform will pass through the diversion virtual machine;

[0020] 2. When the communication between the virtual machines vm1 and vm2 needs to be protected, create an independent vlan under a distributed switch and assi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a virtualization platform east-west direction flow isolation protection method. In order to guarantee the flow safety between virtual machines in a cloud platform, the method employs SDN and VXLAN technologies to guide the flow of the cloud platform virtual machines requiring being protected to the outer portion of a server, the flow passes through safety protectionproducts such as FW, IPS and IDS to perform flow protection and then be returned to the other cloud platform virtual machine in the cloud platform so as to achieve isolation protection of the east-west direction flow. A stream guidance plug-in virtual machine and an independent vxlan tunnel are led to solve the problem that the east-west direction flow between the virtual machines in a traditionalcloud environment cannot be controlled and the problem of the safety protection, and therefore the virtualization platform east-west direction flow isolation protection method can be applied to a current mainstream cloud platform.

Description

technical field [0001] The invention relates to the field of network security of a virtualization platform, in particular to a safety protection method for east-west traffic between virtual machines inside a virtualization platform. Background technique [0002] With the development of computer network virtualization, traditional network security systems cannot meet the security prevention and control requirements of network virtualization. Since the cloud platforms are all closed, the security issues in the cloud system are particularly important. Since the communication between the virtual machines on the same network segment in the same host cannot reach the host, it is difficult for the traditional network security system to realize the east-west orientation of the cloud host. traffic protection. With the development of cloud computing, traditional network security protection solutions and existing cloud security solutions are more concerned with north-south security pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/46H04L29/08
CPCH04L12/4633H04L12/4641H04L63/0272H04L63/20H04L67/565
Inventor 吴雷杜永峰
Owner 北京安数云信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap