Method, system, storage medium and electronic device for intercepting specified traffic in openstack

A technology for specifying traffic and traffic, applied in the direction of transmission systems, digital transmission systems, electrical components, etc., can solve problems such as incorrect mac addresses of firewalls and unsupported setting of router ports as initial ports, and achieve the effect of avoiding broadcast storms

Active Publication Date: 2022-04-12
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The technical task of the present invention is to provide a method, system, storage medium and electronic equipment for intercepting specified traffic in Openstack to solve the problem that the source SFC module does not support setting the router port as the initial port and the message sent by the firewall in the transparent state Its mac address is incorrect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system, storage medium and electronic device for intercepting specified traffic in openstack
  • Method, system, storage medium and electronic device for intercepting specified traffic in openstack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0060] The method for intercepting specified traffic in Openstack of the present invention, this method is to use strategy routing to coordinate SFC module, and adds virtual machine to carry out diversion policy transition, realizes using transparent firewall in openstack environment to carry out traffic from external network or any subnet protection; details are as follows:

[0061] S1. Create a separate network segment for the security device in openstack;

[0062] S2. Deploy the transparent firewall to the designated subnet;

[0063] S3. Add the SFC-start virtual machine to receive the guiding traffic of policy routing;

[0064] S4. Add the SFC-end virtual machine to receive the traffic of the end node of the service chain;

[0065] S5. Configure policy routing;

[0066] S6, setting the shunt;

[0067] S7. Use the SFC module to deliver the portchain flow table.

Embodiment 2

[0069] Take adding SFCportchain as an example, the specific steps are as follows:

[0070] (1) Create three subnets neta, netb, and netc in openstack, and create qrouter and qr1, and connect neta and netc to qr1;

[0071] (2) Deploy the transparent firewall in the openstack environment, configure the incoming port on the subnet neta, configure the outgoing port on the subnet netb, and enable ip forwarding or switch mode;

[0072] (3) Configure the available address pair on the egress port of the firewall: [0.0.0.0 / 0] / SFC-start-portb-address; that is, the address pair 0.0.0.0 / 0 is used as the mac address of SFC-start-portb;

[0073] (4) Create a virtual machine SFC-start, connect the virtual machine SFC-start to the subnet neta, assign two ports porta and portb to the virtual machine SFC-start; enable ipv4 forwarding at the same time, adjust the routing table to make it default The message is sent by the port portb;

[0074] (5), the virtual machine SFC-start enables the ipv4...

Embodiment 3

[0087] as attached figure 1 As shown, the system for intercepting specified traffic in Openstack of the present invention is characterized in that the system includes,

[0088] The virtual router is used to realize the policy routing function by configuring the iptables in the namespace; the virtual router exists in the network nodes of openstack, which appears as a qrouter in the openstack environment, but is actually a single namespace of the lunix kernel, and its core components are ports and routing tables;

[0089] The SFC-start virtual machine is used to receive the guiding flow of the policy routing, and its exit is used as the initial port of the ServiceFunctionChain; the SFC-start virtual machine is a virtual machine located in the same subnet as the entrance of the firewall, and the operating system is not limited. The present invention Use centos7;

[0090] The SFC-end virtual machine is used as the last hop of the ServiceFunctionChain to receive the traffic from ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method, system, storage medium and electronic equipment for intercepting specified traffic in Openstack, and belongs to the field of cloud computing and computer network. The technical problem to be solved by the invention is that the source SFC module does not support setting the router port as the starting point The mac address of the message sent by the port and the firewall in the transparent state is incorrect. The technical solution adopted is: the method is as follows: create a separate network segment for the security device in openstack; deploy the transparent firewall to the designated subnet; Add SFC-start virtual machine to receive the guided traffic of policy routing; add SFC-end virtual machine to receive the traffic of the end node of the service chain; configure policy routing; set splitter; use SFC module to deliver portchain flow table . The system includes virtual router, SFC‑start virtual machine, SFC‑end virtual machine, transparent firewall and openswitch bridge.

Description

technical field [0001] The invention relates to the fields of cloud computing and computer networks, in particular to a method, system, storage medium and electronic equipment for intercepting specified traffic in Openstack. Background technique [0002] In the network, a user's request may need to go through or use different network functions. Generally, the order of the network functions that the request needs to go through is also specific. This path is formed by the different network functions that the traffic passes through. It is called a service function chain (Service Function Chain, SFC). In other words, a service function chain is a serial chain formed by combining different network service functions in a specific order. The combination order of the chain is generally determined by a specific User requests to decide. In traditional networks, the deployment of service function chains is generally achieved through enhanced gateways or static service function chains....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/10H04L45/00G06F9/455
CPCH04L63/306H04L63/20H04L67/10H04L45/38G06F9/45558G06F2009/45562G06F2009/45595
Inventor 朱小彧胡章丰李彦君
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap