Method for realizing cloud desktop supporting high-availability cloud port based on vyos network system

The Vyos network system enables a method for high-availability cloud ports for cloud desktops, solving the problem of interoperability between cloud network devices and remote data center devices, providing high-security and high-performance network connections, and supporting high-bandwidth hybrid cloud deployments.

CN116800560BActive Publication Date: 2026-06-19INSPUR SOFTWARE TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
INSPUR SOFTWARE TECH CO LTD
Filing Date
2023-06-19
Publication Date
2026-06-19

Smart Images

  • Figure CN116800560B_ABST
    Figure CN116800560B_ABST
Patent Text Reader

Abstract

This invention relates to the field of network virtualization technology, specifically a method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system. The method includes the following steps: high-availability leased line gateway virtual machine instance management; leased line gateway internal and external interface and VPN isolation management; leased line gateway publish / revoke route management. The beneficial effects are: the method proposed in this invention for implementing high-availability cloud ports for cloud desktops based on the Vyos network system communicates between cloud VPCs and remote devices through a dedicated private channel, ensuring network isolation and high security. The cloud leased line service utilizes a dedicated network link for data transmission, resulting in high network performance, low latency, and a maximum bandwidth support of 25Gbps per line, providing high-quality network services. Through the cloud leased line, users' local data centers can be interconnected with cloud resources, forming a flexible and scalable hybrid cloud deployment.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network virtualization technology, specifically a method for implementing cloud desktop support for highly available cloud ports based on the Vyos network system. Background Technology

[0002] Cloud private lines are used to build a high-speed, low-latency, stable and secure dedicated connection channel between a user's local data center and the cloud VPC, allowing users to fully utilize the advantages of cloud services while continuing to use their existing IT infrastructure.

[0003] Among existing technologies, cloud private line services offer several advantages: Security is paramount; accessing a VPC via a cloud private line allows for communication through a dedicated, private channel, ensuring network isolation and high security. Low latency is another advantage, with data transmission over a dedicated network resulting in high network performance and low latency. High bandwidth is supported, with a single cloud private line supporting up to 25Gbps bandwidth, meeting various bandwidth requirements. Seamless resource expansion is also possible, as cloud private lines interconnect on-premises data centers with cloud resources, creating a flexible and scalable hybrid cloud deployment.

[0004] However, when users connect to the cloud platform via physical connections, it is difficult for network devices within the cloud to communicate with devices in the remote data center. The complete path of the cloud private line is difficult to achieve Layer 3 routing forwarding through BGP dynamic routing learning within the cloud, and it is also difficult to achieve MPLS label forwarding between PE devices through BGP VPN4. Summary of the Invention

[0005] The purpose of this invention is to provide a method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system, so as to solve the problems mentioned in the background art.

[0006] To achieve the above objectives, the present invention provides the following technical solution: a method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system, the method comprising the following steps:

[0007] High-availability leased line gateway virtual machine instance management;

[0008] Dedicated line gateway internal and external interfaces and VPN isolation management;

[0009] The dedicated line gateway publishes and cancels route management.

[0010] Preferably, the management of virtual machine instances for highly available leased line gateways includes the following operations:

[0011] The HAZ scheme is used to achieve resource isolation between network nodes and computing nodes, as well as to achieve anti-affinity scheduling of network master and slave nodes;

[0012] Create two host aggregation groups, "network" and "server," and set different aggregation groups for the virtual machine flavors of the network node and the compute node, respectively.

[0013] Create a dedicated line gateway management network. The management network needs to be connected to the host machine's control plane via an OVS bridge to call the Vyps system API.

[0014] Create a dedicated line gateway Vyos system image and perform initial configuration on the Vyos system.

[0015] Preferably, the management of virtual machine instances for highly available leased line gateways also includes the following operations:

[0016] Call the OpenStack interface to create Vyos leased gateway virtual machine instances for the network master and slave nodes respectively. When creating master and slave virtual machine instances, you need to specify anti-affinity host group rules, availability domain, flavor with network host aggregation group information, Vyos system image, and leased gateway management network.

[0017] Preferably, the management of internal and external interfaces and VPN isolation of the leased gateway includes the following operations:

[0018] Call the Vyos system API interface to create VPN instances for the master and slave dedicated gateways, and add internal ports for communication with the user's VPC router to the master and slave dedicated gateway instances respectively;

[0019] Call the Vyos system API interface to add the internal network card to the VPN instance, and configure the internal network card's IPv4 and IPv6 dual-stack address, subnet mask, and MTU.

[0020] Configure the VRRP protocol within the VPN instance to negotiate a VIP between the master and slave nodes. The VIP address serves as the next hop in the user's VPNrouter to the destination network segment of the leased line, ensuring high availability.

[0021] Preferably, the internal and external interfaces of the leased gateway and the VPN isolation management also include the following operations:

[0022] Create an external network for the leased line gateway based on the BGP interconnection network VLAN and network segment information allocated to the user's leased line, and add external ports to the master and slave leased line gateway instances.

[0023] Call the Vyos system API interface to add the external network interface to the VPN instance, and configure the external network interface address, subnet mask, and MTU.

[0024] Configure the BGP protocol within the VPN instance to configure the local AS number, local address, neighbor AS number, and neighbor address for the dedicated gateway.

[0025] Preferably, the leased line gateway's publish / cancel route management includes the following specific operations:

[0026] Call the Vyos system API interface to configure and publish BGP routes within the master / slave dedicated VPN instance using the BGP protocol, and learn remote routes;

[0027] Add static routes within the VPN instance, obtain the interconnection address of the user's VPC router as the next-hop address, and use the static routes as return routes for leased line interconnection, thereby establishing a Layer 3 routing path.

[0028] Preferably, the leased line gateway achieves the isolation of the leased line network by dividing internal and external ports through VPN instances, and configures the BGP protocol within the VPN instance to establish BGP neighbors with the hardware switch; the leased line gateway publishes or revokes BGP routes and configures static routes within the VPN instance to build a complete Layer 3 path for the leased line network.

[0029] Preferably, the solution of using haz to add aggregation groups to flavors is used to achieve scheduling and high availability of dedicated line gateways at network nodes;

[0030] Based on the VRRP protocol, a VIP is added to the internal port to achieve high availability of the next hop in the network. Based on the BGP protocol, the primary and backup virtual machines establish BGP neighbors with the external switch, and the BGP neighbor dual-active ensures reliability.

[0031] Compared with the prior art, the beneficial effects of the present invention are:

[0032] This invention proposes a method for supporting highly available cloud ports on cloud desktops based on the Vyos network system. It establishes a dedicated, private channel for communication between cloud VPCs and remote devices, ensuring network isolation and high security. The cloud dedicated line service utilizes a dedicated network link for data transmission, resulting in high network performance, low latency, and a maximum bandwidth support of 25Gbps per line, providing high-quality network services. Through the cloud dedicated line, users' local data centers can be interconnected with cloud resources, forming a flexible and scalable hybrid cloud deployment. Attached Figure Description

[0033] Figure 1 This is a flowchart of the method of the present invention. Detailed Implementation

[0034] To make the objectives, technical solutions, and advantages of the present invention clear and complete, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only some, not all, embodiments of the present invention, and are merely illustrative of the embodiments of the present invention. They are not intended to limit the embodiments of the present invention. All other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0035] Example 1

[0036] This invention provides a technical solution: a method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system, the method comprising the following steps:

[0037] High-availability leased gateway virtual machine instance management includes the following operations: implementing resource isolation between network nodes and compute nodes using the HAZ scheme, and implementing anti-affinity scheduling for network master and slave nodes; creating two host aggregation groups, "network" and "server," and setting different aggregation groups for the virtual machine flavors of network nodes and compute nodes respectively; creating a leased gateway management network, which needs to be connected to the host control plane through an OVS bridge for calling the Vyps system API; creating a leased gateway Vyos system image and performing initial configuration of the Vyos system; calling the OpenStack interface to create Vyos leased gateway virtual machine instances for network master and slave nodes respectively; when creating master and slave virtual machine instances, it is necessary to specify the anti-affinity host group rules, availability domain, flavor with network host aggregation group information, Vyos system image, and leased gateway management network.

[0038] The management of internal and external interfaces and VPN isolation for leased gateways includes the following operations: Creating VPN instances for master and slave leased gateways using the Vyos system API, adding internal ports for communication with the user's VPC router to both master and slave gateway instances; adding internal network cards (NICs) to the VPN instances using the Vyos system API, configuring IPv4 and IPv6 dual-stack addresses, subnet masks, and MTUs for the NICs; configuring the VRRP protocol within the VPN instance to negotiate VIPs between master and slave nodes, with the VIP address serving as the next hop in the user's VPC router to the leased destination network segment, ensuring high availability; creating the external network for the leased gateway based on the BGP interconnection VLAN and network segment information allocated to the user's leased line, adding external ports to the master and slave gateway instances; adding external NICs to the VPN instances using the Vyos system API, configuring external NIC addresses, subnet masks, and MTUs; configuring the BGP protocol within the VPN instance to configure the local AS number, local address, neighbor AS number, and neighbor address for the leased gateway.

[0039] The management of route publication and revocation for leased gateways includes the following specific operations: Calling the Vyos system API interface to configure and publish BGP routes within the master and slave leased gateway VPN instances using the BGP protocol, and learning remote routes; adding static routes within the VPN instance, obtaining the interconnection address of the user's VPC router as the next-hop address, and using the static route as the return route for leased line interconnection, thereby establishing a Layer 3 routing path; the leased gateway achieves isolation of the leased network by dividing internal and external ports through the VPN instance, and configures the BGP protocol within the VPN instance to establish BGP neighbors with hardware switches; publishing or revoking BGP routes and configuring static routes within the leased gateway VPN instance to construct a complete Layer 3 path for the leased network; using HAZ to add aggregation groups for flavors to achieve scheduling and high availability of the leased gateway at network nodes; adding VIPs to internal ports based on the VRRP protocol to achieve high availability of the network next hop, and establishing BGP neighbors between the master and slave virtual machines and external switches based on the BGP protocol, with active-active BGP neighbors ensuring reliability.

[0040] Example 2

[0041] Based on Example 1, refer to Appendix Figure 1As shown, by building the topology according to the example addresses above and configuring the following settings, you can simulate and test the connection of the leased line service. Network devices on the user's cloud VPC at 192.168.0.0 / 24 can access network devices on the remote data center at 172.16.0.0 / 16. All network devices within the cloud use Layer 3 routing; static routes exist between the cloud VPC router and the leased line gateway, while BGP-learned routes exist between the leased line gateway and the cloud PE. MPLS label forwarding is used between the cloud PE and the remote PE. The configurations for each network device are as follows:

[0042] 1) VPC router

[0043] Static route: Destination network segment is remote 172.16.0.0 / 16, next-hop address is 169.254.0.1

[0044] 2) Leased line gateway:

[0045] VPN instance: Create VPN instance VPN1, add port 169.254.0.1 to VPN1, and add the external port to VPN1.

[0046] BGP VPN Instance: Create BGP VPN instance VPN1, configure external neighbor addresses, and advertise BGP routes to 192.168.0.0 / 24.

[0047] Static route: Destination network segment is local 192.168.0.0 / 24, next hop address is 168.254.0.2

[0048] 3) Cloud-based PE:

[0049] VPN instance: Create VPN instance VPN1 and add the port to VPN1.

[0050] bgp VPN-instance: Create bgp VPN-instance VPN1 and configure internal neighbor addresses. bgp VPNv4: Create bgp VPNv4, configure remote data center neighbor addresses, and import the bgp routes from VPN1.

[0051] mpls: Enables configuration related to mpls tag assignment.

[0052] Example 3

[0053] Based on Example 1, a virtual machine instance based on the Vyos network system is proposed as a leased line gateway. The leased line gateway achieves the isolation of the leased line network by dividing internal and external ports through the VPN instance, and configures the BGP protocol within the VPN instance to establish BGP neighbors with the hardware switch. The leased line gateway publishes or revokes BGP routes and configures static routes within the VPN instance to build a complete Layer 3 path for the leased line network.

[0054] The key feature of high-availability leased line gateway lifecycle management is the use of the Vyos network system as the virtual machine image for the leased line gateway to provide network services. A scheme using HAZ to add aggregation groups to flavors enables the scheduling and high availability of the leased line gateway on network nodes.

[0055] The features of high-availability leased line gateway port and VPN isolation management include: using the Vyos network system to create VPN instances to achieve port isolation; adding VIPs to internal ports based on the VRRP protocol to achieve high availability of the next hop in the network; and establishing BGP neighbors between primary and backup virtual machines and external switches based on the BGP protocol, with active-active BGP neighbors ensuring reliability.

[0056] The characteristic of remote route advertisement and revocation management is that, within the VPN instance of the Vyos network system, user VPC routes are advertised to remote endpoints via the BGP protocol, and remote routes are learned. Return routes to the VPC router are added to the static routing protocol within the VPN instance, thus achieving a complete routing path.

[0057] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.

Claims

1. A method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system, characterized in that: The method includes the following steps: High-availability leased line gateway virtual machine instance management; Dedicated line gateway internal and external interfaces and VPN isolation management; Leased line gateway publishes and cancels route management; High-availability leased line gateway virtual machine instance management includes the following operations: The HAZ scheme is used to achieve resource isolation between network nodes and computing nodes, as well as to achieve anti-affinity scheduling of network master and slave nodes; Create two host aggregation groups, "network" and "server," and set different aggregation groups for the virtual machine flavors of the network node and the compute node, respectively. Create a dedicated line gateway management network. The management network needs to be connected to the host machine's control plane via an OVS bridge to call the Vyos system API. Create a dedicated line gateway Vyos system image and perform initial configuration of the Vyos system; High-availability leased line gateway virtual machine instance management also includes the following operations: Call the OpenStack interface to create Vyos leased gateway virtual machine instances for the network master and slave nodes respectively. When creating the master and slave virtual machine instances, you need to specify the anti-affinity host group rules, availability domain, flavor with network host aggregation group information, Vyos system image, and leased gateway management network. The management of internal and external interfaces and VPN isolation for leased gateways includes the following operations: Call the Vyos system API interface to create VPN instances for the master and slave dedicated gateways, and add internal ports for communication with the user's VPC router to the master and slave dedicated gateway instances respectively; Call the Vyos system API interface to add the internal network interface to the VPN instance, and configure the internal network interface with dual-stack IPv4 and IPv6 address, subnet mask, and MTU. Configure the VRRP protocol within the VPN instance to negotiate a VIP between the master and slave nodes. The VIP address serves as the next hop in the user's VPC router to the destination network segment of the leased line, ensuring high availability. The specific operations for publishing and revoking route management on a leased line gateway include the following: Call the Vyos system API interface to configure and publish BGP routes within the master / slave dedicated VPN instance using the BGP protocol, and learn remote routes; Add static routes within the VPN instance, obtain the interconnection address of the user's VPC router as the next-hop address, and use the static routes as return routes for leased line interconnection, thereby establishing a Layer 3 routing path.

2. The method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system according to claim 1, characterized in that: The management of internal and external interfaces of the leased gateway and VPN isolation also includes the following operations: Create an external network for the leased line gateway based on the BGP interconnection network VLAN and network segment information allocated to the user's leased line, and add external ports to the master and slave leased line gateway instances. Call the Vyos system API interface to add the external network interface to the VPN instance, and configure the external network interface address, subnet mask, and MTU. Configure the BGP protocol within the VPN instance to configure the local AS number, local address, neighbor AS number, and neighbor address for the dedicated gateway.

3. The method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system according to claim 1, characterized in that: The leased line gateway achieves the isolation of the leased line network by dividing internal and external ports through VPN instances, and establishes BGP neighbors with hardware switches by configuring the BGP protocol within the VPN instance; the leased line gateway VPN instance publishes or revokes BGP routes and configures static routes to build a complete Layer 3 path for the leased line network.

4. The method for implementing high-availability cloud ports for cloud desktops based on the Vyos network system according to claim 1, characterized in that: The solution of using haz to add aggregation groups to flavors enables dedicated line gateways to be scheduled and highly available in network nodes. Based on the VRRP protocol, a VIP is added to the internal port to achieve high availability of the next hop in the network. Based on the BGP protocol, the primary and backup virtual machines establish BGP neighbors with the external switch, and the BGP neighbor dual-active ensures reliability.