CN115277349A

Movatterモバイル変換

Info

Publication number: CN115277349A
Application number: CN202210840206.XA
Authority: CN
Inventors: 柯少杰; 户才来; 邓浩阳; 蒋文维; 卢志祥
Original assignee: China Telecom Cloud Technology Co Ltd
Current assignee: China Telecom Cloud Technology Co Ltd
Priority date: 2022-07-18
Filing date: 2022-07-18
Publication date: 2022-11-01
Anticipated expiration: 2042-07-18
Also published as: CN115277349B

Abstract

Translated fromChinese

本发明实施例涉及一种配置分布式网关的方法、开放虚拟网络及存储介质，用于解决开放虚拟网络南北向性能瓶颈和单点故障的问题。该配置分布式网关的方法包括：向每个开放虚拟网络节点发送流表规则，在所述开放虚拟网络节点上新增分布式网关；将所述开放虚拟网络节点上的南北向流量和跨集群流量引入至所述开放虚拟网络节点上的分布式网关，通过所述分布式网关进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点。

The embodiments of the present invention relate to a method for configuring a distributed gateway, an open virtual network and a storage medium, which are used to solve the problems of north-south performance bottleneck and single point of failure of the open virtual network. The method for configuring a distributed gateway includes: sending flow table rules to each open virtual network node, adding a distributed gateway on the open virtual network node; The traffic is introduced to the distributed gateway on the open virtual network node, and traffic is forwarded through the distributed gateway, so that the open virtual network node can access external network nodes and cross-cluster network nodes.

Description

Translated fromChinese

一种配置分布式网关的方法、开放虚拟网络及存储介质A method for configuring a distributed gateway, an open virtual network, and a storage medium

技术领域technical field

本发明涉及网络技术领域，特别涉及一种配置分布式网关的方法、开放虚拟网络及存储介质。The invention relates to the field of network technology, in particular to a method for configuring a distributed gateway, an open virtual network and a storage medium.

背景技术Background technique

开放虚拟网络(Open Virtual Network，OVN)是一款软件定义网络(SoftwareDefined Network，SDN)控制器，支持开放虚拟化软件交换机(Open vSwitch，OVS)网络架构，能够提供网络配置方案，实现逻辑网络和物理网络的连通。Open Virtual Network (OVN) is a software-defined network (Software Defined Network, SDN) controller that supports the Open Virtualization Software Switch (Open vSwitch, OVS) network architecture, and can provide network configuration solutions to realize logical network and Connectivity of the physical network.

但是，OVN网络只能提供集中式网关，为OVN网络中的虚拟机和容器提供访问功能，当OVN网络中的南北向流量较大时，由于集中式网关作用域为整个集群，集群中的南北向流量均需要由集中式网关进行转发，此时集中式网关容易带来性能瓶颈。并且由于集中式网关具有单点故障的问题，一旦故障将会影响整个集群。However, the OVN network can only provide a centralized gateway to provide access functions for virtual machines and containers in the OVN network. When the north-south traffic in the OVN network is large, since the scope of the centralized gateway is the entire cluster, the north-south in the cluster All direction traffic needs to be forwarded by the centralized gateway. At this time, the centralized gateway is likely to cause performance bottlenecks. And because the centralized gateway has a single point of failure, once it fails, it will affect the entire cluster.

鉴于此，如何解决OVN南北向性能瓶颈和单点故障的问题，成为了亟待解决的技术问题。In view of this, how to solve the problems of OVN north-south performance bottleneck and single point of failure has become an urgent technical problem to be solved.

发明内容Contents of the invention

本发明实施例提供了一种配置分布式网关的方法、开放虚拟网络及存储介质，用于解决开放虚拟网络南北向性能瓶颈和单点故障的问题。The embodiment of the present invention provides a method for configuring a distributed gateway, an open virtual network and a storage medium, which are used to solve the problems of north-south performance bottlenecks and single point failures of the open virtual network.

本申请第一方面提供了一种配置分布式网关的方法，该方法应用于开放虚拟网络中的软件定义网络控制器上，在所述开放虚拟网络中设置多个开放虚拟网络节点，所述软件定义网络控制器能够连接到所有的开放虚拟网络节点上，开放虚拟网络中，包括：The first aspect of the present application provides a method for configuring a distributed gateway. The method is applied to a software-defined network controller in an open virtual network. Multiple open virtual network nodes are set in the open virtual network. The software Define that the network controller can be connected to all open virtual network nodes, in the open virtual network, including:

向每个开放虚拟网络节点发送流表规则，在所述开放虚拟网络节点上新增分布式网关；Send flow table rules to each open virtual network node, and add a distributed gateway on the open virtual network node;

将所述开放虚拟网络节点上的南北向流量和跨集群流量引入至所述开放虚拟网络节点上的分布式网关，通过所述分布式网关进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点。Introduce the north-south traffic and cross-cluster traffic on the open virtual network node to the distributed gateway on the open virtual network node, and perform traffic forwarding through the distributed gateway, so that the open virtual network node accesses the external network nodes and cross-cluster network nodes.

可选的，在所述开放虚拟网络节点上新增分布式网关，包括：Optionally, a new distributed gateway is added on the open virtual network node, including:

在每个开放虚拟网络节点上建立软件定义网络网桥，并从所述流表规则中获取所述软件定义网络网桥的转发规则；Establishing a software-defined network bridge on each open virtual network node, and obtaining the forwarding rules of the software-defined network bridge from the flow table rules;

根据所述转发规则转发所述软件定义网络网桥中的流量，使所述软件定义网络网桥实现网关的网络互联功能。The traffic in the software-defined network bridge is forwarded according to the forwarding rule, so that the software-defined network bridge realizes the network interconnection function of the gateway.

可选的，将所述开放虚拟网络节点上的南北向流量和跨集群流量引入至所述开放虚拟网络节点上的分布式网关，通过所述分布式网关进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点，包括：Optionally, the north-south traffic and cross-cluster traffic on the open virtual network node are introduced to the distributed gateway on the open virtual network node, and traffic forwarding is performed through the distributed gateway, so that the open virtual network Nodes access external network nodes and cross-cluster network nodes, including:

将所述开放虚拟网络节点上的南北向流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述外部网络节点；Introducing the north-south traffic on the open virtual network node to the distributed gateway for traffic forwarding, so that the open virtual network node accesses the external network node;

将所述开放虚拟网络节点上的跨集群流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述跨集群网络节点。The cross-cluster traffic on the open virtual network node is introduced to the distributed gateway for traffic forwarding, so that the open virtual network node accesses the cross-cluster network node.

可选的，将所述开放虚拟网络节点上的南北向流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述外部网络节点，包括：Optionally, introducing the north-south traffic on the open virtual network node to the distributed gateway for traffic forwarding, so that the open virtual network node accesses the external network node, including:

在所述流表规则中获取网络地址转换规则，为所述分布式网关绑定浮动IP地址；Obtain a network address translation rule in the flow table rule, and bind a floating IP address for the distributed gateway;

通过所述分布式网关控制所述开放虚拟网络节点上的空闲逻辑网卡，根据所述网络地址转换规则和所述浮动IP地址转发所述开放虚拟网络节点上的南北向流量，使所述开放虚拟网络节点访问外部网络节点。The idle logical network card on the open virtual network node is controlled by the distributed gateway, and the north-south traffic on the open virtual network node is forwarded according to the network address translation rule and the floating IP address, so that the open virtual network node Network nodes access external network nodes.

可选的，根据所述网络地址转换规则和所述浮动IP地址转发所述开放虚拟网络节点上的南北向流量，包括：Optionally, forwarding the north-south traffic on the open virtual network node according to the network address translation rule and the floating IP address includes:

在所述开放虚拟网络节点上创建虚拟网线，所述虚拟网线连接所述开放虚拟网络节点和所述开放虚拟网络节点上的分布式网关，绑定所述开放虚拟网络节点的逻辑网卡和所述分布式网关上的虚拟网卡；Create a virtual network cable on the open virtual network node, the virtual network cable connects the open virtual network node and the distributed gateway on the open virtual network node, binds the logical network card of the open virtual network node and the Virtual network card on the distributed gateway;

根据所述网络地址转换规则，使用所述虚拟网卡根据所述浮动IP地址转发所述逻辑网卡上的南北向流量，使所述逻辑网卡上的南北向流量通过所述虚拟网卡转发至外部网络节点处。According to the network address translation rule, using the virtual network card to forward the north-south traffic on the logical network card according to the floating IP address, so that the north-south traffic on the logical network card is forwarded to an external network node through the virtual network card place.

可选的，将所述开放虚拟网络节点上的跨集群流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述跨集群网络节点，包括：Optionally, introducing the cross-cluster traffic on the open virtual network node to the distributed gateway for traffic forwarding, so that the open virtual network node accesses the cross-cluster network node, including:

根据所述网络地址转换规则，获取跨集群流量转发规则；Obtain cross-cluster traffic forwarding rules according to the network address translation rules;

为所述开放虚拟网络节点配置路由，根据所述跨集群流量转发规则转发跨集群流量，访问跨集群网络节点。Configuring routes for the open virtual network nodes, forwarding cross-cluster traffic according to the cross-cluster traffic forwarding rules, and accessing cross-cluster network nodes.

可选的，根据所述网络地址转换规则，获取跨集群流量转发规则，包括：Optionally, obtain cross-cluster traffic forwarding rules according to the network address translation rules, including:

从跨集群网络中获取跨集群网络的网络信息，根据所述网络信息生成跨集群转发逻辑；Obtain network information of the cross-cluster network from the cross-cluster network, and generate cross-cluster forwarding logic according to the network information;

将所述网络信息和所述跨集群转发逻辑下发至所述开放虚拟网络节点上的分布式网关处，让所述开放虚拟网络节点上的分布式网关根据所述网络信息和所述跨集群转发逻辑，生成跨集群流量转发规则。Send the network information and the cross-cluster forwarding logic to the distributed gateway on the open virtual network node, and let the distributed gateway on the open virtual network node according to the network information and the cross-cluster Forwarding logic to generate cross-cluster traffic forwarding rules.

第二方面，本申请提供一种开放虚拟网络，包括：In a second aspect, the present application provides an open virtual network, including:

软件定义网络控制器，用于向所述开放虚拟网络中的每个开放虚拟网络节点发送流表规则；A software-defined network controller, configured to send flow table rules to each open virtual network node in the open virtual network;

开放虚拟网络节点，所述开放虚拟网络节点上设置有分布式网关，所述分布式网关根据所述流表规则对所述开放虚拟网络节点上的南北向流量和跨集群流量进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点。An open virtual network node, the open virtual network node is provided with a distributed gateway, and the distributed gateway performs traffic forwarding on the north-south traffic and cross-cluster traffic on the open virtual network node according to the flow table rules, so that The open virtual network nodes access external network nodes and cross-cluster network nodes.

可选的，所述软件定义网络控制器用于：Optionally, the software-defined network controller is used for:

可选的，所述开放虚拟网络节点用于：Optionally, the open virtual network node is used for:

第三方面，本申请提供一种配置分布式网关的装置，包括：In a third aspect, the present application provides a device for configuring a distributed gateway, including:

至少一个处理器，以及at least one processor, and

与所述至少一个处理器连接的存储器；a memory connected to the at least one processor;

其中，所述存储器存储有可被所述至少一个处理器执行的指令，所述至少一个处理器通过执行所述存储器存储的指令执行如第一方面中任一项所述的方法。Wherein, the memory stores instructions executable by the at least one processor, and the at least one processor executes the method according to any one of the first aspect by executing the instructions stored in the memory.

第四方面，本申请实施例提供一种计算机可读存储介质，其上存储有计算机程序，所述计算机程序被处理器执行时实现如第一方面中任一项所述的方法的步骤。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the method described in any one of the first aspect are implemented.

本申请实施例中的技术方案具有以下有益效果：软件定义网络控制器向每个开放虚拟网络节点发送流表规则，在开放虚拟网络节点上新增分布式网关；将开放虚拟网络节点上的南北向流量和跨集群流量引入至开放虚拟网络节点上的分布式网关，通过分布式网关进行流量转发，使开放虚拟网络节点访问外部网络节点和跨集群网络节点，从而将原本由集中式网关转发的流量分散到各个开放虚拟网络节点的分布式网关上，开放虚拟网络内的开放虚拟网络节点能够直接从分布式网关访问外部网络节点，无需集中式网关转发，避免了性能瓶颈的问题，同时由于每个开放虚拟网络节点上均设置有分布式网关，因此也避免了单点故障的问题，当一个开放虚拟网络节点上的分布式网关发生故障时，不会影响到其他开放虚拟网络节点。The technical solution in the embodiment of the present application has the following beneficial effects: the software-defined network controller sends flow table rules to each open virtual network node, and a new distributed gateway is added on the open virtual network node; the north-south network on the open virtual network node Direct traffic and cross-cluster traffic are introduced to the distributed gateway on the open virtual network node, and traffic is forwarded through the distributed gateway, so that the open virtual network node can access external network nodes and cross-cluster network nodes, so that the traffic originally forwarded by the centralized gateway The traffic is distributed to the distributed gateways of each open virtual network node. The open virtual network nodes in the open virtual network can directly access the external network nodes from the distributed gateway without centralized gateway forwarding, which avoids the problem of performance bottlenecks. Each open virtual network node is equipped with a distributed gateway, so the problem of single point of failure is also avoided. When a distributed gateway on one open virtual network node fails, it will not affect other open virtual network nodes.

附图说明Description of drawings

图1是本申请实施例提供的一种配置分布式网关的方法的流程图；Fig. 1 is a flow chart of a method for configuring a distributed gateway provided in an embodiment of the present application;

图2是本申请实施例提供的一种OVN网络的结构示意图；Fig. 2 is a schematic structural diagram of an OVN network provided by an embodiment of the present application;

图3是本申请实施例提供的一种OVN节点的结构示意图；FIG. 3 is a schematic structural diagram of an OVN node provided by an embodiment of the present application;

图4是本申请实施例提供的另一种OVN网络的结构示意图。FIG. 4 is a schematic structural diagram of another OVN network provided by an embodiment of the present application.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白，下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行清楚、完整地描述。In order to make the purpose, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application.

现有技术中，OVN提供丰富的L2/L3层网络、security Group、网络地址转换(Network Address Translation，NAT)等功能，通过OVN，用户可完成集群网络虚拟化编排和流量控制，提供多种隧道封装技术。为实现与物理网络互联，OVN支持采用硬件TOR交换机和软件逻辑交换机来实现逻辑网络与物理网络打通。OVN只能提供集中式网关为OVN网络下的虚拟机、容器提供外网访问功能，而集中式网关存在天然缺陷，如集中式网关作用域为整个集群范围内，虚拟私有云(Virtual Private Cloud，VPC)下所有虚机、容器的南北向流量均需要由集中式网关转发，因此当VPC的虚机、容器南北向流量较大时，集中式网关将引发性能瓶颈。OVN的集中式网关支持多实例部署，VPC南北向流量通过等价多路径路由(EqualCost Multi-path，ECMP)选择逻辑网关转发，可实现集中式网关的高可用和负载均衡。但是基于ECMP的OVN多实例集中式网关只能支持ingress流量，而不支持egress流量，使得基于ECMP的OVN多实例集中式网关存在一定的限制，无法适用多样化的应用场景。因此OVN集中式网关存在单点故障问题，集中式网关的故障范围是整个集群。In the existing technology, OVN provides rich L2/L3 layer network, security group, network address translation (Network Address Translation, NAT) and other functions. Through OVN, users can complete cluster network virtualization orchestration and flow control, and provide a variety of tunnels packaging technology. In order to realize the interconnection with the physical network, OVN supports the use of hardware TOR switches and software logical switches to realize the connection between the logical network and the physical network. OVN can only provide a centralized gateway to provide access to the external network for virtual machines and containers under the OVN network. However, the centralized gateway has natural defects. For example, the scope of the centralized gateway is within the entire cluster, and the virtual private cloud (Virtual Private Cloud, The north-south traffic of all virtual machines and containers under the VPC needs to be forwarded by the centralized gateway. Therefore, when the north-south traffic of the virtual machines and containers of the VPC is large, the centralized gateway will cause performance bottlenecks. OVN's centralized gateway supports multi-instance deployment. VPC north-south traffic is forwarded through the logical gateway through Equal Cost Multi-path (ECMP), which can achieve high availability and load balancing of the centralized gateway. However, the ECMP-based OVN multi-instance centralized gateway can only support ingress traffic, not egress traffic, which makes the ECMP-based OVN multi-instance centralized gateway have certain limitations and cannot be applied to diverse application scenarios. Therefore, the OVN centralized gateway has a single point of failure problem, and the scope of failure of the centralized gateway is the entire cluster.

为此，本申请提供一种配置分布式网关的方法、OVN网络及可读存储介质，用于解决OVN南北向性能瓶颈和单点故障的问题，请参见图1，本方法应用于OVN网络中的SDN控制器上，在OVN网络中设置多个OVN节点，所述SDN控制器能够连接到所有的OVN节点上，其总体思路如下：To this end, this application provides a method for configuring distributed gateways, an OVN network, and a readable storage medium to solve the problems of OVN north-south performance bottlenecks and single points of failure. Please refer to Figure 1. This method is applied to OVN networks On the SDN controller, multiple OVN nodes are set in the OVN network, and the SDN controller can be connected to all OVN nodes. The general idea is as follows:

101、向每个OVN节点发送流表规则，在OVN节点上新增分布式网关；101. Send flow table rules to each OVN node, and add a distributed gateway on the OVN node;

102、将OVN节点上的南北向流量和跨集群流量引入至OVN节点上的分布式网关，通过分布式网关进行流量转发，使OVN节点访问外部网络节点和跨集群网络节点。102. Introduce the north-south traffic and cross-cluster traffic on the OVN node to the distributed gateway on the OVN node, and perform traffic forwarding through the distributed gateway, so that the OVN node can access external network nodes and cross-cluster network nodes.

在介绍上述方法之前，先介绍执行上述方法的OVN网络，请参见图2，图2为本申请实施例提供的一种OVN网络的结构示意图，所述OVN网络中包括SDN控制器21、OVN节点22、OVN节点23、OVN节点24和外部网络节点25。其中，OVN节点22和OVN节点23属于同一OVN网络，OVN节点24和OVN节点22、OVN节点23分属于不同的集群网络；SDN控制器21可以连接OVN节点22、OVN节点23；在OVN节点22上设置有分布式网关221，OVN节点23上设置有分布式网关231。Before introducing the above method, first introduce the OVN network that implements the above method, please refer to Figure 2, Figure 2 is a schematic structural diagram of an OVN network provided by the embodiment of the present application, and the OVN network includes anSDN controller 21 and anOVN node 22.OVN node 23,OVN node 24 andexternal network node 25. Wherein,OVN node 22 andOVN node 23 belong to the same OVN network,OVN node 24 andOVN node 22,OVN node 23 belong to different cluster networks;SDN controller 21 can connectOVN node 22,OVN node 23; In OVN node 22 A distributedgateway 221 is set on theOVN node 23, and a distributedgateway 231 is set on theOVN node 23.

在配置OVN网络时，会首先由SDN控制器21通过openflows协议，向OVN节点22、OVN节点23、OVN节点24下发流表规则，并在OVN节点22、OVN节点23上分别新增分布式网关221和分布式网关231，分布式网关221和分布式网关231上的转发规则由SDN控制器21通过openflows协议下发的流表规则来实现。同时在OVN节点22、OVN节点23和OVN节点24的L2网络中设置虚拟网线，将OVN节点上的西南北向流量和跨集群流量引导到分布式网关中进行转发。When configuring the OVN network, theSDN controller 21 will first issue flow table rules to theOVN node 22,OVN node 23, andOVN node 24 through the openflows protocol, and add distributed Thegateway 221 and the distributedgateway 231, and the forwarding rules on the distributedgateway 221 and the distributedgateway 231 are realized by the flow table rules issued by theSDN controller 21 through the openflows protocol. At the same time, a virtual network cable is set in the L2 network ofOVN node 22,OVN node 23, andOVN node 24, and the south-west-north traffic and cross-cluster traffic on the OVN node are guided to the distributed gateway for forwarding.

在OVN节点22访问外部网络节点25时，会在OVN节点22上产生南北向流量，该南北向流量会被引导至OVN节点22上的分布式网关221中。分布式网关221控制OVN节点22上的空闲网卡作为流量出口，并根据SDN控制器21发送的流表规则来配置源地址转换(SourceNetwork Address Translation，SNAT)规则，将南北向流量直接转发至外部网络节点25处，同时配置目的地址转换(Destination Network Address Translation，DNAT)规则，将本网关地址暴露给外部网络节点25，接收外部网络节点25回复的南北向流量并转发到OVN节点22处，完成OVN节点22对外部网络节点25的访问。When theOVN node 22 accesses theexternal network node 25 , north-south traffic will be generated on theOVN node 22 , and the north-south traffic will be directed to the distributedgateway 221 on theOVN node 22 . The distributedgateway 221 controls the idle network card on theOVN node 22 as the traffic outlet, and configures the source address translation (SourceNetwork Address Translation, SNAT) rule according to the flow table rule sent by theSDN controller 21, and directly forwards the north-south traffic to the external network Atnode 25, configure the destination network address translation (Destination Network Address Translation, DNAT) rule at the same time, expose the address of this gateway to theexternal network node 25, receive the north-south traffic replied by theexternal network node 25 and forward it to theOVN node 22, and complete theOVN Node 22 access toexternal network nodes 25 .

在OVN节点23访问OVN节点24时，由于OVN节点24并不属于OVN节点23所在的OVN网络集群，因此在OVN节点23上将产生跨集群流量以访问OVN节点24，而跨集群流量将会被引入到分布式网关231中。分布式网关231从SDN控制器21处获取跨集群转发规则和跨集群网络信息，并根据跨集群转发规则、跨集群网络信息和OVN节点24的信息，配置跨集群路由。最后，分布式网关231将跨集群流量按照跨集群路由进行转发，直接发送给OVN节点24，完成OVN节点23对OVN节点24的访问。When theOVN node 23 accesses theOVN node 24, because theOVN node 24 does not belong to the OVN network cluster where theOVN node 23 is located, cross-cluster traffic will be generated on theOVN node 23 to access theOVN node 24, and the cross-cluster traffic will be Introduced into the distributedgateway 231. The distributedgateway 231 obtains cross-cluster forwarding rules and cross-cluster network information from theSDN controller 21, and configures cross-cluster routes according to the cross-cluster forwarding rules, cross-cluster network information andOVN node 24 information. Finally, the distributedgateway 231 forwards the cross-cluster traffic according to the cross-cluster route, and directly sends it to theOVN node 24, so as to complete the access of theOVN node 23 to theOVN node 24.

在本发明提供的实施例中，通过SDN控制器向每个OVN节点发送流表规则，在OVN节点上新增分布式网关；将OVN节点上的南北向流量和跨集群流量引入至OVN节点上的分布式网关，通过分布式网关进行流量转发，使OVN节点访问外部网络节点和跨集群网络节点，从而将原本由集中式网关转发的流量分散到各个OVN节点的分布式网关上，OVN网络内的OVN节点能够直接从分布式网关访问外部网络节点，无需集中式网关转发，避免了性能瓶颈的问题，同时由于每个OVN节点上均设置有分布式网关，因此也避免了单点故障的问题，当一个OVN节点上的分布式网关发生故障时，不会影响到其他OVN节点。In the embodiment provided by the present invention, the SDN controller sends flow table rules to each OVN node, and a new distributed gateway is added on the OVN node; the north-south traffic and cross-cluster traffic on the OVN node are introduced to the OVN node The distributed gateway, through the distributed gateway for traffic forwarding, enables OVN nodes to access external network nodes and cross-cluster network nodes, so that the traffic originally forwarded by the centralized gateway is distributed to the distributed gateways of each OVN node, and the OVN network OVN nodes can directly access external network nodes from distributed gateways without centralized gateway forwarding, which avoids performance bottlenecks. At the same time, since each OVN node is equipped with a distributed gateway, it also avoids the problem of single point of failure. , when the distributed gateway on one OVN node fails, it will not affect other OVN nodes.

一种可能的实施方式，上述实施例中的在OVN节点上新增分布式网关，包括：在每个OVN节点上建立SDN网桥，并从流表规则中获取SDN网桥的转发规则；根据转发规则转发SDN网桥中的流量，使SDN网桥实现网关的网络互联功能。A kind of possible implementation manner, in the above-mentioned embodiment, newly added distributed gateway on the OVN node, comprises: on each OVN node, establishes the SDN bridge, and obtains the forwarding rule of the SDN bridge from the flow table rule; According to The forwarding rule forwards the traffic in the SDN bridge, so that the SDN bridge realizes the network interconnection function of the gateway.

请参见图3，图3本申请实施例提供的一种OVN节点的结构示意图。其中，OVN节点22上设置有分布式网关221和在OVN节点22上增加分布式网关221的具体方法为，为OVN节点22上建立一个SDN网桥2211，用于接收SDN控制器21下发的流表规则，其中，流表规则中包含有南北向流量转发规则和跨集群流量转发规则。同时在SDN网桥2211和OVN节点22之间建立一个虚拟网线2212，该虚拟网线2212能够将南北向流量和跨集群流量引入到SDN网桥2211上。SDN网桥2211根据SDN控制器21下发的流表规则对OVN节点22发送的南北向流量和跨集群流量进行转发，从而在网络层上实现网络互联的功能，使SDN网桥2211成为OVN节点22上的分布式网关221。Please refer to FIG. 3 , which is a schematic structural diagram of an OVN node provided by an embodiment of the present application. Wherein, theOVN node 22 is provided with the distributedgateway 221 and the specific method of adding the distributedgateway 221 on theOVN node 22 is to set up anSDN bridge 2211 on theOVN node 22 for receiving theSDN controller 21 issued Flow table rules, where the flow table rules include north-south traffic forwarding rules and cross-cluster traffic forwarding rules. At the same time, avirtual network cable 2212 is established between theSDN bridge 2211 and theOVN node 22, and thevirtual network cable 2212 can introduce north-south traffic and cross-cluster traffic to theSDN bridge 2211. TheSDN bridge 2211 forwards the north-south traffic and cross-cluster traffic sent by theOVN node 22 according to the flow table rules issued by theSDN controller 21, thereby realizing the function of network interconnection on the network layer, making theSDN bridge 2211 an OVN node Distributedgateway 221 on 22.

在本发明实施例中，通过在OVN节点上设置SDN网桥，并利用虚拟网线连接OVN节点和SDN网桥，将OVN节点上的南北向流量和跨集群流量引入至SDN网桥上进行流量转发，从而实现了在OVN节点上增加网关的功能，保证了OVN节点能够在网络层上与其他网络节点实现网络互联。In the embodiment of the present invention, by setting the SDN bridge on the OVN node and connecting the OVN node and the SDN bridge with a virtual network cable, the north-south traffic and cross-cluster traffic on the OVN node are introduced to the SDN bridge for traffic forwarding , so as to realize the function of adding a gateway on the OVN node, and ensure that the OVN node can realize network interconnection with other network nodes on the network layer.

一种可能的实施方式，将OVN节点上的南北向流量和跨集群流量引入至OVN节点上的分布式网关，通过分布式网关进行流量转发，使OVN节点访问外部网络节点和跨集群网络节点，包括：A possible implementation mode is to introduce the north-south traffic and cross-cluster traffic on the OVN node to the distributed gateway on the OVN node, and perform traffic forwarding through the distributed gateway, so that the OVN node can access external network nodes and cross-cluster network nodes, include:

将OVN节点上的南北向流量引入至分布式网关进行流量转发，使OVN节点访问外部网络节点；将OVN节点上的跨集群流量引入至分布式网关进行流量转发，使OVN节点访问跨集群网络节点。Introduce the north-south traffic on the OVN node to the distributed gateway for traffic forwarding, so that the OVN node can access external network nodes; introduce the cross-cluster traffic on the OVN node to the distributed gateway for traffic forwarding, so that the OVN node can access the cross-cluster network nodes .

在上述图3的分布式网关221上，分布式网关221根据SDN控制器21下发的南北向流量转发规则，控制OVN节点22上的空闲网卡作为流量出口，同时在二层网络上设置一个逻辑交换机出口，分布式网关221将自身和OVN节点22上的逻辑网卡进行绑定。当虚拟网线2212将OVN节点22发送的南北向流量发送给分布式网关221时，将南北向流量的下一跳地址设置为OVN节点22上逻辑网卡的地址；最后根据南北向流量转发规则对分布式网关221上的南北向流量进行流量转发，从而实现OVN节点22访问外部网络节点的功能。On the distributedgateway 221 in FIG. 3 above, the distributedgateway 221 controls the idle network card on theOVN node 22 as the traffic outlet according to the north-south traffic forwarding rule issued by theSDN controller 21, and sets a logical At the egress of the switch, the distributedgateway 221 binds itself to the logical network card on theOVN node 22 . When thevirtual network line 2212 sends the north-south flow sent by theOVN node 22 to the distributedgateway 221, the next hop address of the north-south flow is set to the address of the logical network card on theOVN node 22; finally, according to the north-south flow forwarding rule, the distribution The north-south traffic on theremote gateway 221 is forwarded, thereby realizing the function of theOVN node 22 accessing external network nodes.

当虚拟网线2212将OVN节点22发送的跨集群流量发送给分布式网关221时，先从SDN控制器21处获取跨集群流量转发规则。SDN控制器21会通过openflows协议从OVN集群中获取跨集群互联网络信息，然后根据OVN节点22访问跨集群网络节点时的业务类型、租户配置和租户网络信息等信息，生成跨集群网络转发规则，该跨集群流量转发规则中包括有用于跨集群通信所使用的overlay网络的overlay封装方式，跨集群网络节点信息等。随后，分布式网关会根据跨集群流量转发规则配置跨集群网络路由，根据实际需求，分布式网关221可以选择配置跨集群网络静态路由或者是配置路由自学习流表，自动获取跨集群网络转发路由。最后，分布式网关221根据跨集群流量转发规则和跨集群网络路由将跨集群流量转发至跨集群网络节点处，完成OVN节点22和跨集群网络接点的通信。When thevirtual network cable 2212 sends the cross-cluster traffic sent by theOVN node 22 to the distributedgateway 221, it first obtains the cross-cluster traffic forwarding rules from theSDN controller 21. TheSDN controller 21 will obtain cross-cluster interconnection network information from the OVN cluster through the openflows protocol, and then generate cross-cluster network forwarding rules according to information such as the business type, tenant configuration, and tenant network information when theOVN node 22 accesses the cross-cluster network node. The cross-cluster traffic forwarding rule includes an overlay encapsulation method of the overlay network used for cross-cluster communication, cross-cluster network node information, and the like. Subsequently, the distributed gateway will configure cross-cluster network routing according to the cross-cluster traffic forwarding rules. According to actual needs, distributedgateway 221 can choose to configure cross-cluster network static routing or configure routing self-learning flow table to automatically obtain cross-cluster network forwarding routes . Finally, the distributedgateway 221 forwards the cross-cluster traffic to the cross-cluster network nodes according to the cross-cluster traffic forwarding rules and cross-cluster network routes, and completes the communication between theOVN node 22 and the cross-cluster network nodes.

在本发明实施例中，分布式网关在获取了南北向流量和跨集群流量之后，分别根据南北向流量转发规则和跨集群流量转发规则进行流量转发，从而让分布式网关所在的OVN节点能够直接和外部网络节点、跨集群网络节点进行通信。In the embodiment of the present invention, after the distributed gateway obtains the north-south traffic and cross-cluster traffic, it performs traffic forwarding according to the north-south traffic forwarding rules and cross-cluster traffic forwarding rules, so that the OVN node where the distributed gateway is located can directly Communicate with external network nodes and cross-cluster network nodes.

一种可能的实施方式，将OVN节点上的南北向流量引入至分布式网关进行流量转发，包括：A possible implementation, introducing the north-south traffic on the OVN node to the distributed gateway for traffic forwarding, includes:

在流表规则中获取NAT规则，为分布式网关绑定浮动IP地址；利用分布式网关控制OVN节点上的空闲逻辑网卡，根据NAT规则和浮动IP地址转发OVN节点上的南北向流量，使OVN节点访问外部网络节点。Obtain the NAT rule in the flow table rules, bind the floating IP address for the distributed gateway; use the distributed gateway to control the idle logical network card on the OVN node, and forward the north-south traffic on the OVN node according to the NAT rule and the floating IP address, so that the OVN Nodes access external network nodes.

例如，请参见图2中的例子，OVN节点22访问外部网络节点25时，OVN节点22上的分布式网关221先从SDN控制器下发的流表规则中，获取NAT规则。然后分布式网关221根据NAT规则，为OVN节点22配置浮动IP地址为192.168.0.1，使得外部网络节点25能够通过浮动IP地址192.168.0.1访问OVN节点22。最后，分布式网关221根据NAT规则将南北向流量进行转发，直接发送给外部网络节点25，实现OVN节点22对外部网络节点25的访问。For example, referring to the example in FIG. 2, when theOVN node 22 accesses theexternal network node 25, the distributedgateway 221 on theOVN node 22 first obtains the NAT rule from the flow table rules issued by the SDN controller. Then the distributedgateway 221 configures the floating IP address 192.168.0.1 for theOVN node 22 according to the NAT rule, so that theexternal network node 25 can access theOVN node 22 through the floating IP address 192.168.0.1. Finally, the distributedgateway 221 forwards the north-south traffic according to the NAT rule, and sends it directly to theexternal network node 25, so as to realize the access of theOVN node 22 to theexternal network node 25.

在本发明实施例中，OVN节点直接通过其上设置的分布式网关转发南北向流量，无需使用集中式网关，避免了性能瓶颈和单点故障的问题，同时，转发规则由SDN控制器直接下发至对应的OVN节点的分布式网关上，极大的缩减了OVN流表数量，提升流表查找效率，避免无效流表引发性能下降，实现流表精准、最小化配置。In the embodiment of the present invention, the OVN node directly forwards the north-south traffic through the distributed gateway set on it, without using a centralized gateway, which avoids the problems of performance bottleneck and single point of failure. At the same time, the forwarding rules are directly downloaded by the SDN controller. It is sent to the distributed gateway of the corresponding OVN node, which greatly reduces the number of OVN flow tables, improves the efficiency of flow table lookup, avoids performance degradation caused by invalid flow tables, and achieves accurate and minimal configuration of flow tables.

一种可能的实施方式，根据NAT规则和浮动IP地址转发OVN节点上的南北向流量，使OVN节点访问外部网络节点，包括：A possible implementation mode forwards the north-south traffic on the OVN node according to the NAT rule and the floating IP address, so that the OVN node accesses the external network node, including:

在OVN节点上创建虚拟网线，虚拟网线连接OVN节点和OVN节点上的分布式网关，绑定OVN节点的逻辑网卡和分布式网关上的虚拟网卡；根据NAT规则，使用虚拟网卡根据浮动IP地址跨集群转发逻辑网卡上的南北向流量，使逻辑网卡上的南北向流量被转发至外部网络节点处。Create a virtual network cable on the OVN node, the virtual network cable connects the OVN node and the distributed gateway on the OVN node, binds the logical network card of the OVN node and the virtual network card on the distributed gateway; according to the NAT rule, use the virtual network card according to the floating IP address span The cluster forwards the north-south traffic on the logical network card, so that the north-south traffic on the logical network card is forwarded to external network nodes.

例如，如图3中的例子，OVN节点22上的分布式网关221通过虚拟网线2212连接OVN节点22，并获取OVN节点22上的南北向流量。分布式网关221将自身的虚拟网卡和OVN节点22的逻辑网卡绑定在一起，以OVN节点22的逻辑网卡作为流量出口。最后，分布式网关221根据SDN控制器21下发的NAT规则，使用分布式网关221上的虚拟网卡，以浮动IP地址作为OVN节点22的地址，将OVN节点的逻辑网卡上南北向流量转发给外部网络节点25处。For example, as shown in FIG. 3 , the distributedgateway 221 on theOVN node 22 is connected to theOVN node 22 through avirtual network cable 2212 , and obtains the north-south traffic on theOVN node 22 . The distributedgateway 221 binds its own virtual network card and the logical network card of theOVN node 22 together, and uses the logical network card of theOVN node 22 as a traffic outlet. Finally, the distributedgateway 221 uses the virtual network card on the distributedgateway 221 according to the NAT rule issued by theSDN controller 21, uses the floating IP address as the address of theOVN node 22, and forwards the north-south traffic on the logical network card of the OVN node toexternal network node 25.

在实际应用中，上述方法具体执行为，首先OVN节点在L2网络上创建逻辑交换机端口，创建为localport类型的logical switch port(p1)；然后再创建虚拟网线veth-pair(sw-int/sw-sdn)，其中sw-int端接入到网桥br-int端，sw-sdn端接入到网桥br-sdn端；最后配置分布式网关上的虚拟网卡的sw-int端和OVN逻辑网卡p1端之间的绑定关系，并将南北向流量的下一跳地址设置为p1地址。In practical applications, the above method is specifically implemented as follows: first, the OVN node creates a logical switch port on the L2 network, and creates a logical switch port (p1) of the localport type; then creates a virtual network cable veth-pair (sw-int/sw- sdn), where the sw-int end is connected to the bridge br-int end, and the sw-sdn end is connected to the bridge br-sdn end; finally configure the sw-int end of the virtual network card on the distributed gateway and the OVN logical network card The binding relationship between the p1 terminals, and set the next hop address of the north-south traffic to the p1 address.

在本发明实施例中，OVN节点通过分布式网关直接转发南北向流量访问外部网络节点，从而避免了使用集中式网关，避免了性能瓶颈和单点故障的问题，并且转发规则采用SDN控制器进行业务编排和规则配置，可灵活配置多样化的自定义业务功能，支持自定义跨集群转发逻辑。In the embodiment of the present invention, the OVN node directly forwards the north-south traffic through the distributed gateway to access the external network nodes, thereby avoiding the use of a centralized gateway, performance bottlenecks and single point failures, and the forwarding rules are implemented using the SDN controller. Business orchestration and rule configuration can flexibly configure a variety of custom business functions, and support custom cross-cluster forwarding logic.

一种可能的实施方式，将OVN节点上的跨集群流量引入至分布式网关进行流量转发，使OVN节点访问跨集群网络节点，包括：A possible implementation mode is to introduce the cross-cluster traffic on the OVN node to the distributed gateway for traffic forwarding, so that the OVN node can access the cross-cluster network nodes, including:

根据NAT规则，获取跨集群流量转发规则；为OVN节点配置路由，根据跨集群流量转发规则转发跨集群流量，访问跨集群网络节点。Obtain cross-cluster traffic forwarding rules according to NAT rules; configure routes for OVN nodes, forward cross-cluster traffic according to cross-cluster traffic forwarding rules, and access cross-cluster network nodes.

例如，请参见图2中的例子，当OVN节点23访问OVN节点24时，由于OVN节点23和OVN节点24并不属于同一OVN网络，因此在OVN节点23上生成了跨集群流量，并将跨集群流量通过分布式网关231进行转发。当分布式网络231接收到跨集群流量后，先在SDN控制器21下发的NAT规则中获取跨集群流量转发规则；然后为OVN节点23配置跨集群网络静态路由，并将下一跳地址设置为OVN节点23的逻辑网卡的地址。最后根据跨集群流量转发规则转发跨集群流量给OVN节点24，并利用跨集群网络静态路由接收来自OVN节点24的跨集群流量，完成OVN节点23的跨集群访问。For example, please refer to the example in Figure 2. WhenOVN node 23accesses OVN node 24, sinceOVN node 23 andOVN node 24 do not belong to the same OVN network, cross-cluster traffic is generated onOVN node 23 and will be cross- Cluster traffic is forwarded through the distributedgateway 231 . After the distributednetwork 231 receives the cross-cluster traffic, first obtain the cross-cluster traffic forwarding rule in the NAT rule issued by theSDN controller 21; then configure the cross-cluster network static route for theOVN node 23, and set the next hop address It is the address of the logical network card ofOVN node 23. Finally, the cross-cluster traffic is forwarded to theOVN node 24 according to the cross-cluster traffic forwarding rules, and the cross-cluster traffic from theOVN node 24 is received by using the cross-cluster network static route to complete the cross-cluster access of theOVN node 23.

在实际应用中，为OVN节点配置路由可以有两种方法，一种是直接配置为跨集群网络静态路由，另一种是配置路由自学习流表，让OVN节点上的分布式网关自行学习获取跨集群网络转发路由。In practical applications, there are two ways to configure routing for OVN nodes. One is to directly configure cross-cluster network static routing, and the other is to configure routing self-learning flow tables, so that the distributed gateways on OVN nodes can learn and obtain Forward routes across cluster networks.

在本发明实施例中，OVN节点上的分布式网关能够根据SDN控制下发的NAT规则获取跨集群转发规则，并为OVN节点配置路由，从而将OVN节点上的跨集群流量直接转发至跨集群网络节点处，无需有OVN跨集群网关和OVN跨集群互联控制器等中间环节中转，简化跨集群流量转发流程，流量从分布式网关发出，可直接到达对端集群节点或网关上，转发流程更简洁，性能更高。In the embodiment of the present invention, the distributed gateway on the OVN node can obtain the cross-cluster forwarding rules according to the NAT rules issued by the SDN control, and configure routes for the OVN nodes, so as to directly forward the cross-cluster traffic on the OVN nodes to the cross-cluster At the network nodes, there is no need for intermediary links such as OVN cross-cluster gateways and OVN cross-cluster interconnection controllers, which simplifies the cross-cluster traffic forwarding process. The traffic sent from the distributed gateway can directly reach the peer cluster node or gateway, and the forwarding process is simpler. Simpler and more performant.

一种可能的实施方式，根据NAT规则，获取跨集群流量转发规则，包括：A possible implementation manner, according to NAT rules, obtains cross-cluster traffic forwarding rules, including:

SDN控制器从跨集群网络中获取跨集群网络的网络信息，根据网络信息生成跨集群转发逻辑；将网络信息和跨集群转发逻辑下发至OVN节点上的分布式网关处，让OVN节点上的分布式网关根据网络信息和跨集群转发逻辑，生成跨集群流量转发规则。The SDN controller obtains the network information of the cross-cluster network from the cross-cluster network, and generates cross-cluster forwarding logic according to the network information; sends the network information and cross-cluster forwarding logic to the distributed gateway on the OVN node, so that the OVN node The distributed gateway generates cross-cluster traffic forwarding rules based on network information and cross-cluster forwarding logic.

例如，请参见图2中的例子，在OVN节点23访问OVN节点24之前，SDN控制器21会先通过openflows协议与OVN节点24所在的OVN网络进行交互，获取跨集群网络节点信息；然后根据OVN节点23访问OVN节点24时的业务类型、租户配置和租户网络信息，配合跨集群网络节点信息生成跨集群流量转发规则；最后将跨集群流量转发规则发送给OVN节点23上的分布式网关231处。在跨集群流量转发规则中包含有转发跨集群流量时需要使用的overlay封装方式和跨集群网络节点信息。For example, referring to the example in FIG. 2, before theOVN node 23 accesses theOVN node 24, theSDN controller 21 will first interact with the OVN network where theOVN node 24 is located through the openflows protocol to obtain cross-cluster network node information; then according to the OVN The business type, tenant configuration and tenant network information whennode 23accesses OVN node 24, cooperates with cross-cluster network node information to generate cross-cluster traffic forwarding rules; finally, cross-cluster traffic forwarding rules are sent to distributedgateway 231 onOVN node 23 . The cross-cluster traffic forwarding rules include the overlay encapsulation method and cross-cluster network node information that need to be used when forwarding cross-cluster traffic.

在实际应用中，上述方法具体执行为，首先由OVN节点在L2网络上创建逻辑交换机端口localport类型的logical switch port(p1)；然后在OVN节点上创建虚拟网线veth-pair(sw-int/sw-sdn)，其中sw-int端接入到网桥br-int端，sw-sdn端接入到网桥br-sdn端；最后配置分布式网关上的虚拟网卡的sw-int端和OVN逻辑网卡p1端之间的绑定关系。而在跨集群流量转发中，转发路由有两种获取方式，一种是配置为静态路由，下一跳地址设置为p1地址；另一种是配置路由自学习流表，从而让分布式网关自动获取跨集群转发路由。In practical applications, the above method is specifically executed as follows: first, the OVN node creates a logical switch port (p1) of the logical switch port localport type on the L2 network; then creates a virtual network cable veth-pair (sw-int/sw -sdn), where the sw-int end is connected to the bridge br-int end, and the sw-sdn end is connected to the bridge br-sdn end; finally configure the sw-int end and OVN logic of the virtual network card on the distributed gateway The binding relationship between the p1 end of the network card. In cross-cluster traffic forwarding, there are two ways to obtain the forwarding route. One is to configure it as a static route, and the next hop address is set to the p1 address; the other is to configure the routing self-learning flow table, so that the distributed gateway automatically Get cross-cluster forwarding routes.

在本发明实施例中，分布式网关能够从SDN控制器处获取跨集群流量转发规则，SDN控制器在生成跨集群流量转发规则时，对跨集群网络节点没有要求，不要求对端集群网络是OVN方案，可自由与任何集群实现跨集群网络，解除OVN集群只能与OVN集群互通的限制；同时，跨集群流量转发规则能够根据用户需求进行自定义，例如根据应用场景自主选择overlay封装格式，能够提高跨集群互联兼容性。In the embodiment of the present invention, the distributed gateway can obtain the cross-cluster traffic forwarding rules from the SDN controller. When the SDN controller generates the cross-cluster traffic forwarding rules, it does not require the The OVN solution can freely realize a cross-cluster network with any cluster, and remove the limitation that the OVN cluster can only communicate with the OVN cluster; at the same time, the cross-cluster traffic forwarding rules can be customized according to user needs, such as choosing the overlay encapsulation format independently according to the application scenario, It can improve cross-cluster interconnection compatibility.

基于同一发明构思，本申请提供一种OVN网络，请参见图4，该OVN网络包括：Based on the same inventive concept, this application provides an OVN network, please refer to Figure 4, the OVN network includes:

SDN控制器401，用于向OVN网络中的每个OVN节点402发送流表规则；TheSDN controller 401 is configured to send flow table rules to eachOVN node 402 in the OVN network;

OVN节点402，OVN节点402上设置有分布式网关4021，分布式网关4021根据流表规则对OVN节点402上的南北向流量和跨集群流量进行流量转发，使OVN节点402访问外部网络节点和跨集群网络节点。TheOVN node 402 is provided with a distributedgateway 4021, and the distributedgateway 4021 forwards the north-south traffic and cross-cluster traffic on theOVN node 402 according to the flow table rules, so that theOVN node 402 accesses external network nodes and cross-cluster traffic. Cluster network nodes.

一种可能的实施方式，SDN控制器401用于：In a possible implementation manner, theSDN controller 401 is used to:

在每个OVN节点402上建立SDN网桥，并从流表规则中获取SDN网桥的转发规则；根据转发规则转发SDN网桥中的流量，使SDN网桥实现网关的网络互联功能。Establish an SDN bridge on eachOVN node 402, and obtain the forwarding rules of the SDN bridge from the flow table rules; forward the traffic in the SDN bridge according to the forwarding rules, so that the SDN bridge realizes the network interconnection function of the gateway.

一种可能的实施方式，OVN节点402用于：A possible implementation manner, theOVN node 402 is used for:

将南北向流量引入至分布式网关4021进行流量转发，使OVN节点402访问外部网络节点；Introduce the north-south traffic to the distributedgateway 4021 for traffic forwarding, so that theOVN node 402 can access external network nodes;

将跨集群流量引入至分布式网关4021进行流量转发，使OVN节点402访问跨集群网络节点。The cross-cluster traffic is introduced to the distributedgateway 4021 for traffic forwarding, so that theOVN node 402 accesses the cross-cluster network nodes.

在流表规则中获取NAT规则，为分布式网关绑定浮动IP地址；Obtain the NAT rule in the flow table rule, and bind the floating IP address for the distributed gateway;

利用分布式网关4021控制OVN节点402上的空闲逻辑网卡，根据NAT规则转发OVN节点402上的南北向流量，使OVN节点402访问外部网络节点。Use the distributedgateway 4021 to control the idle logical network card on theOVN node 402, and forward the north-south traffic on theOVN node 402 according to the NAT rules, so that theOVN node 402 can access external network nodes.

创建虚拟网线，虚拟网线连接OVN节点402和OVN节点402上的分布式网关4021，绑定OVN节点402的逻辑网卡和分布式网关上的虚拟网卡；Create a virtual network cable, which connects theOVN node 402 and the distributedgateway 4021 on theOVN node 402, and binds the logical network card of theOVN node 402 and the virtual network card on the distributed gateway;

根据NAT规则，使用虚拟网卡根据浮动IP地址转发OVN节点402上的南北向流量，使逻辑网卡上的南北向流量通过虚拟网卡转发至外部网络节点处。According to the NAT rule, use the virtual network card to forward the north-south traffic on theOVN node 402 according to the floating IP address, so that the north-south traffic on the logical network card is forwarded to the external network node through the virtual network card.

根据NAT规则，获取跨集群流量转发规则；Obtain cross-cluster traffic forwarding rules according to NAT rules;

配置路由，根据跨集群流量转发规则转发跨集群流量，访问跨集群网络节点。Configure routing, forward cross-cluster traffic according to cross-cluster traffic forwarding rules, and access cross-cluster network nodes.

SDN控制器从跨集群网络中获取跨集群网络的网络信息，根据网络信息生成跨集群转发逻辑；The SDN controller obtains the network information of the cross-cluster network from the cross-cluster network, and generates cross-cluster forwarding logic according to the network information;

将网络信息和跨集群转发逻辑下发至OVN节点402上的分布式网关4021处，让OVN节点402上的分布式网关4021根据网络信息和跨集群转发逻辑，生成跨集群流量转发规则。Send the network information and cross-cluster forwarding logic to the distributedgateway 4021 on theOVN node 402, and let the distributedgateway 4021 on theOVN node 402 generate cross-cluster traffic forwarding rules according to the network information and cross-cluster forwarding logic.

基于同一发明构思，本发明一实施例提供一种配置分布式网关的装置，包括：Based on the same inventive concept, an embodiment of the present invention provides a device for configuring a distributed gateway, including:

至少一个处理器，处理器用于执行存储器中存储的计算机程序时实现本申请实施例提供的如上的配置分布式网关的步骤。At least one processor, the processor is used to implement the above steps of configuring the distributed gateway provided in the embodiment of the present application when executing the computer program stored in the memory.

可选的，处理器具体可以是中央处理器、特定应用集成电路(英文：ApplicationSpecific Integrated Circuit，简称：ASIC)，可以是一个或多个用于控制程序执行的集成电路。Optionally, the processor may specifically be a central processing unit, an application-specific integrated circuit (English: Application Specific Integrated Circuit, ASIC for short), or one or more integrated circuits for controlling program execution.

可选的，该数据完整性保护的设备还包括与至少一个处理器连接的存储器，存储器可以包括只读存储器(英文：Read Only Memory，简称：ROM)、随机存取存储器(英文：Random Access Memory，简称：RAM)和磁盘存储器。存储器用于存储处理器运行时所需的数据，即存储有可被至少一个处理器执行的指令，至少一个处理器通过执行存储器存储的指令，执行如上的配置分布式网关或标准数据注解所示的方法。其中，存储器的数量为一个或多个。Optionally, the device for data integrity protection also includes a memory connected to at least one processor, and the memory may include a read-only memory (English: Read Only Memory, ROM for short), a random access memory (English: Random Access Memory , referred to as: RAM) and disk storage. The memory is used to store the data required by the processor when it is running, that is, it stores instructions that can be executed by at least one processor, and at least one processor executes the instructions stored in the memory, as shown in the configuration distributed gateway or standard data annotation above Methods. Wherein, the quantity of the memory is one or more.

本申请实施例还提供一种计算机存储介质，其中，计算机存储介质存储有计算机指令，当计算机指令在计算机上运行时，使得计算机执行如上的配置分布式网关的方法的步骤。The embodiment of the present application also provides a computer storage medium, wherein the computer storage medium stores computer instructions, and when the computer instructions are run on the computer, the computer is made to execute the steps of the above method for configuring the distributed gateway.

本领域内的技术人员应明白，本申请的实施例可提供为方法、系统、或计算机程序产品。因此，本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

显然，本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样，倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内，则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims

Translated fromChinese

1.一种配置分布式网关的方法，应用于开放虚拟网络中的软件定义网络控制器上，在所述开放虚拟网络中设置多个开放虚拟网络节点，所述软件定义网络控制器能够连接到所有的开放虚拟网络节点上，其特征在于，包括：1. A method for configuring a distributed gateway, applied to a software-defined network controller in an open virtual network, wherein a plurality of open virtual network nodes are set in the open virtual network, and the software-defined network controller can be connected to All open virtual network nodes are characterized by including:

2.如权利要求1所述的方法，其特征在于，在所述开放虚拟网络节点上新增分布式网关，包括：2. The method according to claim 1, wherein adding a distributed gateway on the open virtual network node comprises:

3.如权利要求1所述的方法，其特征在于，将所述开放虚拟网络节点上的南北向流量和跨集群流量引入至所述开放虚拟网络节点上的分布式网关，通过所述分布式网关进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点，包括：3. The method according to claim 1, wherein the north-south flow and cross-cluster flow on the open virtual network node are introduced into the distributed gateway on the open virtual network node, and through the distributed The gateway performs traffic forwarding, enabling the open virtual network node to access external network nodes and cross-cluster network nodes, including:

4.如权利要求3所述的方法，其特征在于，将所述开放虚拟网络节点上的南北向流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述外部网络节点，包括：4. The method according to claim 3, wherein the north-south traffic on the open virtual network node is introduced into the distributed gateway for traffic forwarding, so that the open virtual network node accesses the external network nodes, including:

5.如权利要求4所述的方法，其特征在于，根据所述网络地址转换规则和所述浮动IP地址转发所述开放虚拟网络节点上的南北向流量，包括：5. The method according to claim 4, wherein forwarding the north-south traffic on the open virtual network node according to the network address translation rule and the floating IP address comprises:

6.如权利要求3所述的方法，其特征在于，将所述开放虚拟网络节点上的跨集群流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述跨集群网络节点，包括：6. The method according to claim 3, wherein the cross-cluster traffic on the open virtual network node is introduced into the distributed gateway for traffic forwarding, so that the open virtual network node accesses the cross-cluster Network nodes, including:

7.如权利要求6所述的方法，其特征在于，根据所述网络地址转换规则，获取跨集群流量转发规则，包括：7. The method according to claim 6, wherein obtaining cross-cluster traffic forwarding rules according to the network address translation rules comprises:

8.一种开放虚拟网络，所述开放虚拟网络中设置多个开放虚拟网络节点，所述软件定义网络控制器能够连接到所有的开放虚拟网络节点上,其特征在于，包括：8. An open virtual network, wherein a plurality of open virtual network nodes are set in the open virtual network, and the software-defined network controller can be connected to all open virtual network nodes, characterized in that, comprising:

9.一种配置分布式网关的装置，其特征在于，包括：9. A device for configuring a distributed gateway, comprising:

至少一个处理器，以及at least one processor, and

其中，所述存储器存储有可被所述至少一个处理器执行的指令，所述至少一个处理器通过执行所述存储器存储的指令执行权利要求1-7中任一项所述的方法。Wherein, the memory stores instructions executable by the at least one processor, and the at least one processor executes the method according to any one of claims 1-7 by executing the instructions stored in the memory.

10.一种可读存储介质，其上存储有计算机程序，其特征在于，所述计算机程序被处理器执行时实现如权利要求1-7中任一项所述的配置分布式网关的方法的步骤。10. A readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the method for configuring a distributed gateway according to any one of claims 1-7 is implemented step.