CN115277349B

Movatterモバイル変換

Info

Publication number: CN115277349B
Application number: CN202210840206.XA
Authority: CN
Inventors: 柯少杰; 户才来; 邓浩阳; 蒋文维; 卢志祥
Original assignee: China Telecom Cloud Technology Co Ltd
Current assignee: China Telecom Cloud Technology Co Ltd
Priority date: 2022-07-18
Filing date: 2022-07-18
Publication date: 2024-01-02
Anticipated expiration: 2042-07-18
Also published as: CN115277349A

Abstract

The embodiment of the invention relates to a method for configuring a distributed gateway, an open virtual network and a storage medium, which are used for solving the problems of north-south performance bottleneck and single point failure of the open virtual network. The method for configuring the distributed gateway comprises the following steps: sending a flow table rule to each open virtual network node, and adding a distributed gateway on the open virtual network node; introducing the north-south traffic and the cross-cluster traffic on the open virtual network node to a distributed gateway on the open virtual network node, and forwarding the traffic through the distributed gateway to enable the open virtual network node to access external network nodes and the cross-cluster network nodes.

Description

Translated fromChinese

一种配置分布式网关的方法、开放虚拟网络及存储介质A method for configuring distributed gateways, open virtual networks and storage media

技术领域Technical field

本发明涉及网络技术领域，特别涉及一种配置分布式网关的方法、开放虚拟网络及存储介质。The present invention relates to the field of network technology, and in particular to a method for configuring a distributed gateway, an open virtual network and a storage medium.

背景技术Background technique

开放虚拟网络(Open Virtual Network，OVN)是一款软件定义网络(SoftwareDefined Network，SDN)控制器，支持开放虚拟化软件交换机(Open vSwitch，OVS)网络架构，能够提供网络配置方案，实现逻辑网络和物理网络的连通。Open Virtual Network (OVN) is a software-defined network (SDN) controller that supports the open virtualization software switch (Open vSwitch, OVS) network architecture and can provide network configuration solutions to realize logical network and Physical network connectivity.

但是，OVN网络只能提供集中式网关，为OVN网络中的虚拟机和容器提供访问功能，当OVN网络中的南北向流量较大时，由于集中式网关作用域为整个集群，集群中的南北向流量均需要由集中式网关进行转发，此时集中式网关容易带来性能瓶颈。并且由于集中式网关具有单点故障的问题，一旦故障将会影响整个集群。However, the OVN network can only provide centralized gateways to provide access functions for virtual machines and containers in the OVN network. When the north-south traffic in the OVN network is large, since the scope of the centralized gateway is the entire cluster, the north-south traffic in the cluster All traffic needs to be forwarded by the centralized gateway. At this time, the centralized gateway can easily cause performance bottlenecks. And because the centralized gateway has a single point of failure, a failure will affect the entire cluster.

鉴于此，如何解决OVN南北向性能瓶颈和单点故障的问题，成为了亟待解决的技术问题。In view of this, how to solve the north-south performance bottleneck and single point of failure of OVN has become an urgent technical issue that needs to be solved.

发明内容Contents of the invention

本发明实施例提供了一种配置分布式网关的方法、开放虚拟网络及存储介质，用于解决开放虚拟网络南北向性能瓶颈和单点故障的问题。Embodiments of the present invention provide a method for configuring a distributed gateway, an open virtual network, and a storage medium to solve the problems of north-south performance bottlenecks and single points of failure in the open virtual network.

本申请第一方面提供了一种配置分布式网关的方法，该方法应用于开放虚拟网络中的软件定义网络控制器上，在所述开放虚拟网络中设置多个开放虚拟网络节点，所述软件定义网络控制器能够连接到所有的开放虚拟网络节点上，开放虚拟网络中，包括：The first aspect of this application provides a method for configuring a distributed gateway. The method is applied to a software-defined network controller in an open virtual network. Multiple open virtual network nodes are set up in the open virtual network. The software Define the network controller to be able to connect to all open virtual network nodes in the open virtual network, including:

向每个开放虚拟网络节点发送流表规则，在所述开放虚拟网络节点上新增分布式网关；Send flow table rules to each open virtual network node, and add a new distributed gateway on the open virtual network node;

将所述开放虚拟网络节点上的南北向流量和跨集群流量引入至所述开放虚拟网络节点上的分布式网关，通过所述分布式网关进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点。Introduce the north-south traffic and cross-cluster traffic on the open virtual network node to the distributed gateway on the open virtual network node, and forward the traffic through the distributed gateway to enable the open virtual network node to access the external network. nodes and cross-cluster network nodes.

可选的，在所述开放虚拟网络节点上新增分布式网关，包括：Optionally, add a new distributed gateway on the open virtual network node, including:

在每个开放虚拟网络节点上建立软件定义网络网桥，并从所述流表规则中获取所述软件定义网络网桥的转发规则；Establish a software-defined network bridge on each open virtual network node, and obtain the forwarding rules of the software-defined network bridge from the flow table rules;

根据所述转发规则转发所述软件定义网络网桥中的流量，使所述软件定义网络网桥实现网关的网络互联功能。Forward traffic in the software-defined network bridge according to the forwarding rules, so that the software-defined network bridge implements the network interconnection function of a gateway.

可选的，将所述开放虚拟网络节点上的南北向流量和跨集群流量引入至所述开放虚拟网络节点上的分布式网关，通过所述分布式网关进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点，包括：Optionally, introduce north-south traffic and cross-cluster traffic on the open virtual network node to a distributed gateway on the open virtual network node, and forward traffic through the distributed gateway, so that the open virtual network Nodes access external network nodes and cross-cluster network nodes, including:

将所述开放虚拟网络节点上的南北向流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述外部网络节点；Introduce the north-south traffic on the open virtual network node to the distributed gateway for traffic forwarding, so that the open virtual network node can access the external network node;

将所述开放虚拟网络节点上的跨集群流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述跨集群网络节点。The cross-cluster traffic on the open virtual network node is introduced to the distributed gateway for traffic forwarding, so that the open virtual network node accesses the cross-cluster network node.

可选的，将所述开放虚拟网络节点上的南北向流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述外部网络节点，包括：Optionally, introducing north-south traffic on the open virtual network node to the distributed gateway for traffic forwarding so that the open virtual network node accesses the external network node includes:

在所述流表规则中获取网络地址转换规则，为所述分布式网关绑定浮动IP地址；Obtain network address translation rules from the flow table rules and bind a floating IP address to the distributed gateway;

通过所述分布式网关控制所述开放虚拟网络节点上的空闲逻辑网卡，根据所述网络地址转换规则和所述浮动IP地址转发所述开放虚拟网络节点上的南北向流量，使所述开放虚拟网络节点访问外部网络节点。The distributed gateway controls the idle logical network card on the open virtual network node, and forwards north-south traffic on the open virtual network node according to the network address translation rules and the floating IP address, so that the open virtual network node Network nodes access external network nodes.

可选的，根据所述网络地址转换规则和所述浮动IP地址转发所述开放虚拟网络节点上的南北向流量，包括：Optionally, forwarding north-south traffic on the open virtual network node according to the network address translation rule and the floating IP address includes:

在所述开放虚拟网络节点上创建虚拟网线，所述虚拟网线连接所述开放虚拟网络节点和所述开放虚拟网络节点上的分布式网关，绑定所述开放虚拟网络节点的逻辑网卡和所述分布式网关上的虚拟网卡；Create a virtual network cable on the open virtual network node, the virtual network cable connects the open virtual network node and the distributed gateway on the open virtual network node, and binds the logical network card of the open virtual network node and the Virtual network cards on distributed gateways;

根据所述网络地址转换规则，使用所述虚拟网卡根据所述浮动IP地址转发所述逻辑网卡上的南北向流量，使所述逻辑网卡上的南北向流量通过所述虚拟网卡转发至外部网络节点处。According to the network address translation rules, the virtual network card is used to forward the north-south traffic on the logical network card according to the floating IP address, so that the north-south traffic on the logical network card is forwarded to the external network node through the virtual network card. at.

可选的，将所述开放虚拟网络节点上的跨集群流量引入至所述分布式网关进行流量转发，使所述开放虚拟网络节点访问所述跨集群网络节点，包括：Optionally, introducing cross-cluster traffic on the open virtual network node to the distributed gateway for traffic forwarding so that the open virtual network node accesses the cross-cluster network node includes:

根据所述网络地址转换规则，获取跨集群流量转发规则；Obtain cross-cluster traffic forwarding rules according to the network address translation rules;

为所述开放虚拟网络节点配置路由，根据所述跨集群流量转发规则转发跨集群流量，访问跨集群网络节点。Configure routes for the open virtual network nodes, forward cross-cluster traffic according to the cross-cluster traffic forwarding rules, and access cross-cluster network nodes.

可选的，根据所述网络地址转换规则，获取跨集群流量转发规则，包括：Optionally, obtain cross-cluster traffic forwarding rules based on the network address translation rules, including:

从跨集群网络中获取跨集群网络的网络信息，根据所述网络信息生成跨集群转发逻辑；Obtain network information of the cross-cluster network from the cross-cluster network, and generate cross-cluster forwarding logic based on the network information;

将所述网络信息和所述跨集群转发逻辑下发至所述开放虚拟网络节点上的分布式网关处，让所述开放虚拟网络节点上的分布式网关根据所述网络信息和所述跨集群转发逻辑，生成跨集群流量转发规则。Send the network information and the cross-cluster forwarding logic to the distributed gateway on the open virtual network node, so that the distributed gateway on the open virtual network node can process the network information and the cross-cluster forwarding logic according to the network information and the cross-cluster forwarding logic. Forwarding logic, generate cross-cluster traffic forwarding rules.

第二方面，本申请提供一种开放虚拟网络，包括：In the second aspect, this application provides an open virtual network, including:

软件定义网络控制器，用于向所述开放虚拟网络中的每个开放虚拟网络节点发送流表规则；A software-defined network controller configured to send flow table rules to each open virtual network node in the open virtual network;

开放虚拟网络节点，所述开放虚拟网络节点上设置有分布式网关，所述分布式网关根据所述流表规则对所述开放虚拟网络节点上的南北向流量和跨集群流量进行流量转发，使所述开放虚拟网络节点访问外部网络节点和跨集群网络节点。Open virtual network node, the open virtual network node is provided with a distributed gateway, and the distributed gateway performs traffic forwarding on the north-south traffic and cross-cluster traffic on the open virtual network node according to the flow table rules, so that The open virtual network node accesses external network nodes and cross-cluster network nodes.

可选的，所述软件定义网络控制器用于：Optionally, the software-defined network controller is used for:

可选的，所述开放虚拟网络节点用于：Optionally, the open virtual network node is used for:

第三方面，本申请提供一种配置分布式网关的装置，包括：In a third aspect, this application provides a device for configuring a distributed gateway, including:

至少一个处理器，以及at least one processor, and

与所述至少一个处理器连接的存储器；a memory coupled to the at least one processor;

其中，所述存储器存储有可被所述至少一个处理器执行的指令，所述至少一个处理器通过执行所述存储器存储的指令执行如第一方面中任一项所述的方法。Wherein, the memory stores instructions that can be executed by the at least one processor, and the at least one processor performs the method as described in any one of the first aspects by executing the instructions stored in the memory.

第四方面，本申请实施例提供一种计算机可读存储介质，其上存储有计算机程序，所述计算机程序被处理器执行时实现如第一方面中任一项所述的方法的步骤。In a fourth aspect, embodiments of the present application provide a computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, the steps of the method as described in any one of the first aspects are implemented.

本申请实施例中的技术方案具有以下有益效果：软件定义网络控制器向每个开放虚拟网络节点发送流表规则，在开放虚拟网络节点上新增分布式网关；将开放虚拟网络节点上的南北向流量和跨集群流量引入至开放虚拟网络节点上的分布式网关，通过分布式网关进行流量转发，使开放虚拟网络节点访问外部网络节点和跨集群网络节点，从而将原本由集中式网关转发的流量分散到各个开放虚拟网络节点的分布式网关上，开放虚拟网络内的开放虚拟网络节点能够直接从分布式网关访问外部网络节点，无需集中式网关转发，避免了性能瓶颈的问题，同时由于每个开放虚拟网络节点上均设置有分布式网关，因此也避免了单点故障的问题，当一个开放虚拟网络节点上的分布式网关发生故障时，不会影响到其他开放虚拟网络节点。The technical solutions in the embodiments of this application have the following beneficial effects: the software-defined network controller sends flow table rules to each open virtual network node, and adds a new distributed gateway on the open virtual network node; Introduce inward traffic and cross-cluster traffic to the distributed gateway on the open virtual network node, and forward the traffic through the distributed gateway, allowing the open virtual network node to access external network nodes and cross-cluster network nodes, thereby forwarding traffic originally forwarded by the centralized gateway The traffic is dispersed to the distributed gateways of each open virtual network node. The open virtual network nodes in the open virtual network can directly access external network nodes from the distributed gateway without centralized gateway forwarding, which avoids the problem of performance bottlenecks. At the same time, since each Each open virtual network node is equipped with a distributed gateway, thus avoiding the problem of single point of failure. When the distributed gateway on an open virtual network node fails, it will not affect other open virtual network nodes.

附图说明Description of drawings

图1是本申请实施例提供的一种配置分布式网关的方法的流程图；Figure 1 is a flow chart of a method for configuring a distributed gateway provided by an embodiment of the present application;

图2是本申请实施例提供的一种OVN网络的结构示意图；Figure 2 is a schematic structural diagram of an OVN network provided by an embodiment of the present application;

图3是本申请实施例提供的一种OVN节点的结构示意图；Figure 3 is a schematic structural diagram of an OVN node provided by an embodiment of the present application;

图4是本申请实施例提供的另一种OVN网络的结构示意图。Figure 4 is a schematic structural diagram of another OVN network provided by an embodiment of the present application.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白，下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行清楚、完整地描述。In order to make the purpose, technical solutions and advantages of the present invention more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application.

现有技术中，OVN提供丰富的L2/L3层网络、security Group、网络地址转换(Network Address Translation，NAT)等功能，通过OVN，用户可完成集群网络虚拟化编排和流量控制，提供多种隧道封装技术。为实现与物理网络互联，OVN支持采用硬件TOR交换机和软件逻辑交换机来实现逻辑网络与物理网络打通。OVN只能提供集中式网关为OVN网络下的虚拟机、容器提供外网访问功能，而集中式网关存在天然缺陷，如集中式网关作用域为整个集群范围内，虚拟私有云(Virtual Private Cloud，VPC)下所有虚机、容器的南北向流量均需要由集中式网关转发，因此当VPC的虚机、容器南北向流量较大时，集中式网关将引发性能瓶颈。OVN的集中式网关支持多实例部署，VPC南北向流量通过等价多路径路由(EqualCost Multi-path，ECMP)选择逻辑网关转发，可实现集中式网关的高可用和负载均衡。但是基于ECMP的OVN多实例集中式网关只能支持ingress流量，而不支持egress流量，使得基于ECMP的OVN多实例集中式网关存在一定的限制，无法适用多样化的应用场景。因此OVN集中式网关存在单点故障问题，集中式网关的故障范围是整个集群。Among the existing technologies, OVN provides rich L2/L3 layer network, security group, network address translation (Network Address Translation, NAT) and other functions. Through OVN, users can complete cluster network virtualization orchestration and traffic control, and provide a variety of tunnels. packaging technology. In order to achieve interconnection with the physical network, OVN supports the use of hardware TOR switches and software logical switches to connect the logical network with the physical network. OVN can only provide centralized gateways to provide external network access functions for virtual machines and containers under the OVN network. However, centralized gateways have natural flaws. For example, the scope of centralized gateways is within the entire cluster, and virtual private clouds (Virtual Private Cloud, All north-south traffic of virtual machines and containers under VPC needs to be forwarded by the centralized gateway. Therefore, when the north-south traffic of virtual machines and containers in VPC is large, the centralized gateway will cause a performance bottleneck. OVN's centralized gateway supports multi-instance deployment. VPC north-south traffic selects logical gateways for forwarding through EqualCost Multi-path (ECMP), which can achieve high availability and load balancing of the centralized gateway. However, the ECMP-based OVN multi-instance centralized gateway can only support ingress traffic but not egress traffic, which makes the ECMP-based OVN multi-instance centralized gateway have certain limitations and cannot be applied to diverse application scenarios. Therefore, the OVN centralized gateway has a single point of failure problem, and the failure scope of the centralized gateway is the entire cluster.

为此，本申请提供一种配置分布式网关的方法、OVN网络及可读存储介质，用于解决OVN南北向性能瓶颈和单点故障的问题，请参见图1，本方法应用于OVN网络中的SDN控制器上，在OVN网络中设置多个OVN节点，所述SDN控制器能够连接到所有的OVN节点上，其总体思路如下：To this end, this application provides a method for configuring distributed gateways, OVN networks and readable storage media to solve the problems of OVN north-south performance bottlenecks and single points of failure. Please see Figure 1. This method is applied to the OVN network. On the SDN controller, multiple OVN nodes are set up in the OVN network. The SDN controller can be connected to all OVN nodes. The general idea is as follows:

101、向每个OVN节点发送流表规则，在OVN节点上新增分布式网关；101. Send flow table rules to each OVN node and add a new distributed gateway on the OVN node;

102、将OVN节点上的南北向流量和跨集群流量引入至OVN节点上的分布式网关，通过分布式网关进行流量转发，使OVN节点访问外部网络节点和跨集群网络节点。102. Introduce the north-south traffic and cross-cluster traffic on the OVN node to the distributed gateway on the OVN node, and forward the traffic through the distributed gateway so that the OVN node can access external network nodes and cross-cluster network nodes.

在介绍上述方法之前，先介绍执行上述方法的OVN网络，请参见图2，图2为本申请实施例提供的一种OVN网络的结构示意图，所述OVN网络中包括SDN控制器21、OVN节点22、OVN节点23、OVN节点24和外部网络节点25。其中，OVN节点22和OVN节点23属于同一OVN网络，OVN节点24和OVN节点22、OVN节点23分属于不同的集群网络；SDN控制器21可以连接OVN节点22、OVN节点23；在OVN节点22上设置有分布式网关221，OVN节点23上设置有分布式网关231。Before introducing the above method, first introduce the OVN network that performs the above method. Please refer to Figure 2. Figure 2 is a schematic structural diagram of an OVN network provided by an embodiment of the present application. The OVN network includes an SDN controller 21, an OVN node 22. OVN node 23, OVN node 24 and external network node 25. Among them, OVN node 22 and OVN node 23 belong to the same OVN network, and OVN node 24 belongs to different cluster networks from OVN node 22 and OVN node 23; SDN controller 21 can connect OVN node 22 and OVN node 23; in OVN node 22 A distributed gateway 221 is provided on the OVN node 23, and a distributed gateway 231 is provided on the OVN node 23.

在配置OVN网络时，会首先由SDN控制器21通过openflows协议，向OVN节点22、OVN节点23、OVN节点24下发流表规则，并在OVN节点22、OVN节点23上分别新增分布式网关221和分布式网关231，分布式网关221和分布式网关231上的转发规则由SDN控制器21通过openflows协议下发的流表规则来实现。同时在OVN节点22、OVN节点23和OVN节点24的L2网络中设置虚拟网线，将OVN节点上的西南北向流量和跨集群流量引导到分布式网关中进行转发。When configuring the OVN network, the SDN controller 21 will first deliver flow table rules to the OVN node 22, OVN node 23, and OVN node 24 through the openflows protocol, and add distributed distribution on the OVN node 22 and the OVN node 23 respectively. The forwarding rules on the gateway 221 and the distributed gateway 231 are implemented by the flow table rules issued by the SDN controller 21 through the openflows protocol. At the same time, virtual network cables are set up in the L2 network of OVN node 22, OVN node 23, and OVN node 24 to guide the southwest and northbound traffic and cross-cluster traffic on the OVN node to the distributed gateway for forwarding.

在OVN节点22访问外部网络节点25时，会在OVN节点22上产生南北向流量，该南北向流量会被引导至OVN节点22上的分布式网关221中。分布式网关221控制OVN节点22上的空闲网卡作为流量出口，并根据SDN控制器21发送的流表规则来配置源地址转换(SourceNetwork Address Translation，SNAT)规则，将南北向流量直接转发至外部网络节点25处，同时配置目的地址转换(Destination Network Address Translation，DNAT)规则，将本网关地址暴露给外部网络节点25，接收外部网络节点25回复的南北向流量并转发到OVN节点22处，完成OVN节点22对外部网络节点25的访问。When the OVN node 22 accesses the external network node 25, north-south traffic will be generated on the OVN node 22, and the north-south traffic will be directed to the distributed gateway 221 on the OVN node 22. The distributed gateway 221 controls the idle network card on the OVN node 22 as a traffic egress, and configures Source Network Address Translation (SNAT) rules according to the flow table rules sent by the SDN controller 21 to directly forward the north-south traffic to the external network. At node 25, the Destination Network Address Translation (DNAT) rule is also configured to expose the gateway address to the external network node 25. It receives the north-south traffic replied by the external network node 25 and forwards it to OVN node 22 to complete OVN. Access by node 22 to external network node 25.

在OVN节点23访问OVN节点24时，由于OVN节点24并不属于OVN节点23所在的OVN网络集群，因此在OVN节点23上将产生跨集群流量以访问OVN节点24，而跨集群流量将会被引入到分布式网关231中。分布式网关231从SDN控制器21处获取跨集群转发规则和跨集群网络信息，并根据跨集群转发规则、跨集群网络信息和OVN节点24的信息，配置跨集群路由。最后，分布式网关231将跨集群流量按照跨集群路由进行转发，直接发送给OVN节点24，完成OVN节点23对OVN节点24的访问。When OVN node 23 accesses OVN node 24, since OVN node 24 does not belong to the OVN network cluster where OVN node 23 is located, cross-cluster traffic will be generated on OVN node 23 to access OVN node 24, and the cross-cluster traffic will be Introduced into distributed gateway 231. The distributed gateway 231 obtains cross-cluster forwarding rules and cross-cluster network information from the SDN controller 21, and configures cross-cluster routing based on the cross-cluster forwarding rules, cross-cluster network information, and OVN node 24 information. Finally, the distributed gateway 231 forwards the cross-cluster traffic according to the cross-cluster route and sends it directly to the OVN node 24, completing the access of the OVN node 23 to the OVN node 24.

在本发明提供的实施例中，通过SDN控制器向每个OVN节点发送流表规则，在OVN节点上新增分布式网关；将OVN节点上的南北向流量和跨集群流量引入至OVN节点上的分布式网关，通过分布式网关进行流量转发，使OVN节点访问外部网络节点和跨集群网络节点，从而将原本由集中式网关转发的流量分散到各个OVN节点的分布式网关上，OVN网络内的OVN节点能够直接从分布式网关访问外部网络节点，无需集中式网关转发，避免了性能瓶颈的问题，同时由于每个OVN节点上均设置有分布式网关，因此也避免了单点故障的问题，当一个OVN节点上的分布式网关发生故障时，不会影响到其他OVN节点。In the embodiment provided by the present invention, flow table rules are sent to each OVN node through the SDN controller, and a distributed gateway is added on the OVN node; north-south traffic and cross-cluster traffic on the OVN node are introduced to the OVN node. The distributed gateway forwards traffic through the distributed gateway, allowing OVN nodes to access external network nodes and cross-cluster network nodes, thereby dispersing the traffic originally forwarded by the centralized gateway to the distributed gateways of each OVN node. Within the OVN network The OVN node can directly access external network nodes from the distributed gateway without the need for centralized gateway forwarding, which avoids the problem of performance bottlenecks. At the same time, since each OVN node is equipped with a distributed gateway, it also avoids the problem of single point of failure. , when the distributed gateway on one OVN node fails, it will not affect other OVN nodes.

一种可能的实施方式，上述实施例中的在OVN节点上新增分布式网关，包括：在每个OVN节点上建立SDN网桥，并从流表规则中获取SDN网桥的转发规则；根据转发规则转发SDN网桥中的流量，使SDN网桥实现网关的网络互联功能。One possible implementation manner is to add a new distributed gateway on the OVN node in the above embodiment, including: establishing an SDN bridge on each OVN node, and obtaining the forwarding rules of the SDN bridge from the flow table rules; according to Forwarding rules forward traffic in the SDN bridge so that the SDN bridge can realize the network interconnection function of the gateway.

请参见图3，图3本申请实施例提供的一种OVN节点的结构示意图。其中，OVN节点22上设置有分布式网关221和在OVN节点22上增加分布式网关221的具体方法为，为OVN节点22上建立一个SDN网桥2211，用于接收SDN控制器21下发的流表规则，其中，流表规则中包含有南北向流量转发规则和跨集群流量转发规则。同时在SDN网桥2211和OVN节点22之间建立一个虚拟网线2212，该虚拟网线2212能够将南北向流量和跨集群流量引入到SDN网桥2211上。SDN网桥2211根据SDN控制器21下发的流表规则对OVN节点22发送的南北向流量和跨集群流量进行转发，从而在网络层上实现网络互联的功能，使SDN网桥2211成为OVN节点22上的分布式网关221。Please refer to Figure 3, which is a schematic structural diagram of an OVN node provided by an embodiment of the present application. Among them, the specific method of setting the distributed gateway 221 on the OVN node 22 and adding the distributed gateway 221 on the OVN node 22 is to establish an SDN bridge 2211 on the OVN node 22 for receiving the data sent by the SDN controller 21 Flow table rules, which include north-south traffic forwarding rules and cross-cluster traffic forwarding rules. At the same time, a virtual network cable 2212 is established between the SDN bridge 2211 and the OVN node 22. The virtual network cable 2212 can introduce north-south traffic and cross-cluster traffic to the SDN bridge 2211. The SDN bridge 2211 forwards the north-south traffic and cross-cluster traffic sent by the OVN node 22 according to the flow table rules issued by the SDN controller 21, thereby realizing the network interconnection function on the network layer and making the SDN bridge 2211 become an OVN node. Distributed gateway 221 on 22.

在本发明实施例中，通过在OVN节点上设置SDN网桥，并利用虚拟网线连接OVN节点和SDN网桥，将OVN节点上的南北向流量和跨集群流量引入至SDN网桥上进行流量转发，从而实现了在OVN节点上增加网关的功能，保证了OVN节点能够在网络层上与其他网络节点实现网络互联。In the embodiment of the present invention, by setting up an SDN bridge on the OVN node and using virtual network cables to connect the OVN node and the SDN bridge, the north-south traffic and cross-cluster traffic on the OVN node are introduced to the SDN bridge for traffic forwarding. , thereby realizing the function of adding a gateway to the OVN node, ensuring that the OVN node can achieve network interconnection with other network nodes at the network layer.

一种可能的实施方式，将OVN节点上的南北向流量和跨集群流量引入至OVN节点上的分布式网关，通过分布式网关进行流量转发，使OVN节点访问外部网络节点和跨集群网络节点，包括：One possible implementation method is to introduce the north-south traffic and cross-cluster traffic on the OVN node to the distributed gateway on the OVN node, and forward the traffic through the distributed gateway, so that the OVN node can access external network nodes and cross-cluster network nodes. include:

将OVN节点上的南北向流量引入至分布式网关进行流量转发，使OVN节点访问外部网络节点；将OVN节点上的跨集群流量引入至分布式网关进行流量转发，使OVN节点访问跨集群网络节点。Introduce the north-south traffic on the OVN node to the distributed gateway for traffic forwarding, so that the OVN node can access external network nodes; introduce the cross-cluster traffic on the OVN node to the distributed gateway for traffic forwarding, so that the OVN node can access cross-cluster network nodes. .

在上述图3的分布式网关221上，分布式网关221根据SDN控制器21下发的南北向流量转发规则，控制OVN节点22上的空闲网卡作为流量出口，同时在二层网络上设置一个逻辑交换机出口，分布式网关221将自身和OVN节点22上的逻辑网卡进行绑定。当虚拟网线2212将OVN节点22发送的南北向流量发送给分布式网关221时，将南北向流量的下一跳地址设置为OVN节点22上逻辑网卡的地址；最后根据南北向流量转发规则对分布式网关221上的南北向流量进行流量转发，从而实现OVN节点22访问外部网络节点的功能。On the distributed gateway 221 in Figure 3 above, the distributed gateway 221 controls the idle network card on the OVN node 22 as a traffic egress according to the north-south traffic forwarding rules issued by the SDN controller 21, and at the same time sets a logical At the switch egress, the distributed gateway 221 binds itself to the logical network card on the OVN node 22 . When the virtual network cable 2212 sends the north-south traffic sent by the OVN node 22 to the distributed gateway 221, the next hop address of the north-south traffic is set to the address of the logical network card on the OVN node 22; finally, the distribution is configured according to the north-south traffic forwarding rules. The north-south traffic on the gateway 221 is forwarded, thereby realizing the function of the OVN node 22 accessing external network nodes.

当虚拟网线2212将OVN节点22发送的跨集群流量发送给分布式网关221时，先从SDN控制器21处获取跨集群流量转发规则。SDN控制器21会通过openflows协议从OVN集群中获取跨集群互联网络信息，然后根据OVN节点22访问跨集群网络节点时的业务类型、租户配置和租户网络信息等信息，生成跨集群网络转发规则，该跨集群流量转发规则中包括有用于跨集群通信所使用的overlay网络的overlay封装方式，跨集群网络节点信息等。随后，分布式网关会根据跨集群流量转发规则配置跨集群网络路由，根据实际需求，分布式网关221可以选择配置跨集群网络静态路由或者是配置路由自学习流表，自动获取跨集群网络转发路由。最后，分布式网关221根据跨集群流量转发规则和跨集群网络路由将跨集群流量转发至跨集群网络节点处，完成OVN节点22和跨集群网络接点的通信。When the virtual network cable 2212 sends the cross-cluster traffic sent by the OVN node 22 to the distributed gateway 221, it first obtains the cross-cluster traffic forwarding rules from the SDN controller 21. The SDN controller 21 will obtain cross-cluster interconnection network information from the OVN cluster through the openflows protocol, and then generate cross-cluster network forwarding rules based on the business type, tenant configuration, tenant network information and other information when the OVN node 22 accesses the cross-cluster network node. The cross-cluster traffic forwarding rules include the overlay encapsulation method of the overlay network used for cross-cluster communication, cross-cluster network node information, etc. Subsequently, the distributed gateway will configure cross-cluster network routing according to the cross-cluster traffic forwarding rules. Based on actual needs, the distributed gateway 221 can choose to configure cross-cluster network static routing or configure a routing self-learning flow table to automatically obtain cross-cluster network forwarding routes. . Finally, the distributed gateway 221 forwards the cross-cluster traffic to the cross-cluster network node according to the cross-cluster traffic forwarding rules and the cross-cluster network routing, completing the communication between the OVN node 22 and the cross-cluster network node.

在本发明实施例中，分布式网关在获取了南北向流量和跨集群流量之后，分别根据南北向流量转发规则和跨集群流量转发规则进行流量转发，从而让分布式网关所在的OVN节点能够直接和外部网络节点、跨集群网络节点进行通信。In the embodiment of the present invention, after obtaining the north-south traffic and cross-cluster traffic, the distributed gateway forwards the traffic according to the north-south traffic forwarding rules and the cross-cluster traffic forwarding rules respectively, so that the OVN node where the distributed gateway is located can directly Communicate with external network nodes and cross-cluster network nodes.

一种可能的实施方式，将OVN节点上的南北向流量引入至分布式网关进行流量转发，包括：A possible implementation method is to introduce the north-south traffic on the OVN node to the distributed gateway for traffic forwarding, including:

在流表规则中获取NAT规则，为分布式网关绑定浮动IP地址；利用分布式网关控制OVN节点上的空闲逻辑网卡，根据NAT规则和浮动IP地址转发OVN节点上的南北向流量，使OVN节点访问外部网络节点。Obtain the NAT rules in the flow table rules and bind the floating IP address to the distributed gateway; use the distributed gateway to control the idle logical network card on the OVN node, and forward the north-south traffic on the OVN node according to the NAT rules and floating IP address, so that OVN Node accesses external network nodes.

例如，请参见图2中的例子，OVN节点22访问外部网络节点25时，OVN节点22上的分布式网关221先从SDN控制器下发的流表规则中，获取NAT规则。然后分布式网关221根据NAT规则，为OVN节点22配置浮动IP地址为192.168.0.1，使得外部网络节点25能够通过浮动IP地址192.168.0.1访问OVN节点22。最后，分布式网关221根据NAT规则将南北向流量进行转发，直接发送给外部网络节点25，实现OVN节点22对外部网络节点25的访问。For example, please refer to the example in Figure 2. When the OVN node 22 accesses the external network node 25, the distributed gateway 221 on the OVN node 22 first obtains the NAT rules from the flow table rules issued by the SDN controller. Then the distributed gateway 221 configures the floating IP address for the OVN node 22 as 192.168.0.1 according to the NAT rules, so that the external network node 25 can access the OVN node 22 through the floating IP address 192.168.0.1. Finally, the distributed gateway 221 forwards the north-south traffic according to NAT rules and sends it directly to the external network node 25, thereby enabling the OVN node 22 to access the external network node 25.

在本发明实施例中，OVN节点直接通过其上设置的分布式网关转发南北向流量，无需使用集中式网关，避免了性能瓶颈和单点故障的问题，同时，转发规则由SDN控制器直接下发至对应的OVN节点的分布式网关上，极大的缩减了OVN流表数量，提升流表查找效率，避免无效流表引发性能下降，实现流表精准、最小化配置。In the embodiment of the present invention, the OVN node directly forwards north-south traffic through the distributed gateway set on it, without using a centralized gateway, avoiding the problems of performance bottlenecks and single points of failure. At the same time, the forwarding rules are directly downloaded by the SDN controller. It is sent to the distributed gateway of the corresponding OVN node, which greatly reduces the number of OVN flow tables, improves flow table search efficiency, avoids performance degradation caused by invalid flow tables, and achieves accurate and minimal configuration of flow tables.

一种可能的实施方式，根据NAT规则和浮动IP地址转发OVN节点上的南北向流量，使OVN节点访问外部网络节点，包括：A possible implementation method is to forward north-south traffic on the OVN node according to NAT rules and floating IP addresses, so that the OVN node can access external network nodes, including:

在OVN节点上创建虚拟网线，虚拟网线连接OVN节点和OVN节点上的分布式网关，绑定OVN节点的逻辑网卡和分布式网关上的虚拟网卡；根据NAT规则，使用虚拟网卡根据浮动IP地址跨集群转发逻辑网卡上的南北向流量，使逻辑网卡上的南北向流量被转发至外部网络节点处。Create a virtual network cable on the OVN node. The virtual network cable connects the OVN node and the distributed gateway on the OVN node, and binds the logical network card of the OVN node and the virtual network card on the distributed gateway. According to NAT rules, use the virtual network card to cross The cluster forwards north-south traffic on the logical network card so that the north-south traffic on the logical network card is forwarded to external network nodes.

例如，如图3中的例子，OVN节点22上的分布式网关221通过虚拟网线2212连接OVN节点22，并获取OVN节点22上的南北向流量。分布式网关221将自身的虚拟网卡和OVN节点22的逻辑网卡绑定在一起，以OVN节点22的逻辑网卡作为流量出口。最后，分布式网关221根据SDN控制器21下发的NAT规则，使用分布式网关221上的虚拟网卡，以浮动IP地址作为OVN节点22的地址，将OVN节点的逻辑网卡上南北向流量转发给外部网络节点25处。For example, as shown in Figure 3, the distributed gateway 221 on the OVN node 22 connects to the OVN node 22 through the virtual network cable 2212, and obtains the north-south traffic on the OVN node 22. The distributed gateway 221 binds its own virtual network card and the logical network card of the OVN node 22 together, and uses the logical network card of the OVN node 22 as a traffic outlet. Finally, the distributed gateway 221 uses the virtual network card on the distributed gateway 221 according to the NAT rules issued by the SDN controller 21, and uses the floating IP address as the address of the OVN node 22 to forward the north-south traffic on the logical network card of the OVN node to 25 external network nodes.

在实际应用中，上述方法具体执行为，首先OVN节点在L2网络上创建逻辑交换机端口，创建为localport类型的logical switch port(p1)；然后再创建虚拟网线veth-pair(sw-int/sw-sdn)，其中sw-int端接入到网桥br-int端，sw-sdn端接入到网桥br-sdn端；最后配置分布式网关上的虚拟网卡的sw-int端和OVN逻辑网卡p1端之间的绑定关系，并将南北向流量的下一跳地址设置为p1地址。In practical applications, the above method is specifically executed as follows: first, the OVN node creates a logical switch port on the L2 network as a logical switch port (p1) of the localport type; and then creates a virtual network cable veth-pair (sw-int/sw- sdn), where the sw-int end is connected to the br-int end of the bridge, and the sw-sdn end is connected to the br-sdn end of the bridge; finally, the sw-int end and OVN logical network card of the virtual network card on the distributed gateway are configured. Binding relationship between p1 ends, and set the next hop address of north-south traffic to the p1 address.

在本发明实施例中，OVN节点通过分布式网关直接转发南北向流量访问外部网络节点，从而避免了使用集中式网关，避免了性能瓶颈和单点故障的问题，并且转发规则采用SDN控制器进行业务编排和规则配置，可灵活配置多样化的自定义业务功能，支持自定义跨集群转发逻辑。In the embodiment of the present invention, the OVN node directly forwards north-south traffic to access external network nodes through distributed gateways, thereby avoiding the use of centralized gateways, avoiding performance bottlenecks and single point failures, and the forwarding rules are implemented using SDN controllers. Business orchestration and rule configuration can flexibly configure diverse custom business functions and support custom cross-cluster forwarding logic.

一种可能的实施方式，将OVN节点上的跨集群流量引入至分布式网关进行流量转发，使OVN节点访问跨集群网络节点，包括：One possible implementation method is to introduce the cross-cluster traffic on the OVN node to the distributed gateway for traffic forwarding, so that the OVN node can access the cross-cluster network node, including:

根据NAT规则，获取跨集群流量转发规则；为OVN节点配置路由，根据跨集群流量转发规则转发跨集群流量，访问跨集群网络节点。Obtain cross-cluster traffic forwarding rules according to NAT rules; configure routes for OVN nodes, forward cross-cluster traffic according to cross-cluster traffic forwarding rules, and access cross-cluster network nodes.

例如，请参见图2中的例子，当OVN节点23访问OVN节点24时，由于OVN节点23和OVN节点24并不属于同一OVN网络，因此在OVN节点23上生成了跨集群流量，并将跨集群流量通过分布式网关231进行转发。当分布式网关231接收到跨集群流量后，先在SDN控制器21下发的NAT规则中获取跨集群流量转发规则；然后为OVN节点23配置跨集群网络静态路由，并将下一跳地址设置为OVN节点23的逻辑网卡的地址。最后根据跨集群流量转发规则转发跨集群流量给OVN节点24，并利用跨集群网络静态路由接收来自OVN节点24的跨集群流量，完成OVN节点23的跨集群访问。For example, see the example in Figure 2. When OVN node 23 accesses OVN node 24, since OVN node 23 and OVN node 24 do not belong to the same OVN network, cross-cluster traffic is generated on OVN node 23 and will cross Cluster traffic is forwarded through distributed gateway 231. When the distributed gateway 231 receives cross-cluster traffic, it first obtains the cross-cluster traffic forwarding rules from the NAT rules issued by the SDN controller 21; then configures a cross-cluster network static route for the OVN node 23, and sets the next hop address It is the address of the logical network card of OVN node 23. Finally, the cross-cluster traffic is forwarded to the OVN node 24 according to the cross-cluster traffic forwarding rules, and the cross-cluster traffic from the OVN node 24 is received using the cross-cluster network static route to complete the cross-cluster access of the OVN node 23.

在实际应用中，为OVN节点配置路由可以有两种方法，一种是直接配置为跨集群网络静态路由，另一种是配置路由自学习流表，让OVN节点上的分布式网关自行学习获取跨集群网络转发路由。In practical applications, there are two ways to configure routing for OVN nodes. One is to directly configure it as a cross-cluster network static route, and the other is to configure a routing self-learning flow table so that the distributed gateway on the OVN node can learn and obtain it by itself. Forward routes across cluster networks.

在本发明实施例中，OVN节点上的分布式网关能够根据SDN控制下发的NAT规则获取跨集群转发规则，并为OVN节点配置路由，从而将OVN节点上的跨集群流量直接转发至跨集群网络节点处，无需有OVN跨集群网关和OVN跨集群互联控制器等中间环节中转，简化跨集群流量转发流程，流量从分布式网关发出，可直接到达对端集群节点或网关上，转发流程更简洁，性能更高。In the embodiment of the present invention, the distributed gateway on the OVN node can obtain the cross-cluster forwarding rules according to the NAT rules issued by SDN control, and configure routing for the OVN node, thereby directly forwarding the cross-cluster traffic on the OVN node to the cross-cluster At the network node, there is no need for intermediate links such as OVN cross-cluster gateways and OVN cross-cluster interconnection controllers, which simplifies the cross-cluster traffic forwarding process. Traffic sent from the distributed gateway can directly reach the opposite cluster node or gateway, and the forwarding process is more streamlined. Simple, higher performance.

一种可能的实施方式，根据NAT规则，获取跨集群流量转发规则，包括：One possible implementation method is to obtain cross-cluster traffic forwarding rules based on NAT rules, including:

SDN控制器从跨集群网络中获取跨集群网络的网络信息，根据网络信息生成跨集群转发逻辑；将网络信息和跨集群转发逻辑下发至OVN节点上的分布式网关处，让OVN节点上的分布式网关根据网络信息和跨集群转发逻辑，生成跨集群流量转发规则。The SDN controller obtains the network information of the cross-cluster network from the cross-cluster network, and generates cross-cluster forwarding logic based on the network information; it sends the network information and cross-cluster forwarding logic to the distributed gateway on the OVN node, so that the The distributed gateway generates cross-cluster traffic forwarding rules based on network information and cross-cluster forwarding logic.

例如，请参见图2中的例子，在OVN节点23访问OVN节点24之前，SDN控制器21会先通过openflows协议与OVN节点24所在的OVN网络进行交互，获取跨集群网络节点信息；然后根据OVN节点23访问OVN节点24时的业务类型、租户配置和租户网络信息，配合跨集群网络节点信息生成跨集群流量转发规则；最后将跨集群流量转发规则发送给OVN节点23上的分布式网关231处。在跨集群流量转发规则中包含有转发跨集群流量时需要使用的overlay封装方式和跨集群网络节点信息。For example, please see the example in Figure 2. Before OVN node 23 accesses OVN node 24, SDN controller 21 will first interact with the OVN network where OVN node 24 is located through the openflows protocol to obtain cross-cluster network node information; then according to OVN The business type, tenant configuration and tenant network information when node 23 accesses OVN node 24, combined with the cross-cluster network node information to generate cross-cluster traffic forwarding rules; finally, the cross-cluster traffic forwarding rules are sent to the distributed gateway 231 on OVN node 23 . Cross-cluster traffic forwarding rules include the overlay encapsulation method and cross-cluster network node information that need to be used when forwarding cross-cluster traffic.

在实际应用中，上述方法具体执行为，首先由OVN节点在L2网络上创建逻辑交换机端口localport类型的logical switch port(p1)；然后在OVN节点上创建虚拟网线veth-pair(sw-int/sw-sdn)，其中sw-int端接入到网桥br-int端，sw-sdn端接入到网桥br-sdn端；最后配置分布式网关上的虚拟网卡的sw-int端和OVN逻辑网卡p1端之间的绑定关系。而在跨集群流量转发中，转发路由有两种获取方式，一种是配置为静态路由，下一跳地址设置为p1地址；另一种是配置路由自学习流表，从而让分布式网关自动获取跨集群转发路由。In practical applications, the above method is specifically executed as follows: first, the OVN node creates a logical switch port localport type logical switch port (p1) on the L2 network; then creates a virtual network cable veth-pair (sw-int/sw) on the OVN node -sdn), where the sw-int end is connected to the br-int end of the bridge, and the sw-sdn end is connected to the br-sdn end of the bridge; finally, the sw-int end and OVN logic of the virtual network card on the distributed gateway are configured The binding relationship between the p1 ends of the network card. In cross-cluster traffic forwarding, there are two ways to obtain the forwarding route. One is to configure it as a static route and set the next hop address to the p1 address; the other is to configure the route self-learning flow table so that the distributed gateway can automatically Get cross-cluster forwarding routes.

在本发明实施例中，分布式网关能够从SDN控制器处获取跨集群流量转发规则，SDN控制器在生成跨集群流量转发规则时，对跨集群网络节点没有要求，不要求对端集群网络是OVN方案，可自由与任何集群实现跨集群网络，解除OVN集群只能与OVN集群互通的限制；同时，跨集群流量转发规则能够根据用户需求进行自定义，例如根据应用场景自主选择overlay封装格式，能够提高跨集群互联兼容性。In the embodiment of the present invention, the distributed gateway can obtain the cross-cluster traffic forwarding rules from the SDN controller. When the SDN controller generates the cross-cluster traffic forwarding rules, it has no requirements for the cross-cluster network nodes and does not require the opposite cluster network to be The OVN solution can freely implement cross-cluster networks with any cluster, eliminating the restriction that OVN clusters can only communicate with OVN clusters. At the same time, cross-cluster traffic forwarding rules can be customized according to user needs, such as independently selecting the overlay encapsulation format according to application scenarios. Able to improve cross-cluster interconnection compatibility.

基于同一发明构思，本申请提供一种OVN网络，请参见图4，该OVN网络包括：Based on the same inventive concept, this application provides an OVN network. Please refer to Figure 4. The OVN network includes:

SDN控制器401，用于向OVN网络中的每个OVN节点402发送流表规则；SDN controller 401 is used to send flow table rules to each OVN node 402 in the OVN network;

OVN节点402，OVN节点402上设置有分布式网关4021，分布式网关4021根据流表规则对OVN节点402上的南北向流量和跨集群流量进行流量转发，使OVN节点402访问外部网络节点和跨集群网络节点。OVN node 402. A distributed gateway 4021 is provided on the OVN node 402. The distributed gateway 4021 forwards the north-south traffic and cross-cluster traffic on the OVN node 402 according to the flow table rules, so that the OVN node 402 can access external network nodes and cross-cluster traffic. Cluster network nodes.

一种可能的实施方式，SDN控制器401用于：In a possible implementation, the SDN controller 401 is used for:

在每个OVN节点402上建立SDN网桥，并从流表规则中获取SDN网桥的转发规则；根据转发规则转发SDN网桥中的流量，使SDN网桥实现网关的网络互联功能。An SDN bridge is established on each OVN node 402, and the forwarding rules of the SDN bridge are obtained from the flow table rules; the traffic in the SDN bridge is forwarded according to the forwarding rules, so that the SDN bridge realizes the network interconnection function of the gateway.

一种可能的实施方式，OVN节点402用于：In a possible implementation, the OVN node 402 is used for:

将南北向流量引入至分布式网关4021进行流量转发，使OVN节点402访问外部网络节点；Introduce north-south traffic to the distributed gateway 4021 for traffic forwarding, allowing the OVN node 402 to access external network nodes;

将跨集群流量引入至分布式网关4021进行流量转发，使OVN节点402访问跨集群网络节点。Introduce cross-cluster traffic to the distributed gateway 4021 for traffic forwarding, so that the OVN node 402 can access the cross-cluster network node.

在流表规则中获取NAT规则，为分布式网关绑定浮动IP地址；Obtain the NAT rules in the flow table rules and bind the floating IP address to the distributed gateway;

利用分布式网关4021控制OVN节点402上的空闲逻辑网卡，根据NAT规则转发OVN节点402上的南北向流量，使OVN节点402访问外部网络节点。Use the distributed gateway 4021 to control the idle logical network card on the OVN node 402, and forward the north-south traffic on the OVN node 402 according to NAT rules, so that the OVN node 402 can access external network nodes.

创建虚拟网线，虚拟网线连接OVN节点402和OVN节点402上的分布式网关4021，绑定OVN节点402的逻辑网卡和分布式网关上的虚拟网卡；Create a virtual network cable, which connects the OVN node 402 and the distributed gateway 4021 on the OVN node 402, and binds the logical network card of the OVN node 402 and the virtual network card on the distributed gateway;

根据NAT规则，使用虚拟网卡根据浮动IP地址转发OVN节点402上的南北向流量，使逻辑网卡上的南北向流量通过虚拟网卡转发至外部网络节点处。According to the NAT rules, the virtual network card is used to forward the north-south traffic on the OVN node 402 according to the floating IP address, so that the north-south traffic on the logical network card is forwarded to the external network node through the virtual network card.

根据NAT规则，获取跨集群流量转发规则；Obtain cross-cluster traffic forwarding rules based on NAT rules;

配置路由，根据跨集群流量转发规则转发跨集群流量，访问跨集群网络节点。Configure routing, forward cross-cluster traffic according to cross-cluster traffic forwarding rules, and access cross-cluster network nodes.

SDN控制器从跨集群网络中获取跨集群网络的网络信息，根据网络信息生成跨集群转发逻辑；The SDN controller obtains the network information of the cross-cluster network from the cross-cluster network and generates cross-cluster forwarding logic based on the network information;

将网络信息和跨集群转发逻辑下发至OVN节点402上的分布式网关4021处，让OVN节点402上的分布式网关4021根据网络信息和跨集群转发逻辑，生成跨集群流量转发规则。Send the network information and cross-cluster forwarding logic to the distributed gateway 4021 on the OVN node 402, and let the distributed gateway 4021 on the OVN node 402 generate cross-cluster traffic forwarding rules based on the network information and cross-cluster forwarding logic.

基于同一发明构思，本发明一实施例提供一种配置分布式网关的装置，包括：Based on the same inventive concept, one embodiment of the present invention provides a device for configuring a distributed gateway, including:

至少一个处理器，处理器用于执行存储器中存储的计算机程序时实现本申请实施例提供的如上的配置分布式网关的步骤。At least one processor, the processor is configured to implement the above steps of configuring the distributed gateway provided by the embodiments of the present application when executing the computer program stored in the memory.

可选的，处理器具体可以是中央处理器、特定应用集成电路(英文：ApplicationSpecific Integrated Circuit，简称：ASIC)，可以是一个或多个用于控制程序执行的集成电路。Optionally, the processor may be a central processing unit, an application specific integrated circuit (English: Application Specific Integrated Circuit, ASIC for short), or one or more integrated circuits for controlling program execution.

可选的，该数据完整性保护的设备还包括与至少一个处理器连接的存储器，存储器可以包括只读存储器(英文：Read Only Memory，简称：ROM)、随机存取存储器(英文：Random Access Memory，简称：RAM)和磁盘存储器。存储器用于存储处理器运行时所需的数据，即存储有可被至少一个处理器执行的指令，至少一个处理器通过执行存储器存储的指令，执行如上的配置分布式网关或标准数据注解所示的方法。其中，存储器的数量为一个或多个。Optionally, the data integrity protection device also includes a memory connected to at least one processor. The memory may include a read-only memory (English: Read Only Memory, abbreviated as: ROM), a random access memory (English: Random Access Memory). , abbreviation: RAM) and disk storage. The memory is used to store the data required when the processor is running, that is, it stores instructions that can be executed by at least one processor. At least one processor executes the above configuration of the distributed gateway or standard data annotation by executing the instructions stored in the memory. Methods. The number of memories is one or more.

本申请实施例还提供一种计算机存储介质，其中，计算机存储介质存储有计算机指令，当计算机指令在计算机上运行时，使得计算机执行如上的配置分布式网关的方法的步骤。Embodiments of the present application also provide a computer storage medium, wherein the computer storage medium stores computer instructions. When the computer instructions are run on the computer, the computer is caused to perform the above steps of the method for configuring a distributed gateway.

本领域内的技术人员应明白，本申请的实施例可提供为方法、系统、或计算机程序产品。因此，本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will understand that embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

显然，本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样，倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内，则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the spirit and scope of the present application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and equivalent technologies, the present application is also intended to include these modifications and variations.