Disclosure of Invention
One or more embodiments of the present disclosure provide a method for delivering a virtual private network, which is used to solve the following technical problems: how to provide a virtual private network issuing method capable of being deployed automatically, and solve the problem of reasonable distribution and control of network resources.
One or more embodiments of the present disclosure adopt the following technical solutions:
one or more embodiments of the present disclosure provide a method for delivering a virtual private network, where the method includes:
The park network controller determines a network resource range corresponding to the current three-layer network, so as to initialize a network resource pool based on the network resource range and obtain an initialized resource pool;
Establishing a virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
according to the service network resources corresponding to the virtual private network, the initialization resource pool is adjusted to obtain a current resource pool;
Acquiring network resources corresponding to each switch when communicating, so as to allocate the corresponding network resources to each switch based on the current resource pool, thereby realizing the communication of each switch;
Issuing a deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch realizes the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
Optionally, in one or more embodiments of the present disclosure, before determining a network resource range corresponding to the current three-layer network to initialize a network resource pool based on the network resource range, the method further includes:
Network connection is carried out on each switch device based on a preset networking structure so as to build a three-layer network;
managing the composed switches of the three-layer network based on an equipment management module, and acquiring the topology structure among all the equipment in a preset networking structure based on a preset topology management module;
and determining whether the three-layer network accords with planning or not based on the topological structure and the actual topological structure corresponding to the three-layer network.
Optionally, in one or more embodiments of the present disclosure, after determining whether the three-layer network conforms to the plan based on the topology and an actual topology corresponding to the three-layer network, the method further includes:
If not, obtaining a differential wiring of the topological structure and the actual topological structure;
and adjusting the wiring positions of the differential wirings based on the wirings corresponding to the topological structures so as to enable the actual topological structures to accord with planning.
Optionally, in one or more embodiments of the present disclosure, the adjusting the initialization resource pool according to the service network resource corresponding to the virtual private network to obtain a current resource pool specifically includes:
Acquiring service network resources corresponding to the virtual private network, and determining whether the service network resources conflict with network resources in the initialization resource pool;
if yes, network resources with conflicts exist in the initialization resource pool are obtained, and the network resources with conflicts are adjusted to be in a forbidden state, so that adjustment of the initialization resource pool is achieved, and a current resource pool is obtained.
Optionally, in one or more embodiments of the present disclosure, before the acquiring the network resources corresponding to each switch when performing communication, so as to allocate the corresponding network resources to each switch based on the current resource pool, so as to implement communication of each switch, the method further includes:
And calculating the number of the network resources through the current resource pool so as to determine whether the number of the network resources is qualified or not based on the virtual private network, and if not, adjusting the current resource pool to enter a capacity expansion working state.
Optionally, in one or more embodiments of the present disclosure, after the issuing of the deployment command to each switch in the three-layer network, the method further includes:
If the deployment command is successfully issued, the switch deploys the virtual private network based on the deployment command;
And if the deployment command fails to be issued, rolling back the deployment of the virtual private network based on the deployment command, so that the current resource pool releases network resources corresponding to the deployment configuration of the deployment command.
Optionally, in one or more embodiments of the present specification, after the enabling the switch to implement the configuration of the virtual private network based on the deployment command, the method further includes:
recording the network resource use state in the current resource pool, and updating the network resource use state in response to the configuration condition of the virtual private network;
Uploading the updated network resource use state to a preset resource pool management module so as to visually display the updated network resource use state based on the preset resource pool management module.
One or more embodiments of the present disclosure provide a virtual private network issuing device, where the device includes:
the initialization module is used for determining a network resource range corresponding to the current three-layer network by the park network controller so as to initialize a network resource pool based on the network resource range and obtain an initialized resource pool;
The establishing module is used for establishing the virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
the adjustment module is used for adjusting the initialization resource pool according to the service network resources corresponding to the virtual private network to obtain a current resource pool;
The distribution module is used for acquiring network resources corresponding to each switch when the switches communicate so as to distribute the corresponding network resources to each switch based on the current resource pool to realize the communication of each switch;
The issuing module is used for issuing the deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch can realize the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
One or more embodiments of the present disclosure provide a virtual private network issuing device, where the device includes:
At least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores instructions executable by the at least one processor to enable the at least one processor to:
The park network controller determines a network resource range corresponding to the current three-layer network, so as to initialize a network resource pool based on the network resource range and obtain an initialized resource pool;
Establishing a virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
according to the service network resources corresponding to the virtual private network, the initialization resource pool is adjusted to obtain a current resource pool;
Acquiring network resources corresponding to each switch when communicating, so as to allocate the corresponding network resources to each switch based on the current resource pool, thereby realizing the communication of each switch;
Issuing a deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch realizes the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
One or more embodiments of the present specification provide a non-volatile computer storage medium storing computer-executable instructions configured to:
The park network controller determines a network resource range corresponding to the current three-layer network, so as to initialize a network resource pool based on the network resource range and obtain an initialized resource pool;
Establishing a virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
according to the service network resources corresponding to the virtual private network, the initialization resource pool is adjusted to obtain a current resource pool;
Acquiring network resources corresponding to each switch when communicating, so as to allocate the corresponding network resources to each switch based on the current resource pool, thereby realizing the communication of each switch;
Issuing a deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch realizes the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
The above-mentioned at least one technical scheme that this description embodiment adopted can reach following beneficial effect:
The resource allocation based on the resource pool enables the virtual network configuration to be supported by the resources in the virtual network configuration issuing process, and efficient configuration issuing is achieved. The initialization resource pool is adjusted to avoid the problem of adverse effect on the services of the virtual private network when the network resources in the resource pool conflict with the service network resources corresponding to the services of the virtual private network. Through the virtual private network issuing process based on the configuration command, the problems that the manual allocation of network resources by a network engineer is low in efficiency, the reasonable utilization of the resources is difficult, and the labor cost is high are solved.
Detailed Description
The embodiment of the specification provides a method, a device, equipment and a medium for issuing a virtual private network.
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present disclosure.
As shown in fig. 1, the embodiment of the present disclosure provides a method flow diagram of a method for issuing a virtual private network. As can be seen from fig. 1, the campus network controller is the execution subject of the following method, which includes the following steps:
S101: the park network controller determines a network resource range corresponding to the current three-layer network, so as to initialize the network resource pool based on the network resource range and obtain an initialized resource pool.
In order to enable the virtual network configuration to be supported by resources in the virtual network configuration issuing process, efficient configuration issuing is achieved. In one or more embodiments of the present disclosure, a network resource range corresponding to a current three-layer network is determined by a campus network controller, so that a network resource pool is initialized according to the network resource range, and an initialized resource pool is obtained. The initialization process of the resource pool can be completed by inputting various network resource ranges available for the current three-layer network into the resource pool, and the initialized resource pool is obtained.
Further, in order to implement the overall configuration of the virtual private network for the three-layer network, in one or more embodiments of the present disclosure, before determining the network resource range corresponding to the current three-layer network to initialize the network resource pool based on the network resource range, the method further includes the following procedures:
Firstly, network connection is performed on each switch device according to a preset networking structure to build a three-layer network, and fig. 2 is a schematic structural diagram of a three-layer network topology of a park in an application scenario provided in one or more embodiments of the present disclosure. After the three-layer network is built, the component switches of the three-layer network are managed based on a preset device management module, and the topology structure among all devices in the preset networking structure is obtained based on the preset topology management module. And comparing the topological structure among the devices in the preset networking structure with the actual topological structure corresponding to the constructed three-layer network, thereby determining whether the constructed three-layer network accords with the planning. By comparing the structures of the three layers of networks to determine whether the network meets the planning, the problem that flow intercommunication is affected when the wiring of the switch is different from the topology is solved. When the component switches of the three-layer network are managed based on the preset device management module, related functions such as LLDP are started, the managed switch devices can automatically adapt configuration commands according to the device types, and the commands of the switches can be conveniently issued by the follow-up controllers.
Further, in order to avoid the problem that the connection of the switch is different from the topology structure, the flow intercommunication is affected. In one or more embodiments of the present disclosure, after determining whether the three-layer network conforms to the plan based on the topology and the actual topology corresponding to the three-layer network, the method further includes the following process:
If the three-layer network is determined to be out of compliance with the planning, that is, if the topology structure among the devices in the preset networking structure is different from the actual topology structure corresponding to the three-layer network, the differential wiring between the topology structure and the actual topology structure is obtained. And adjusting the wiring positions of the differential wirings based on the wirings corresponding to the topological structures so as to enable the actual topological structures to accord with planning.
S102: establishing a virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information.
In order to solve the problem that people face the complicated switch and personal computer connected by the complicated physical network lines due to the excessively complex network structure in the campus network, in one or more embodiments of the present disclosure, a virtual private network corresponding to the three-layer network is configured and established on the campus network controller according to the virtual private network key information corresponding to the three-layer network. The virtual private network key information includes: service IP network segment, service VLAN information, OSPF information, etc.
S103: and adjusting the initialization resource pool according to the service network resources corresponding to the virtual private network to obtain a current resource pool.
In order to avoid the influence of conflict between network resources in the resource pool and service network resources corresponding to the services of the virtual private network on the services. In the embodiment of the present disclosure, the initialization resource pool is adjusted according to the service network resources corresponding to the virtual private network, so as to obtain the current resource pool. Specifically, in one or more embodiments of the present disclosure, according to a service network resource corresponding to a virtual private network, an initialization resource pool is adjusted to obtain a current resource pool, which specifically includes the following steps:
Firstly, service network resources corresponding to a virtual private network are acquired, and whether the conflict exists between the service network resources and network resources in an initialization resource pool or not is determined. For example, there is a problem that may cause network congestion when there is a communication resource collision, and the like. If the two are determined to have resource conflict, the network resources with conflict in the initialized resource pool are acquired, and the network resources with conflict are adjusted to be in a forbidden state, so that the initialized resource pool is adjusted, and the current resource pool is acquired. If the business network resource of the virtual private network conflicts with the network resource in the resource pool, the network resource with conflict in the resource pool is forbidden, and the corresponding network resource in the resource pool is not re-started until the business network resource with conflict in the virtual private network and the network resource in the resource pool are changed or deleted. By the method, the resource pool resources are isolated from the service network resources of the virtual private network, and adverse effects caused by resource conflict are effectively prevented.
S104: and acquiring network resources corresponding to each switch when the switches communicate, so as to allocate the corresponding network resources to each switch based on the current resource pool, thereby realizing the communication of each switch.
In order to solve the problems that the manual distribution of network resources by network engineers is low in efficiency, the reasonable utilization of the resources is difficult and the labor cost is high. In the embodiment of the specification, the corresponding network resources are distributed to each switch through the current resource pool by acquiring the corresponding network resources when each switch communicates, so that the communication among the switches is opened. Specifically, in one or more embodiments of the present disclosure, before acquiring network resources corresponding to each switch when the switches perform communication, so as to allocate the corresponding network resources to each switch based on the current resource pool, so as to implement communication of each switch, the method further includes: and calculating the number of the network resources through the current resource pool, so that the virtual private network determines whether the number of the network resources is qualified. If the number of network resources in the current resource pool can not be met, the number of network resources required by the deployment of the virtual private network, namely, when the virtual private network determines that the number of network resources is unqualified, the current resource pool is adjusted to enter a capacity expansion working state. By means of automatic capacity expansion processing of the resource pool, a series of operations such as rollback and the like when the switch deploys the virtual private network are reduced, and system pressure of the controller can be effectively reduced.
S105: issuing a deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch realizes the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
After the communication between the switches is opened based on the step S104, in order to implement automatic delivery of the virtual private network, in the embodiment of the present disclosure, the campus network controller delivers the deployment command to each switch in the three-layer network, and according to the role to which the switch belongs, for example: the core equipment, the convergence equipment, the switching equipment and the like distribute the deployment command, so that the switch realizes the configuration operation of the virtual private network according to the deployment command. The network resources required in the issuing process of the virtual private network are all self-distributed by the resource pool, so that the problem of low efficiency of network engineering division headquarters deployment is solved.
Further, in order to realize multiplexing of network resources, waste of resources is reduced. In one or more embodiments of the present disclosure, after issuing the deployment command to each switch in the three-layer network, the method further includes the following steps:
If the deployment command is successfully issued, the switch performs deployment of the virtual private network based on the deployment command, and the switch successfully issues the configuration or counts the traffic intercommunication of the terminals. If the deployment command fails to be issued, the deployment of the virtual private network is rolled back according to the deployment command, so that the network resources corresponding to the deployment configuration of the deployment command are released from the current resource pool, multiplexing of the network resources is realized, and waste of the resources is reduced.
Further, intervention and customization of networking is implemented in order to allow a network administrator to view the network resource occupancy details. In one or more embodiments of the present specification, after having the switch implement the configuration of the virtual private network based on the deployment command, the method further includes the steps of: and recording the network resource use state in the current resource pool, and updating the network resource use state in response to the configuration condition of the virtual private network. Uploading the updated network resource use state to a preset resource pool management module so as to visually display the updated network resource use state based on the preset resource pool management module.
As shown in fig. 2, one or more embodiments of the present disclosure provide a schematic structural diagram of a campus three-layer network topology in an application scenario. Based on the figure, in one embodiment of the application scenario in this specification, the campus network controller includes a device management module, a topology management module, a resource pool management module, a resource configuration module, and a virtual private network management module. The device management module is mainly used for all switch devices of the nano tube network, and can adapt commands to all core, convergence and access devices. After a network administrator plans a networking structure and powers on, the network administrator can directly conduct nano-tube equipment through the equipment management module of the controller. The topology management module is mainly used for checking the topology structure of the networking in the controller, and a network administrator can adjust and plan the topology structure by himself. However, to ensure flow intercommunication, the actual topology of the networking equipment is the same as the planning topology, and whether networking wiring accords with expectations or planning can be checked according to the planning topology display and the actual topology of the equipment. The resource pool management module is mainly used for initializing the resource pool and visualizing the resource pool. The resource initialization can be performed according to a network resource range specified by a network administrator. The network resource detail is visualized, and a network administrator can check the network resource occupation detail. The resource allocation module is mainly used for network administrators to allocate, intervene, customize and use network resources and other operations of the service resources required by the virtual private network established by the networking. The virtual private network management module is mainly used for managing all virtual private networks under the networking and performing deployment, editing and other operations.
As shown in fig. 3, in one or more embodiments of the present disclosure, a schematic diagram of a three-layer network virtual private network issuing process is provided. As can be seen from fig. 3, in one or more embodiments of the present disclosure, a three-layer network is first configured based on a preset campus network plan, and all switch devices in the three-layer network are managed. Checking and confirming whether the topological structure of the three-layer network accords with the planning, initializing a network resource pool if the topological structure accords with the planning, and creating a virtual private network, a corresponding service network and a corresponding service sub-network. The network manager can configure the network resources according to actual demands, and if the network resources are not configured, the network resources are automatically configured based on the resource pool, so that the work cost of the network manager is saved. And then the virtual private network is deployed, and the network resource pool can realize intercommunication among the switches for distributing network resources based on network management configuration in the deployment process, so that the deployment command is issued to each switch in the networking, and if the issuing is successful, the switch configuration is successfully issued or the access terminal flow intercommunication is realized. If the issuing fails, the switch has issued the resource rollback, the resources occupied by the resource pool are released, and the multiplexing of the resources is realized. In the configuration process, the use condition of the resources in the resource pool can be checked based on the resource pool module, so that the visualization of the network resources is realized.
As shown in fig. 4, in one or more embodiments of the present disclosure, an internal structure schematic diagram of a virtual private network issuing device is provided. As can be seen from fig. 4, in one or more embodiments of the present disclosure, a virtual private network issuing apparatus includes:
an initialization module 401, configured to determine a network resource range corresponding to a current three-layer network by using a campus network controller, so as to initialize a network resource pool based on the network resource range, and obtain an initialized resource pool;
The establishing module 402 is configured to establish a virtual private network based on the virtual private network key information corresponding to the three-layer network; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
An adjustment module 403, configured to adjust the initialization resource pool according to the service network resource corresponding to the virtual private network, so as to obtain a current resource pool;
An allocation module 404, configured to obtain network resources corresponding to each switch when the switches communicate, so as to allocate the corresponding network resources to each switch based on the current resource pool, so as to implement communication of each switch;
The issuing module 405 is configured to issue a deployment command to each switch in the three-layer network, and allocate the deployment command according to a role to which the switch belongs, so that the switch implements configuration of a virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
As shown in fig. 5, in one or more embodiments of the present disclosure, an internal structure schematic diagram of a virtual private network issuing device is provided. As can be seen from fig. 5, a virtual private network issuing device includes:
At least one processor 501; and
A memory 502 communicatively coupled to the at least one processor 501; wherein,
The memory 502 stores instructions executable by the at least one processor 501, the instructions being executable by the at least one processor 501 to enable the at least one processor 501 to:
The park network controller determines a network resource range corresponding to the current three-layer network, so as to initialize a network resource pool based on the network resource range and obtain an initialized resource pool;
Establishing a virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
according to the service network resources corresponding to the virtual private network, the initialization resource pool is adjusted to obtain a current resource pool;
Acquiring network resources corresponding to each switch when communicating, so as to allocate the corresponding network resources to each switch based on the current resource pool, thereby realizing the communication of each switch;
Issuing a deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch realizes the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
As shown in fig. 6, a schematic diagram of the internal structure of a nonvolatile storage medium is provided in one or more embodiments of the present specification. As can be seen from fig. 6, a non-volatile storage medium stores computer executable instructions 601, the computer executable instructions 601 being capable of:
The park network controller determines a network resource range corresponding to the current three-layer network, so as to initialize a network resource pool based on the network resource range and obtain an initialized resource pool;
Establishing a virtual private network based on the virtual private network key information corresponding to the three layers of networks; wherein, virtual private network key information includes: service IP network segment, service VLAN, OSPF information;
according to the service network resources corresponding to the virtual private network, the initialization resource pool is adjusted to obtain a current resource pool;
Acquiring network resources corresponding to each switch when communicating, so as to allocate the corresponding network resources to each switch based on the current resource pool, thereby realizing the communication of each switch;
Issuing a deployment command to each switch in the three-layer network, and distributing the deployment command according to the role of the switch so that the switch realizes the configuration of the virtual private network based on the deployment command; wherein, the role of the switch includes: core device, convergence device and switching device.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus, devices, non-volatile computer storage medium embodiments, the description is relatively simple, as it is substantially similar to method embodiments, with reference to the section of the method embodiments being relevant.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing is merely one or more embodiments of the present description and is not intended to limit the present description. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of one or more embodiments of the present description, is intended to be included within the scope of the claims of the present description.