Method and system for implementing elastic IP in public cloud network

Abstract

In particular, the present invention relates to a method and system for implementing elastic IP in a public cloud network. The implementation method of the elastic IP of the public cloud network constructs an elastic IP service resource pool, and expands the direct mapping mechanism between the internal network address and the public network address originally of openstack to a two-level mapping mechanism; distributed deployment of SDN on the nodes in the elastic IP service resource pool Controller: The SDN controller on the node in the elastic IP service resource pool realizes the mapping between the intermediate address and the public network address, ACL access control and flexible and fine-grained elastic IP QoS speed limit function by issuing a flow table. In the public cloud network elastic IP implementation method and system, the L3 agent is located behind the EIP service resource pool and will not be directly exposed to the public network. It can not only realize accurate and fine-grained EIP traffic ACL control, but also realize EIP through two-level mapping. Zero waste of addresses prevents fragmentation of addresses and enables flexible and fine-grained QoS rate-limiting policies.

Description

technical field [0001] The present invention relates to the technical field of cloud computing, in particular to a method and system for realizing elastic IP in a public cloud network. Background technique [0002] Internet addresses are divided into two categories: public network addresses and private network addresses: public network addresses generally pass through the entire Internet through the BGP (Border Gateway Protocol, Border Gateway Protocol) protocol, so they are visible on the entire Internet; and private network addresses The address (the Internet private network IP address segment includes 10.0.0.0 / 8, 192.168.0.0 / 16, 172.16.0.0 / 12) is located inside the enterprise or organization and is used for local network communication purposes, and its address segment will not be announced to the Internet , so the private network address is not visible on the Internet. [0003] The cloud server instances and load balancing instances purchased by public cloud users are lo...

AI Technical Summary

Problems solved by technology

[0006] 1) Directly use L3 agent for public network-private network address mapping, it is difficult to control traffic, and it is not easy to support ACL (Access Control List, access control list);

[0007] 2) For the multi-segment fragmented address pool obtained from the operator, multiple external networks need to be established, and the addresses in these external networks cannot be reused, which may lead to insufficient utilization of address resources, such as address pools in some external networks It has been used up so that users cannot purchase new EIP ((Elastic IP, Elastic IP) services, and a large number of addresses in other external networks are idle;

[0008] 3) The QoS management granularity of openstack's floating IP can only support IP address level, and it is difficult to support finer-grained QoS speed limit;

[0009] 4) The L3 agent of openstack is directly exposed on the public network, which poses a security risk

Images