34 results about "Network virtualization platform" patented technology

A platform architecture shifts the networked computing paradigm from PC+Network to a system using trusted mobile internet end-point (MIEP) devices and cooperative agents hosted on a trusted server. The MIEP device can participate in data flows, arbitrate authentication, and / or participate in implementing security mechanisms, all within the context of assured end-to-end security. The MIEP architecture improves platform-level capabilities by suitably (and even dynamically) partitioning what is done at the MIEP nodes, the network, and the server based infrastructure for delivering services.

Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.

A network mediator corresponding to a computing device uses packet filters to restrict network communications. The network mediator includes a set of one or more filters, each filter having parameters that are compared to corresponding parameters of a data packet to be passed through the network mediator. The network mediator determines whether to allow the data packet through based on whether the data packet parameters match any filter parameters. The set of filters can be modified by a remote device, but cannot be modified by the computing device whose communications are being restricted. When a data packet is sent from the computing device, the data packet will include the virtual address which is changed to the network address by the network mediator prior to forwarding the packet on the network, and vice versa. By virtualizing the addresses, the computing device is restricted in accessing other devices over the network.

The invention provides a cloud computing network virtualization method and system based on an SDN, wherein the cloud computing network virtualization method and system are applied to the technical field of cloud computing. The method includes the following steps of processing information from a controller Controller and information from an Openflow interchanger through a controller proxy FlowVisor according to a preset strategy, wherein the Openflow interchanger is in communication with the controller proxy and the controller through Openflow protocols. According to the scheme, virtual network segments are dynamically configured for cloud service, and therefore a user network is as flexible as other cloud computing infrastructures, the data center automation degree and service flexibility are remarkably improved, VM density is increased, capital consumption and operating cost are reduced, limits of a traditional physical or regional isolation mechanism are eliminated, and the optimal VM density and the optimal economic benefits can be achieved through data center managers.

Mechanisms are provided to allow servers connected over an InfiniBand fabric to communicate using multiple private virtual interconnects (PVIs). In particular embodiments, the PVIs appear as virtual Ethernet networks to users on individual servers and virtual machines running on the individual servers. Each PVI is represented on the server by a virtual network interface card (VNIC) and each PVI is mapped to its own InfiniBand multicast group. Data can be transmitted on PVIs as Ethernet packets fully encapsulated, including the layer 2 header, within InfiniBand messages. Broadcast and multicast frames are propagated using InfiniBand.

The invention discloses an SDN virtualization platform uplink signaling flow label processing method based on OpenFlow. The method comprises the following steps: receiving a data packet; a physical switch, when receiving the data packet, first of all, checking the flow meter in the physical switch, and if no items matching the data packet exist in the flow meter, packaging the pack header of the data package in an uplink signaling for sending to a network virtualization platform; the network virtualization platform serving as a controller of the physical switch; the network virtualization platform receiving the submitted data packet; determining whether the data packet carries a flow label; if the data packet carries the flow label, it being indicated that the data packet is a data packet inside a virtual network; and if the data packet does not carry the flow label, it being indicated that the data packet is a non-classified data packet.

Object-oriented network virtualization may involve creating and operating virtual network objects (VNO) using a software-programmed networking operating system (SPN OS). A VNO may be a complete representation of a virtual network service provided under the SPN OS. A VNO may have a unique identity and properties, along with an internal set of methods for executing functionality encapsulated by the VNO. A VNO may exhibit persistence and autonomous control to enable improved virtual network services.

The invention discloses a support protocol irrelative software defined networking virtualization management platform. According to the platform, the fact that different tenants can establish and manage a plurality of virtual networks on the same physical resource is supported. Each virtual network can customize a topology flexibly. Each virtual network can use a customized protocol according to a demand, so the programmable capability of SDN (Software Defined Networking) is exerted fully. Traffic is isolated between the virtual networks in a mode of adding labels. Through introduction of branch flow tables and a virtual network flow table, the flow tables are planned, so a data packet processing rate is greatly improved.

The invention provides a network card direct connection system for a virtualization platform. The network card direct connection system comprises a virtual machine, a virtual network card, network data packets and a virtual switch, wherein the virtual machine is used for transmitting a network data packet, which is transmitted to an external network, to the virtual network card, and receives a network data packet, which belongs to the virtual machine and is from the external network, from the virtual network card; the virtual network card is used for forwarding the network data packet which belongs to the virtual machine to the virtual switch; the network data packets comprise the network data packet transmitted to the external network by means of the virtual machine, and the network datapacket which belongs to the virtual machine and is from the external network; and the virtual switch is used for forwarding the network data packet, which is transmitted to the external network by means of the virtual machine, to the external network, forwarding the network data packet which belongs to the virtual machine and is from the external network to the virtual machine by means of the virtual network card, and realizing supervision on the network data packet of the virtual machine. Therefore, the problem that the virtualization platform cannot perform flow control and supervision on the virtual network data packet when using network card direct connection is solved.

The invention discloses a virtual network flow classifying method based on an OpenFlow protocol. When a network virtual platform forwards a data package, a flow tag is added to the data package forwarded from the virtual network edge to the virtual network interior, and the flow tag is popped up from the data package forwarded from a port inside the virtual network to a port at the virtual network edge.

The invention discloses a network virtualization frame in a long term evolution system and a resource blocks allocation method under the frame. According to the network virtualization frame, a network resource manager is introduced to virtualize a physical base station into a plurality of virtual base stations, and each virtual base station has an independent virtual network controller; network resource management falls into resource block management and user information management, and a resource block manager cannot visit user information; a utility function comprising adjustable parameters is introduced, and the offer and earning of an operator are defined according to the utility function; all the resource blocks are allocated one by one; when each of the resource blocks is allocated, the operator offers, and the operator with the highest offer acquires the resource block, allocates the resource block for a user and considers the speed requirement of the user and the minimum resource block guarantee of the operator in allocation. Through adoption of the network virtualization frame and the resource blocks allocation method, the operator can offer faithfully, the dispatch of interior of the virtual network is customized by the operator which the virtual network belongs to, and virtual networks can be isolated.

The invention discloses a network virtualization method based on a software defined network (SDN). The network virtualization method comprises the steps of obtaining SDN topology information by a controller through detection in network initialization; creating a virtual network sheet, calling a virtual network generation module by the created virtual network sheet, adding host computers into the virtual network after network creation is finished, adding the host computers into the virtual network sheet, and communication between a certain host computer and another host computer is required, if a switch has a matched flow item, directly forwarding a data package, and if the switch has no matched flow item, transmitting the data package to the controller, calling an information interception module by the controller for intercepting the data package, calling an information analyzing module by the information interception module, waiting for a result which is returned from the information analyzing module, and determining whether to discard the data package. The network virtualization method can be used for flexibly creating a virtual network and is totally driven according to a user requirement and has relatively high expandability. Furthermore the invention provides a relatively good solution for improving network throughput and preventing competition of busy links.

The invention provides a hardware resource quantification method, a hardware resource arrangement method, a hardware resource quantification device and a network device, and relates to the technical field of mobile communication. The hardware resource quantification method comprises the following steps of determining the hardware type of each hardware in the current hardware resource; obtaining performance attribute parameters of each hardware according to each hardware type; calculating the equivalent capability of each hardware according to the obtained performance attribute parameters and the capability factors corresponding to the performance attribute parameters; and calculating a quantization capability value of the hardware resource according to the equivalent capability of each hardware. According to the hardware resource quantification method, the hardware resource arrangement method, the hardware resource quantification device and the network device, the calculation capability of the hardware resources can be accurately described, the arrangement capability and the arrangement efficiency of an arrangement device of a network virtualization platform are improved to the maximum extent, and the utilization rate of the hardware resources is improved.

The invention discloses a virtual network topological self-service generation method and system. After detecting log-in of a user terminal, a network controller detects the presence of virtual network topological resources of related users and sends the detection result to the user terminal. If the detection result indicates that virtual network topological resources of related users do not exist in the network controller, a user terminal can further determine whether the related users have the right for self-service application of virtual network topology. If related users have the right for self-service application of virtual network topology, the user terminal applies virtual network topological resources from the network controller, and generates virtual network topology according to virtual network topological resources allocating result fed back by the network controller. Virtual network topology is provided to each user through network virtualization capability of transmission SDN network, so that a user can adjust virtual network topology according to self needs.

The invention discloses a method for detecting ambiguity of stream rules. The method comprises the following steps of extracting all matched items in stream rules required to be detected and corresponding matching rules; performing stream rule matched time collision detection on all the extracted matched items and the corresponding matching rules thereof, and the other matched items and the corresponding matching rules thereof in pairs; examining whether the matched items and the corresponding matching rules thereof which are not in stream rule matched item collision detection with the other matched items and the corresponding matching rules thereof in pairs exist or not; continuing the step of stream rule matched item collision detection if the matched items and the corresponding matching rules thereof which are not in stream rule matched item collision detection with the other matched items and the corresponding matching rules thereof in pairs exist; and further examining the result of the stream rule matched item collision detection if the matched items and the corresponding matching rules thereof which are not in stream rule matched item collision detection with the other matched items and the corresponding matching rules thereof in pairs do not exist. If the result of the stream rule matched item collision detection includes that all the extracted matched items and the corresponding matching rules thereof do not collide with the other matched items and the corresponding matching rules thereof, all the current detected stream rules are ambiguous; and if the result of the stream rule matched item collision detection includes that at least one matched item and the corresponding matching rules thereof collide with the other matched items and the corresponding matching rules thereof, all the current detected stream rules are not ambiguous.

The invention relates to a mobile communication network function virtualization platform based on container cloud, comprising a container cloud platform, a container engine and a mobile communicationnetwork. The container cloud platform is used for scheduling containers distributed on each working node, and controlling life cycle and functions. The container engine runs on the working node, receives the scheduling from the container cloud platform, manages the virtual network, and calculates and stores the resources. The container cloud platform is connected with a container engine on a plurality of nodes, and is used for centralized management and scheduling of containers in a mobile communication network. The invention perfectly combines the network function virtualization platform withthe mobile communication network, which can greatly reduce the cost of installing the network intermediate boxes such as hardware security devices, improve the automation degree of equipment deployment and strategy configuration, and reduce the complexity of operation and maintenance. In addition, the invention also realizes the automatic configuration of the network security strategy, and effectively improves the network security protection level.

The invention discloses a space-ground integrated network virtualization method based on protocol non-perception forwarding. The method is oriented to a space-ground integrated network, And the underlying physical network is managed through the virtualization layer based on the protocol non-perception forwarding technology, wherein the acquisition of the bottom layer satellite network topology isto divide the satellite constellation operation period into a series of short time slices by analyzing the operation rule of the satellite constellation and keep the topology of the satellite in eachtime slice unchanged, and the bottom layer routing method adopts a segmented routing method. The invention discloses a network virtualization method. According to the method, a protocol non-perceptionforwarding technology, a virtual topology technology and a segmented routing technology are applied to space-ground integrated network virtualization, on the basis that the programmability of the network is improved, the calculation time of a mapping scheme, the number of flow table items and the overhead of a data packet header are greatly reduced, the utilization rate of equipment is effectively improved, and the requirement for space-ground integrated network virtualization is met.

The invention provides an SDN framework based on network virtualization. The SDN framework based on network virtualization comprises a cloud service platform, network virtualization equipment, computing virtualization equipment and storage virtualization equipment. A double-layer cloud service network framework is provided. When the user requires to perform data accessing, the user logs in the cloud service platform to perform accessing through his client side, and the cloud service platform provides the network access service for the user through the network virtualization equipment, providesthe computing service for the user through the computing virtualization equipment and meets the data access requirement of the user through the storage virtualization equipment according to the access demand of the user.

The invention provides a continuous network virtualization platform system, which comprises a host computer. The host computer comprises a network configuration module, a memory, a virtual machine creation module, a cluster management module and a migration module. The network configuration module performs network configuration on the virtual machine and sends the configured network information tothe memory for storage; the network configuration module performs network configuration on the virtual machine and sends the configured network information to the memory for storage. A virtual machine creation module creates a plurality of virtual machines and installs a virtual operating system in the virtual machines, and obtains configured network information from a memory to perform network setting on the virtual machines; the cluster management module creates a cluster and adds the plurality of virtual machines to the cluster for management; the migration module migrates the business data from the physical server to the virtual machine. The multiple virtual machines are arranged on a plurality of physical servers, and at least two virtual machines are arranged on each physical server. The invention adopts the virtualization technology to migrate the service data to the virtual machine of the virtualization platform so as to ensure the continuity of the service.

The invention discloses a network chip and a cloud server system. The network chip comprises a plurality of Ethernet NICs (network interface cards) and an Ethernet switch, wherein the plurality of NICs are connected with the Ethernet switch. The NICs and the Ethernet switch are integrated into a single network chip, and the cloud server system is built based on the chip. The structure of the cloud server system can meet the design requirements of a cloud server very well, that is, the performance per watt and the integrated service capacity are high, the cost and power consumption are low, and high performance is realized. Network virtualization is realized on the framework, and the performance of the server can be guaranteed to the largest extent.

The invention provides a single Linux core and multiple Android systems-based network virtualization method. The method comprises the steps of setting at least two containers, wherein one container isinternally provided with a main system, and other containers are provided with a virtual Android system with an independent network protocol stack separately; and setting a physical network adapter or a virtual network adapter in the virtual Android system, wherein the virtual Android system communicates with an external network through the physical network adapter or the virtual network adapter.Through adoption of the method, the network data of each container is independent, and outgoing access to networks is realized, so that online transaction and sensitive information of each containerare kept safe, and the management cost and economic cost are lowered remarkably.

The invention discloses a method for detecting ambiguity of stream rules. The method comprises the following steps of extracting all matched items in stream rules required to be detected and corresponding matching rules; performing stream rule matched time collision detection on all the extracted matched items and the corresponding matching rules thereof, and the other matched items and the corresponding matching rules thereof in pairs; examining whether the matched items and the corresponding matching rules thereof which are not in stream rule matched item collision detection with the other matched items and the corresponding matching rules thereof in pairs exist or not; continuing the step of stream rule matched item collision detection if the matched items and the corresponding matching rules thereof which are not in stream rule matched item collision detection with the other matched items and the corresponding matching rules thereof in pairs exist; and further examining the result of the stream rule matched item collision detection if the matched items and the corresponding matching rules thereof which are not in stream rule matched item collision detection with the other matched items and the corresponding matching rules thereof in pairs do not exist. If the result of the stream rule matched item collision detection includes that all the extracted matched items and the corresponding matching rules thereof do not collide with the other matched items and the corresponding matching rules thereof, all the current detected stream rules are ambiguous; and if the result of the stream rule matched item collision detection includes that at least one matched item and the corresponding matching rules thereof collide with the other matched items and the corresponding matching rules thereof, all the current detected stream rules are not ambiguous.

The invention discloses a management system and a management method for virtualization platforms. Virtualization implementation requests of different virtualization platforms are acquired by an interaction module, and according to the implementation requests, a service layer interface call request including a virtualization platform category is sent; a service processing module receives the service layer interface call request, and sends an adaptation layer interface call request including the virtualization platform category according to the service layer interface call request; and a virtualization adapter module receives the adaptation layer interface call request, configures a virtualization interface according to the virtualization platform category, and returns interface parameters of the virtualization interface to the service processing module, so that the service processing module calls the virtualization interface. According to the virtualization platform category, the corresponding virtualization interface is adapted out, so that the adaptive virtualization interface can be called to implement virtualization, thereby managing virtualization implementation of different virtualization platforms. Therefore, the management system and the management method which are disclosed by the invention can manage virtualization provided by various different virtualization platforms.

The invention discloses a distributed network virtualization system for an SDN (software defined network). The distributed network virtualization system comprises an SDN southbound protocol module, a kernel module, a virtualization layer module and a tenant application module, the SDN southbound protocol module can realize an SDN southbound protocol, the kernel module stores and manages low-level physical network data through distributed protocol Raft (replication and fault tolerant), different network virtualization systems are synchronized, and the virtualization layer module is used for realizing network virtualization. According to the distributed network virtualization system, an efficient network virtualization system is provided for the SDN by the aid of the advantages of protocol oblivious forwarding technique and distributed SDN controller open network operating system design, the requirements of reliability and expansibility of the network virtualization system can be met, and programmability of the virtualization SDN can also be improved.

There are provided measures for conflict resolution in a network virtualization scenario, wherein a virtualized network function is utilized by a first virtualized network service managed by a first network component and a second virtualized network service managed by a second network component. The measures comprise requesting, by the first network component, an alteration of the virtualized network function, transmitting information indicative of the alteration of the virtualized network function to the second network component, and determining when the alteration of the virtualized network function impacts the second virtualized network service.

The invention discloses a support protocol irrelative software defined networking virtualization management platform. According to the platform, the fact that different tenants can establish and manage a plurality of virtual networks on the same physical resource is supported. Each virtual network can customize a topology flexibly. Each virtual network can use a customized protocol according to a demand, so the programmable capability of SDN (Software Defined Networking) is exerted fully. Traffic is isolated between the virtual networks in a mode of adding labels. Through introduction of branch flow tables and a virtual network flow table, the flow tables are planned, so a data packet processing rate is greatly improved.

A domain management apparatus instructs physical nodes about the configuration of virtual nodes and virtual links of virtual networks. The physical nodes assign a virtual machine to a virtual node based on the definition of the virtual node contained in an instruction from the domain management apparatus. The physical nodes write a configuration associating virtual interfaces in the virtual node definition with virtual NICs on the virtual machine into a configuration file of the operating system to be started up on the virtual machine before the start-up of the virtual machine and, then, start up the virtual machine. Therefore, it is possible to recognize the correspondence relation between the virtual interface in the virtual node definition and the virtual NIC in the virtual machine without referring to the virtual network assignment result and without waiting for the start-up of the virtual machine.

The invention discloses a firewall setting method, system and device and a computer readable storage medium, and the method comprises the steps: determining each target port of a to-be-configured firewall in a target router when being applied to a network virtualization platform; creating routers corresponding to the target ports as firewall routers; creating a logic switch; based on the logic switch, connecting the target router with the corresponding firewall router; and adding the target port to the corresponding firewall router. In the application, a network virtualization platform creates routers corresponding to each target port of a target router as firewall routers, creates a logic switch, connects the target router with the corresponding firewall router based on the logic switch, and adds the target port to the corresponding firewall router. Therefore, the firewall is set by taking the port of the router as a unit in the network virtualization platform, and the protection capability of the firewall in the network virtualization platform is improved.

The invention discloses an OpenFlow-based SDN virtualization platform upstream signaling flow label processing method. The data packet is received; when the physical switch receives the data packet, the flow table in the physical switch is firstly inquired. If the flow table does not exist with the data packet If there is a matching entry, the packet header is encapsulated in the uplink signaling and sent to the network virtualization platform; the network virtualization platform acts as the controller of the physical switch; the network virtualization platform receives the submitted data packet; judges the data packet Whether it has a flow label; if the data packet has a flow label, it indicates that the data packet is a data packet inside the virtual network; if the data packet does not have a flow label, it indicates that the data packet is an unclassified data packet.