Search

CN-117201574-B - Communication method between VPCs (virtual private networks) based on public cloud and related products

CN117201574BCN 117201574 BCN117201574 BCN 117201574BCN-117201574-B

Abstract

The embodiment of the application provides a communication method between VPCs based on public cloud and related products, the method comprises the following steps that a cloud management platform determines first configuration information input or selected by a tenant, and creates a global VPC according to the first configuration information; the cloud management platform determines second configuration information input or selected by the tenant, and distributes a first network prefix to a first VPC located in a first area through the global VPC according to the second configuration information, and distributes a second network prefix to a second VPC located in a second area through the global VPC, wherein the global VPC is used for realizing cross-area communication between the first VPC and the second VPC according to the first network prefix and the second network prefix.

Inventors

  • ZHU XIAOPING

Assignees

  • 华为云计算技术有限公司

Dates

Publication Date
20260512
Application Date
20220530

Claims (20)

  1. 1. A method of communication between public cloud-based virtual private clouds VPCs, comprising: The cloud management platform determines first configuration information input or selected by a tenant, and creates a global VPC according to the first configuration information; the cloud management platform determines second configuration information input or selected by the tenant, creates a first VPC in a first area according to the second configuration information, and creates a second VPC in a second area; The cloud management platform distributes a first network prefix to the first VPC according to the identification of the first VPC and the network prefix of the global VPC, distributes a second network prefix to the second VPC according to the identification of the second VPC and the network prefix of the global VPC, wherein the first network prefix is different from the second network prefix, and the global VPC is used for realizing cross-region communication between the first VPC and the second VPC according to the first network prefix and the second network prefix.
  2. 2. The method of claim 1, wherein the region identification in the first network prefix is different from the region identification in the second network prefix.
  3. 3. The method as recited in claim 2, further comprising: The cloud management platform assigns a network prefix to the global VPC, wherein the first network prefix and the second network prefix further include a network prefix of the global VPC.
  4. 4. A method according to claim 3, further comprising: The cloud management platform establishes a network connection between the first VPC and the global VPC, and a network connection between the second VPC and the global VPC.
  5. 5. The method of claim 4, wherein the global VPC stores the first network prefix, the second network prefix, and a routing relationship between the first network prefix and the second network prefix.
  6. 6. The method of claim 5, wherein the first VPC does not support communication with a third VPC.
  7. 7. The method as recited in claim 6, further comprising: the cloud management platform sets an access control list, ACL, for the first VPC, wherein the ACL includes entries for blocking communications between the first VPC and the third VPC.
  8. 8. The method of any of claims 1-7, wherein the first VPC comprises a first subnet, the method further comprising: And the cloud management platform distributes network prefix to the first subnet through the global VPC, wherein the network prefix of the first subnet comprises the first network prefix and a subnet identifier.
  9. 9. The method of claim 8, wherein the first subnet comprises a virtual machine VM, the method further comprising: the cloud management platform allocates a network prefix to the VM through the global VPC or the first VPC, wherein a region identifier in the network prefix of the VM is used for indicating that the VM supports migration to a VPC which can be communicated with the first VPC under the jurisdiction of the global VPC.
  10. 10. The method of claim 9, wherein the region identification in the network prefix of the VM is different from the region identification in the network prefix of any VPC under the global VPC jurisdiction.
  11. 11. The method of claim 10, wherein the VPC under the jurisdiction of the global VPC that is communicable with the first VPC comprises the second VPC, the method further comprising: the cloud management platform migrates the VM from the first VPC to the second VPC, wherein the migrated VM is located in a second subnet of the second VPC, and a subnet identifier in a network prefix of the second subnet is the same as a subnet identifier in a network prefix of the first subnet.
  12. 12. The method of claim 11, wherein the network prefix of the VM after migration is the same as the network prefix of the VM before migration.
  13. 13. The method as recited in claim 12, further comprising: And the cloud management platform allocates bandwidth to the global VPC, wherein the data flow passing through the global VPC meets the requirement of the bandwidth.
  14. 14. The method as recited in claim 13, further comprising: the cloud management platform marks the data flow passing through the global VPC with a corresponding flow label according to the identification of the global VPC; and the cloud management platform obtains the requirement of the bandwidth according to the stream label and indicates the forwarding of the data stream according to the requirement of the bandwidth.
  15. 15. The method of claim 14, wherein the network prefix of the global VPC is an internet protocol IPv6 prefix version six as applied by the cloud management platform.
  16. 16. The method of claim 14, wherein the network prefix of the global VPC is an IPv6 prefix generated by the cloud management platform.
  17. 17. The method of claim 14, wherein the network prefix of the global VPC is an IPv6 prefix applied by the tenant.
  18. 18. A cloud management platform, comprising: the determining module is used for determining first configuration information and second configuration information input or selected by the tenant; The control module is used for creating a global Virtual Private Cloud (VPC) according to the first configuration information, creating a first VPC in a first area and creating a second VPC in a second area according to the second configuration information, distributing a first network prefix to the first VPC according to the identification of the first VPC and the network prefix of the global VPC by utilizing the global VPC, and distributing a second network prefix to the second VPC according to the identification of the second VPC and the network prefix of the global VPC, wherein the first network prefix is different from the second network prefix, and the global VPC is used for realizing cross-regional communication between the first VPC and the second VPC according to the first network prefix and the second network prefix.
  19. 19. The cloud management platform of claim 18, wherein the region identification in said first network prefix is different from the region identification in said second network prefix.
  20. 20. The cloud management platform of claim 19, The control module is further configured to assign a network prefix to the global VPC, where the first network prefix and the second network prefix further include a network prefix of the global VPC.

Description

Communication method between VPCs (virtual private networks) based on public cloud and related products Technical Field The embodiment of the application relates to the technical field of cloud computing, in particular to a communication method between virtual private clouds (virtual private cloud, VPC) based on public clouds and related products. Background The VPC is a virtual network environment created by the tenant, supports the autonomous configuration and management of the tenant, and has many advantages such as safety and reliability, so that the VPC is widely used. In practical applications, there is a demand for communication between different VPCs, but there may be a situation that private addresses overlap between VPCs requiring communication due to private address planning or the like, which may cause that communication between the VPCs cannot be performed. Currently, communication between VPCs having the same private address is achieved primarily by ① creating a VPC peer-to-peer connection between the VPCs (VPC PEERING). ② A transit gateway (TRANSIT GATEWAY) is used to connect the different VPCs. Both methods require tenants to manage private addresses of VPCs, and resources in the VPCs cannot migrate to each other, and communication between the VPCs is not guaranteed by bandwidth. Therefore, how to implement communication between VPCs is still an urgent problem to be solved in the current cloud computing technology field. Disclosure of Invention The embodiment of the application provides a communication method and related products between VPCs based on public clouds, which can realize communication between different VPCs, can ensure the bandwidths of the different VPCs during communication, can mutually migrate resources in the different VPCs as required, and can realize unified management of network addresses and routes of the VPCs and reduce manual workload. In a first aspect, an embodiment of the present application provides a communication method between VPCs based on public clouds, where the method includes the steps that a cloud management platform determines first configuration information input or selected by a tenant, creates a global VPC according to the first configuration information, determines second configuration information input or selected by the tenant, assigns a first network prefix to a first VPC located in a first area through the global VPC according to the second configuration information, and assigns a second network prefix to a second VPC located in a second area through the global VPC, where the global VPC is configured to implement cross-regional communication between the first VPC and the second VPC according to the first network prefix and the second network prefix. It can be seen that by implementing the above method, the first VPC and the second VPC have different network prefixes, so that communication between the first VPC and the second VPC can be achieved. In a possible implementation manner of the first aspect, the area identifier in the first network prefix is different from the area identifier in the second network prefix. Wherein the region identification in the first network prefix is used to identify the first VPC and the region identification in the second network prefix is used to identify the second VPC. In this way, the first network prefix and the second network prefix are different, enabling communication between the first VPC and the second VPC. In a possible implementation manner of the first aspect, the method further includes assigning, by the cloud management platform, a network prefix to the global VPC, where the first network prefix and the second network prefix further include a network prefix of the global VPC. In a possible implementation manner of the first aspect, the method further includes the cloud management platform establishing a network connection between the first VPC and the global VPC, and a network connection between the second VPC and the global VPC. It will be appreciated that the first VPC and the global VPC may be made to communicate by establishing a network connection between the first VPC and the global VPC, and likewise, the second VPC and the global VPC may be made to communicate by establishing a network connection between the second network prefix and the global VPC. Thus, the first VPC and the second VPC may communicate through the global VPC. In a possible implementation manner of the first aspect, the global VPC stores a first network prefix, a second network prefix, and a routing relationship between the first network prefix and the second network prefix. In this way, automatic management of the network addresses of the first VPC and the second VPC, and the routing between the two, can be achieved with the global VPC. In one possible implementation of the first aspect, the first VPC does not support communication with the third VPC. Thus, the first VPC and the third VPC are isolated from each other, and the