Search

CN-121984944-A - Virtual private network, communication method and storage medium

CN121984944ACN 121984944 ACN121984944 ACN 121984944ACN-121984944-A

Abstract

The application provides a virtual private network, a communication method and a storage medium, which can be applied to the technical field of communication. The virtual private network comprises a terminal node, a routing unit and at least one virtual machine, wherein the terminal node is connected between the virtual machine and the routing unit, the terminal node is used for receiving an access message from the virtual machine, converting a destination address carried by the access message into an intermediate layer network address corresponding to a target virtual private network where a target service is located, and sending the access message to the routing unit, the terminal node and the target service have an association relationship, and the routing unit is used for receiving the access message from the terminal node, converting a source address carried by the access message into an intermediate layer network address corresponding to the virtual private network, and sending the access message to the target virtual private network based on the intermediate layer network address corresponding to the virtual private network.

Inventors

  • LI MINGDA
  • SONG QING
  • DU PENG
  • CHEN ZHEN

Assignees

  • 曙光云计算集团股份有限公司
  • 南京城市云计算中心有限公司

Dates

Publication Date
20260505
Application Date
20260407

Claims (10)

  1. 1. A virtual private network, wherein the virtual private network comprises a terminal node, a routing unit and at least one virtual machine; The terminal node is connected between the virtual machine and the routing unit, and is used for receiving an access message from the virtual machine, converting a destination address carried by the access message into an intermediate layer network address corresponding to a target virtual private network where a target service is located, and sending the access message to the routing unit, wherein the terminal node and the target service have an association relationship; the routing unit is configured to receive an access packet from the terminal node, and convert a source address carried by the access packet into an intermediate layer network address corresponding to the virtual private network, so as to send the access packet to a target virtual private network based on the intermediate layer network address corresponding to the virtual private network.
  2. 2. The virtual private network according to claim 1, wherein the routing unit comprises a router and a network address translation gateway, wherein in the case of the virtual private network as a message sender, The router is used for receiving the access message from the terminal node and sending the access message to the network address conversion gateway based on a routing rule; The network address conversion gateway is used for receiving the access message from the router, converting the source address carried by the access message into the middle layer network address corresponding to the virtual private network, and sending the access message to the target virtual private network based on the middle layer network address corresponding to the virtual private network.
  3. 3. The virtual private network according to claim 2, wherein, in the case where the virtual private network is used as a message sender, The router is also used for receiving the response message from the virtual machine and sending the response message to the network address translation gateway based on a routing rule.
  4. 4. A virtual private network according to claim 3, wherein the network address translation gateway is configured to And receiving a response message from the router, converting a source address carried by the response message into an intermediate layer network address corresponding to the virtual private network, and sending the response message to the target virtual private network.
  5. 5. The virtual private network according to claim 2, wherein, in the case where the virtual private network is used as a message receiving end, The network address conversion gateway is used for modifying a destination address carried by the response message from the target virtual private network into the network address of the terminal node, and sending the response message to the router.
  6. 6. The virtual private network of claim 5, wherein the router is configured to And receiving a response message from the network address conversion gateway, and sending the response message to the terminal node according to a destination address carried by the response message.
  7. 7. The virtual private network according to claim 2, wherein, in the case where the virtual private network is used as a message receiving end, The network address conversion gateway is further configured to modify a destination address carried by the access packet into a network address of the virtual machine, and send the access packet to the router.
  8. 8. The virtual private network of claim 7, wherein the router is configured to And receiving an access message from the network address conversion gateway, and sending the access message to a virtual machine according to a destination address carried by the access message.
  9. 9. A communication method applied to the virtual private network according to any one of claims 1 to 8, characterized in that the method comprises: The terminal node receives an access message from a virtual machine, converts a destination address carried by the access message into an intermediate layer network address corresponding to a target virtual private network where a target service is located, sends the access message to the routing unit, and converts the destination address carried by the access message into the intermediate layer network address corresponding to the target virtual private network, so that the accessed virtual machine is accessed based on the intermediate layer network address under the condition that the network addresses of the accessed virtual machine in the virtual machine and the target virtual private network are the same; The routing unit receives an access message from the terminal node, and converts a source address carried by the access message into an intermediate layer network address corresponding to the virtual private network, so that the access message is sent to the target virtual private network based on the intermediate layer network address corresponding to the virtual private network and the intermediate layer network address corresponding to the target virtual private network.
  10. 10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, realizes the steps of the method according to claim 9.

Description

Virtual private network, communication method and storage medium Technical Field The present application relates to the field of communications technologies, and in particular, to a virtual private network, a communication method, and a storage medium. Background In a large-scale cloud computing platform, each tenant has a private network exclusive to itself, and virtual machines are difficult to access to each other due to destination address conflict under the condition that network addresses of the virtual machines in any two private networks are the same. Disclosure of Invention In view of the above, the present application provides a virtual private network, a communication method, and a storage medium. A program product and an electronic device are also provided. According to a first aspect of the application, a virtual private network is provided, which comprises a terminal node, a routing unit and at least one virtual machine, wherein the terminal node is connected between the virtual machine and the routing unit, and is used for receiving an access message from the virtual machine, converting a destination address carried by the access message into an intermediate layer network address corresponding to a target virtual private network where a target service is located, and sending the access message to the routing unit, the terminal node and the target service have an association relationship, and the routing unit is used for receiving the access message from the terminal node, converting a source address carried by the access message into an intermediate layer network address corresponding to the virtual private network, and sending the access message to the target virtual private network based on the intermediate layer network address corresponding to the virtual private network. According to the embodiment of the application, through carrying out IP address conversion of the terminal node and the twice network address conversion gateway and matching with the routing rule, traffic communication between virtual private networks can be completed, the problem that IP addresses are overlapped and difficult to access is solved, and through using the network address conversion gateway and the terminal node, additional computing resources such as a central processing unit and a memory are not needed, the resource issuing is quick, and the network traffic forwarding performance is high. According to the embodiment of the application, the routing unit comprises a router and a network address conversion gateway, wherein the router is used for receiving an access message from a terminal node under the condition that the virtual private network is used as a message sending end, sending the access message to the network address conversion gateway based on a routing rule, and the network address conversion gateway is used for receiving the access message from the router, converting a source address carried by the access message into an intermediate layer network address corresponding to the virtual private network, and sending the access message to a target virtual private network based on the intermediate layer network address corresponding to the virtual private network. According to the embodiment of the application, the routing unit can maintain the routing entry pointing to the middle layer network, when receiving the access request forwarded by the first virtual machine through the terminal node, the router can inquire the routing table according to the destination address, forward the traffic to the middle layer network, and the middle layer network finishes the routing addressing to the target virtual private network, thereby realizing intelligent dispatching and isolation of the network traffic, improving the data transmission efficiency, simplifying the terminal configuration, and enhancing the network security and manageability. By using the network address conversion gateway, the cross-virtual machine security mutual access can be realized, the real source address is hidden, the network topology is simplified, the address multiplexing and isolation are improved, and the routing configuration complexity is reduced. According to the embodiment of the application, in the case that the virtual private network is used as a message sending end, the router is further used for receiving the response message from the virtual machine and sending the response message to the network address translation gateway based on the routing rule. According to the embodiment of the application, under the condition that the virtual private network is used as the response message sending end, the two routers can ensure the original return of the response flow, maintain the session consistency, realize the bidirectional address conversion and ensure the integrity and the reliability of the communication across the virtual private network. According to the embodiment of the application, the network address conversion gateway