摘要
面对电力系统中信息网络、互联网边界海量电力物联网终端的访问需求,针对传统安全接入边界各类装置实现方法资源分配不均、兼容性差、扩展性差以及性能瓶颈等问题,提出一种基于容器的安全接入虚拟化模型。该模型采用DPDK高性能数据包处理框架、成熟容器集群管理框架、服务计算节点编排等关键技术,将数据平面与控制平面完全分离,构建独立的数据虚拟化转发平面,并采用SR-IOV技术实现硬件资源的虚拟化和统一调度管理,将安全接入能力服务化。基于该模型的安全接入装置集群具有高性能、高可用、灵活编排、可扩展性强等优势。实验结果表明,该模型方法能够高效合理利用硬件资源,大幅提升电力系统边界安全接入的效率。
Facing the access requirements of massive power Internet of Things terminals at the information network and Internet boundary in power system,aiming at the problems of uneven resource allocation,poor compatibility,poor scalability and performance bottleneck of various devices at the traditional secure access boundary,a secure access virtualization model based on container is proposed,which adopts DPDK high-performance packet processing framework,mature container cluster management framework,service computing node arrangement and other key technologies completely separate the data plane from the control plane,build an independent data virtualization forwarding plane,and use SR-IOV technology to realize the virtualization of hardware resources and unified scheduling management,and service the security access capability. The security access device cluster based on this model has high performance,high availability,flexible arrangement and strong scalability. The experimental results show that the model can make efficient and rational use of hardware resources and greatly improve the efficiency of power system boundary security access.
作者
纪元
郑卫波
王梓
JI Yuan;ZHENG Wei-bo;WANG Zi(NARI Group Corporation(State Grid Electric Power Research Institute Co.,Ltd.),Nanjing 210003,China;Nanjing NARI Information&Communication Technology Co.,Ltd.,Nanjing 210003,China)
出处
《计算机与现代化》
2022年第9期106-110,118,共6页
Computer and Modernization
基金
南瑞集团有限公司科技项目资助(5246DR200052)。
关键词
虚拟化
容器
计算节点
转发平面
安全接入
virtualization
container
compute node
forwarding plane
secure access
