CN106506314B - Network high-availability method and device based on docker - Google Patents
Network high-availability method and device based on docker Download PDFInfo
- Publication number
- CN106506314B CN106506314B CN201611095487.1A CN201611095487A CN106506314B CN 106506314 B CN106506314 B CN 106506314B CN 201611095487 A CN201611095487 A CN 201611095487A CN 106506314 B CN106506314 B CN 106506314B
- Authority
- CN
- China
- Prior art keywords
- network card
- network
- container
- docker
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/72—Admission control; Resource allocation using reservation actions during connection setup
- H04L47/726—Reserving resources in multiple paths to be used simultaneously
- H04L47/728—Reserving resources in multiple paths to be used simultaneously for backup paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
- H04L47/827—Aggregation of resource allocation or reservation requests
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network high-availability method and device based on docker, and relates to the technical field of devices or methods for executing special programs. The method comprises the following steps: setting a virtual network card device; adding a docker container network device; and bridging the container network card to the virtual network card device through the network bridge network card. The method is based on a done network mode of docker, a bridge network card is added in a network plug-in mode, a virtual network card bound by a bridge network card link port supports a plurality of containers to share an independent network, an independent IP and a shared port, and link redundancy and flow load balance are achieved, so that flow bandwidth is increased. By the method, the purchase cost of an enterprise for constructing a system platform for container virtualization is saved, and the reusability of server resources in the operation of similar applications is improved.
Description
Technical Field
the invention relates to the technical field of devices or methods for executing special programs, in particular to a network high-availability method and device based on docker.
background
the high-availability technical method of the container network is mainly used for providing fixed IP addresses for the docker service and the operation container in the system and providing a network link redundancy and load balancing safety mechanism.
At present, most of solutions for link redundancy in docker container virtualization in the market are completed by traditional hardware manufacturers on a hardware level, and link redundancy is completed through a built-in management controller on a driving level, so that an operating system can directly identify virtualized network card equipment. Such high-end servers that support hardware virtualization are typically expensive compared to general-purpose servers. When a large number of enterprise internet platforms are built at present, a lot of cost is increased for purchasing high-end servers, and a network link has no safety guarantee when an old server is utilized.
with the development of internet services of enterprises, the technology needs to guarantee that internet services are continuously served for 7x24 hours. In addition, enterprises need to fully utilize IT resources, and purchasing cost is reduced. On the background, enterprises complete private cloud platforms based on virtualization technology through own schemes. It is a more outstanding problem how to purchase only a low-cost general-purpose server and to be able to use the old server resources to complete the virtualization service through the link between the server network device and the network device. The problem can be well solved by a technical method based on the docker service and high availability of the network.
the docker is an open-source application container engine, and aims to provide an automatic deployment solution for an application program, quickly create a container (a lightweight virtual machine) on a Linux system, deploy and run the application program, and easily realize automatic installation, deployment and upgrade of the application program through a configuration file, which is very convenient. The docker virtualizes a plurality of containers, each container is isolated from another container without an interface, and the production environment and the development environment of each container can be separated from each other without mutual influence. If a plurality of containers are created at the same time, fixed IP and the same port are used, so that a solution of docker network optimization is particularly important.
when the docker server creates a docker container, the network mode of the designated container is supported, and the docker has the following 4 network modes: host mode, container mode, none mode, bridge mode.
host mode: the docker container will be assigned a separate Network Namespace. This is a Network Namespace shared with the hosts. The container will not virtualize its own network card, configure its own IP, etc., but use the IP and port of the host. The problem of this model is mainly the poor reusability of the hosts, which can only support one container-to-outside service.
container mode: the mode specifies that a newly created container and an existing container of a host mode share one Network Namespace and share a specified IP address and a port range, and only supports container-to-outside service, and is severely limited.
non mode: the container started in the mode has no information such as network card equipment, IP, routing and the like. Network cards, IP and routing information are required to be added by the user.
bridge mode: this mode assigns a Network Namespace, sets IP, etc. to each container and connects the docker container on one host to one virtual bridge. But this mode must bind the host IP address and port, the container mapping service ports cannot be the same.
none of the 4 docker official network modes above can support containers with independent IP addresses, access to each other and no restriction of service ports, while network links are highly available for redundancy and demand for traffic load balancing.
Disclosure of Invention
the technical problem to be solved by the invention is to provide a network high-availability method and device based on docker, the method supports a plurality of containers to share independent networks, independent IPs and shared ports, and link redundancy and flow load balance are realized, so that the flow bandwidth is increased.
in order to solve the technical problems, the technical scheme adopted by the invention is as follows: a network high-availability method based on docker is characterized by comprising the following steps:
Setting a virtual network card device;
adding a docker container network device;
And bridging the container network card to the virtual network card device through the network bridge network card.
the further technical scheme is that the method further comprises the following steps:
And starting the virtual network to confirm whether the virtual network card equipment is available or not and whether the transmission can be carried out or not.
The further technical scheme is that the method further comprises the following steps:
And clearing the IP address of the virtual network device, adding a bridge network card br0, and adding the IP address, the mask code and the default routing gateway.
the further technical scheme is that the method for setting the virtual network card device comprises the following steps:
adding and constructing a virtual network card device configuration file, setting a time for detecting a link state and a working mode of network equipment, and closing support of IPV 6;
Loading a virtual network card working module, and configuring a starting mode of each physical network card;
and starting the network service, finishing the binding process after the bound virtual network card is started, wherein the name of the virtual network card is bond2 network card.
the further technical solution is that the method for configuring the start mode of each physical network card is as follows:
The physical network card device 1 sets MASTER (bond) 0;
The physical network card device 2 sets MASTER (bond) 0;
The physical network card device 3 sets MASTER (bond) 1;
the physical network card device 4 sets MASTER 1.
the further technical scheme is that the adding and constructing of the virtual network card device configuration file comprises configuring a starting mode and a main network card name of each network card.
the further technical scheme is that the method for completing the binding process comprises the following steps:
the physical network card device 1 and the physical network card device 2 are aggregated into a virtual network card device 0, the physical network card device 3 and the physical network card device 4 are aggregated into a virtual network card device 1, the virtual network card device 0 and the virtual network card device 1 are aggregated into a virtual network card device 2, and the virtual network card device 2 is provided with a MASTER (bond) 2.
The further technical scheme is that the step of adding the docker container network equipment is as follows:
Starting a docker server service, setting the docker server service to be in a none mode, and closing a bridge mode;
Checking whether a network bridge device exists through a network plug-in, and if not, automatically creating a Linux bridge device;
Creating a path pair device for the container, providing a network card for the container and connecting to the br0 bridge device;
Finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command.
the further technical scheme is that the method for bridging the container network card to the virtual network card device through the network bridge network card comprises the following steps:
Adding the created veth pair device into the container and the bridge device respectively, wherein the name in the container is set as eth1 by default, and both eth0 and docker0 are disabled;
an independent IP address is set for the network card of the container eth1, a default routing gateway address is added, and an application program in the container can complete network data transmission by carrying a virtual bound network card bond2 through the eth1 in the container and through the bridge br 0.
The invention also discloses a network high-availability device based on docker, which is characterized by comprising the following components:
The virtual network card device is used for aggregating the physical network card device 1 and the physical network card device 2 into a virtual network card device 0, aggregating the physical network card device 3 and the physical network card device 4 into a virtual network card device 1, aggregating the virtual network card device 0 and the virtual network card device 1 into a virtual network card device 2, and setting MASTER (bind) 2 in the virtual network card device 2;
the docker container network device is used for creating a path device for the container, providing a network card and connecting to the br0 network bridge device; finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command;
the network bridge card is used for adding the created path pair equipment into the container and the network bridge equipment respectively, the name in the container is set as eth1 by default, and both eth0 and docker0 are disabled; an independent IP address is set for the network card of the container eth1, a default routing gateway address is added, and an application program in the container can complete network data transmission by carrying a virtual bound network card bond2 through the eth1 in the container and through the bridge br 0.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in: the method and the device are based on a done network mode of docker, a bridge network card is added in a network plug-in mode, a virtual network card bound by a bridge network card link port is used, a plurality of containers are supported to share an independent network, an independent IP (Internet protocol) and a shared port, link redundancy and flow load balance are achieved, and access bandwidth is increased. By the method, the purchase cost of an enterprise for constructing a system platform for container virtualization is saved, and the reusability of server resources in application operation is improved.
drawings
in order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a method according to a first embodiment of the invention;
FIG. 2 is a flow chart of a method according to a second embodiment of the present invention;
FIG. 3 is a flow chart of a method according to a third embodiment of the invention;
Fig. 4 is a flowchart of a method for setting a virtual network card device in a method according to a fourth embodiment of the present invention;
FIG. 5 is a flowchart of a method for adding a docker container network device in a method according to a sixth embodiment of the invention;
Fig. 6 is a flowchart of a method for bridging a container network card to a virtual network card device through a network bridge network card according to a seventh embodiment of the present invention;
FIG. 7 is a flow chart of a method according to an eighth embodiment of the invention;
FIG. 8 is a functional block diagram of an apparatus according to an embodiment of the present invention;
Wherein: 101. a virtual network card device; 102. a docker container network device; 103. network bridge card.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
in the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
as shown in fig. 1, an embodiment of the present invention discloses a network high availability method based on docker, including the following steps:
s101: setting a virtual network card device;
s102: adding a docker container network device;
s103: and bridging the container network card to the virtual network card device through the network bridge network card.
As shown in fig. 2, an embodiment of the present invention discloses a network high availability method based on docker, including the following steps:
s201: setting a virtual network card device;
s202: starting a virtual network to confirm whether the virtual network card equipment is available or not and whether the transmission can be carried out or not;
s203: adding a docker container network device;
s204: and bridging the container network card to the virtual network card device through the network bridge network card.
As shown in fig. 3, an embodiment of the present invention discloses a network high availability method based on docker, including the following steps:
s301: setting a virtual network card device;
S302: starting a virtual network to confirm whether the virtual network card equipment is available or not and whether the transmission can be carried out or not;
s303: clearing the IP address of the virtual network equipment, adding a bridge network card br0, and adding the IP address, a mask code and a default routing gateway;
S304: adding a docker container network device;
S305: and bridging the container network card to the virtual network card device through the network bridge network card.
The embodiment of the invention discloses a network high-availability method based on docker, which comprises the following steps:
S401: setting a virtual network card device;
specifically, as shown in fig. 4, the method for setting the virtual network card device includes:
S4011: adding and constructing a virtual network card device configuration file, setting a time for detecting a link state and a working mode of network equipment, and closing support of IPV 6;
s4012: loading a virtual network card working module, and configuring a starting mode of each physical network card;
s4013: and starting the network service, finishing the binding process after the bound virtual network card is started, wherein the name of the virtual network card is bond2 network card.
s402: adding a docker container network device;
S403: and bridging the container network card to the virtual network card device through the network bridge network card.
the embodiment of the invention discloses a network high-availability method based on docker, which comprises the following steps:
s501: setting a virtual network card device;
specifically, the method for setting the virtual network card device includes:
s5011: adding and constructing a virtual network card device configuration file, setting a time for detecting a link state and a working mode of network equipment, and closing support of IPV6, wherein the adding and constructing the virtual network card device configuration file comprises a starting mode for configuring each network card and a main network card name.
s5012: loading a virtual network card working module, and configuring a starting mode of each physical network card;
the method for configuring the starting mode of each physical network card comprises the following steps:
The physical network card device 1 sets MASTER (bond) 0;
the physical network card device 2 sets MASTER (bond) 0;
the physical network card device 3 sets MASTER (bond) 1;
the physical network card device 4 sets MASTER 1.
s5013: and starting the network service, finishing the binding process after the bound virtual network card is started, wherein the name of the virtual network card is bond2 network card.
the method for completing the binding process comprises the following steps:
the physical network card device 1 and the physical network card device 2 are aggregated into a virtual network card device 0, the physical network card device 3 and the physical network card device 4 are aggregated into a virtual network card device 1, the virtual network card device 0 and the virtual network card device 1 are aggregated into a virtual network card device 2, and the virtual network card device 2 is provided with a MASTER (bond) 2.
S502: adding a docker container network device;
s503: and bridging the container network card to the virtual network card device through the network bridge network card.
the embodiment of the invention discloses a network high-availability method based on docker, which comprises the following steps:
s601: setting a virtual network card device;
the method for setting the virtual network card device comprises the following steps:
s6011: adding and constructing a virtual network card device configuration file, setting a time for detecting a link state and a working mode of network equipment, and closing support of IPV 6;
S6012: loading a virtual network card working module, and configuring a starting mode of each physical network card;
s6013: and starting the network service, finishing the binding process after the bound virtual network card is started, wherein the name of the virtual network card is bond2 network card.
s602: adding docker container network equipment, as shown in fig. 5, specifically includes the following steps:
s6021: starting a docker server service, setting the docker server service to be in a none mode, and closing a bridge mode;
s6022: checking whether a network bridge device exists through a network plug-in, and if not, automatically creating a Linux bridge device;
S6023: creating a path pair device for the container, providing a network card for the container and connecting to the br0 bridge device;
S6024: finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command.
S603: and bridging the container network card to the virtual network card device through the network bridge network card.
the embodiment of the invention discloses a network high-availability method based on docker, which comprises the following steps:
s701: setting a virtual network card device;
the method for setting the virtual network card device comprises the following steps:
s7011: adding and constructing a virtual network card device configuration file, setting a time for detecting a link state and a working mode of network equipment, and closing support of IPV 6;
s7012: loading a virtual network card working module, and configuring a starting mode of each physical network card;
S7013: and starting the network service, finishing the binding process after the bound virtual network card is started, wherein the name of the virtual network card is bond2 network card.
S702: adding docker container network equipment, and specifically comprising the following steps:
S7021: starting a docker server service, setting the docker server service to be in a none mode, and closing a bridge mode;
s7022: checking whether a network bridge device exists through a network plug-in, and if not, automatically creating a Linux bridge device;
s7023: creating a path pair device for the container, providing a network card for the container and connecting to the br0 bridge device;
s7024: finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command.
S703: bridging the container network card to the virtual network card device through the network bridge network card, as shown in fig. 6, specifically includes the following steps:
s7031: adding the created veth pair device into the container and the bridge device respectively, wherein the name in the container is set as eth1 by default, and both eth0 and docker0 are disabled;
s7032: an independent IP address is set for the network card of the container eth1, a default routing gateway address is added, and an application program in the container can complete network data transmission by carrying a virtual bound network card bond2 through the eth1 in the container and through the bridge br 0.
As shown in fig. 7, an embodiment of the present invention discloses a network high availability method based on docker, including the following steps:
S801: adding and constructing a virtual network device configuration file, setting a time for detecting the link state and the working mode of the network device, and closing the support of the IPV 6; loading a virtual network working module, configuring a starting mode and a main network card name of each network card, and setting a virtualized network card IP address 192.168.1.100 mask 255.255.255.0 gateway address 192.168.1.1;
s802: starting a virtual network to confirm whether the virtual network card equipment is available or not and whether the transmission can be carried out or not;
s803: clearing the IP address of the virtual network equipment, adding a bridge network card br0, and adding an IP address, a mask code and a default routing gateway;
s804: setting a docker server starting mode as a none mode to shield default network cards eth0 and docker0 network cards, and creating an application container without network equipment to start application services in the container;
s805: adding a path pair device for a host machine through a plug-in, and linking a container and a bridging network card through the path pair device;
S806: and finally adding a container IP address, a mask code and a default gateway address for the application container network. The redundant load balancing support of the container network can be completed through the program operation.
the method disclosed by the invention is based on a done network mode of docker, a bridge network card is added in a network plug-in mode, a plurality of containers are supported to share an independent network, an independent IP (Internet protocol) and a shared port in a virtual network card binding mode of a bridge network card link port, and the link redundancy and the flow load balance are realized, so that the access bandwidth is increased. By the method, the purchase cost of an enterprise for constructing a system platform for container virtualization is saved, and the reusability of server resources in application operation is improved.
as shown in fig. 8, the present invention also discloses a network high availability device based on docker, including:
The virtual network card device 101 is configured to aggregate the physical network card device 1 and the physical network card device 2 into a virtual network card device 0, aggregate the physical network card device 3 and the physical network card device 4 into a virtual network card device 1, aggregate the virtual network card device 0 and the virtual network card device 1 into a virtual network card device 2, and set a MASTER (bond) 2 in the virtual network card device 2;
the docker container network device 102 is used for creating a path device for the container, providing a network card and connecting to the br0 bridge device; finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command;
The network bridge card 103 is used for adding the created path pair equipment into the container and the network bridge equipment respectively, the name in the container is set as eth1 by default, and both eth0 and docker0 are disabled; an independent IP address is set for the network card of the container eth1, a default routing gateway address is added, and an application program in the container can complete network data transmission by carrying a virtual bound network card bond2 through the eth1 in the container and through the bridge br 0.
the device disclosed by the invention is based on a docker's none network mode, a bridge network card is added in a network plug-in mode, a plurality of containers are supported to share an independent network, an independent IP (Internet protocol) and a shared port in a virtual network card binding mode through a bridge network card link port, and the link redundancy and the flow load balance are realized, so that the access bandwidth is increased. The device saves the purchase cost of an enterprise for constructing a system platform for container virtualization, and improves the reusability of server resources in application operation.
those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The various illustrative logical blocks, or elements, described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.
in one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. A network high-availability method based on docker is characterized by comprising the following steps:
setting a virtual network card device;
Adding a docker container network device;
Bridging the container network card to the virtual network card device through the network bridge network card;
the steps of adding the docker container network equipment are as follows:
starting a docker server service, setting the docker server service to be in a none mode, and closing a bridge mode;
checking whether a network bridge device exists through a network plug-in, and if not, automatically creating a Linux bridge device;
creating a path pair device for the container, providing a network card for the container and connecting to the br0 bridge device;
Finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command;
the method for bridging the container network card to the virtual network card device through the network bridge network card comprises the following steps:
adding the created veth pair device into the container and the bridge device respectively, wherein the name in the container is set as eth1 by default, and both eth0 and docker0 are disabled;
an independent IP address is set for the network card of the container eth1, a default routing gateway address is added, and an application program in the container can complete network data transmission by carrying a virtual bound network card bond2 through the eth1 in the container and through the bridge br 0.
2. the docker-based network high availability method of claim 1, wherein the method further comprises:
And starting the virtual network to confirm whether the virtual network card equipment is available or not and whether the transmission can be carried out or not.
3. the docker-based network high availability method of claim 1, wherein the method further comprises:
And clearing the IP address of the virtual network device, adding a bridge network card br0, and adding the IP address, the mask code and the default routing gateway.
4. the docker-based network high availability method of claim 1, wherein the method for setting the virtual network card device is as follows:
adding and constructing a virtual network card device configuration file, setting a time for detecting a link state and a working mode of network equipment, and closing support of IPV 6;
Loading a virtual network card working module, and configuring a starting mode of each physical network card;
and starting the network service, finishing the binding process after the bound virtual network card is started, wherein the name of the virtual network card is bond2 network card.
5. the docker-based network high availability method of claim 4, wherein the method for configuring the start-up mode of each physical network card is as follows:
the physical network card device 1 sets MASTER (bond) 0;
The physical network card device 2 sets MASTER (bond) 0;
the physical network card device 3 sets MASTER (bond) 1;
the physical network card device 4 sets MASTER 1.
6. the docker-based network high availability method of claim 4, wherein the adding and constructing a virtual network card device configuration file comprises configuring a start mode and a master network card name of each network card.
7. The docker-based network high availability method of claim 5, wherein the method for completing the binding procedure is as follows:
The physical network card device 1 and the physical network card device 2 are aggregated into a virtual network card device 0, the physical network card device 3 and the physical network card device 4 are aggregated into a virtual network card device 1, the virtual network card device 0 and the virtual network card device 1 are aggregated into a virtual network card device 2, and the virtual network card device 2 is provided with a MASTER (bond) 2.
8. a network high-availability device based on docker is characterized by comprising:
The virtual network card device is used for aggregating the physical network card device 1 and the physical network card device 2 into a virtual network card device 0, aggregating the physical network card device 3 and the physical network card device 4 into a virtual network card device 1, aggregating the virtual network card device 0 and the virtual network card device 1 into a virtual network card device 2, and setting MASTER (bind) 2 in the virtual network card device 2;
the system comprises a docker container network device, a server and a server, wherein the docker container network device is used for starting a docker server service, setting the docker server service to a none mode and closing a bridge mode; checking whether a network bridge device exists through a network plug-in, and if not, automatically creating a Linux bridge device;
creating a path device for the container, providing a network card and connecting to the br0 bridge device; finding the process ID of the container in the host machine by using docker instance, then linking the network namespace of the container to the network equipment directory through the process ID, and configuring the network of the container on the host machine through an ip netns command;
The network bridge card is used for adding the created path pair equipment into the container and the network bridge equipment respectively, the name in the container is set as eth1 by default, and both eth0 and docker0 are disabled; an independent IP address is set for the network card of the container eth1, a default routing gateway address is added, and an application program in the container can complete network data transmission by carrying a virtual bound network card bond2 through the eth1 in the container and through the bridge br 0.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2016108741627 | 2016-09-30 | ||
| CN201610874162 | 2016-09-30 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106506314A CN106506314A (en) | 2017-03-15 |
| CN106506314B true CN106506314B (en) | 2019-12-17 |
Family
ID=58330268
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611095487.1A Expired - Fee Related CN106506314B (en) | 2016-09-30 | 2016-12-01 | Network high-availability method and device based on docker |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106506314B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181701B (en) * | 2017-05-18 | 2018-07-20 | 腾讯科技(深圳)有限公司 | The collection method and device of common gateway interface data |
| CN108958794A (en) * | 2017-05-23 | 2018-12-07 | 深圳先进技术研究院 | A kind of Docker host, cloud robot system and its construction method based on Docker |
| CN107391235B (en) * | 2017-08-17 | 2020-12-01 | 苏州科达特种视讯有限公司 | Operation method and operation device of multi-service system |
| CN107666446B (en) * | 2017-09-14 | 2020-06-05 | 北京京东尚科信息技术有限公司 | Method and device for limiting downlink flow, uplink flow and bidirectional flow |
| CN107734037A (en) * | 2017-10-19 | 2018-02-23 | 郑州云海信息技术有限公司 | A kind of NAS clusters and data access method |
| CN107911239A (en) * | 2017-11-13 | 2018-04-13 | 郑州云海信息技术有限公司 | A kind of network card binding schema management method and device |
| CN108924268B (en) * | 2018-09-11 | 2021-05-25 | 网宿科技股份有限公司 | Container cloud service system and pod creation method and device |
| EP3637684A1 (en) * | 2018-10-12 | 2020-04-15 | Siemens Aktiengesellschaft | Method for automatically configuring a system, system, computer program and computer readable medium |
| CN109168185B (en) * | 2018-11-12 | 2021-01-22 | 杭州安恒信息技术股份有限公司 | Network scanning method and device based on network name space |
| CN110012125B (en) * | 2019-04-01 | 2022-02-01 | 优刻得科技股份有限公司 | Cluster network communication method, device, storage medium and equipment |
| CN111835684B (en) * | 2019-04-19 | 2023-01-20 | 厦门网宿有限公司 | Network isolation monitoring method and system for haproxy equipment |
| CN111835685B (en) * | 2019-04-19 | 2022-10-28 | 厦门网宿有限公司 | Method and server for monitoring running state of Nginx network isolation space |
| CN112764823B (en) * | 2019-10-18 | 2023-03-10 | 杭州海康威视数字技术股份有限公司 | Starting method of NVR (network video recorder) system, host operating system and data communication method |
| CN110830574B (en) * | 2019-11-05 | 2023-01-20 | 浪潮云信息技术股份公司 | Method for realizing intranet load balance based on docker container |
| CN111491040B (en) * | 2020-04-09 | 2023-03-24 | 北京城市网邻信息技术有限公司 | IP distribution method and IP distribution device |
| CN112272177B (en) * | 2020-10-23 | 2021-08-24 | 广州锦行网络科技有限公司 | Method for deploying honey net trapping nodes in batches |
| CN112333733B (en) * | 2020-11-04 | 2022-04-05 | 杭州海康威视数字技术股份有限公司 | Network connection establishing method and electronic equipment |
| CN112398936B (en) * | 2020-11-06 | 2023-03-28 | 浪潮云信息技术股份公司 | Kubernetes-based multi-network card container implementation method and system |
| CN116049896A (en) * | 2023-03-29 | 2023-05-02 | 中孚安全技术有限公司 | Method, system, equipment and medium for realizing data isolation under linux system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104951360A (en) * | 2015-06-30 | 2015-09-30 | 北京奇虎科技有限公司 | Configuration management mode and device based on Docker |
| CN105491123B (en) * | 2015-12-04 | 2019-02-22 | 北京航空航天大学 | Communication means and device between container |
| CN105812222A (en) * | 2016-03-10 | 2016-07-27 | 汉柏科技有限公司 | Multi-tenant virtual network and realization method based on virtual machine and container |
| CN106060122B (en) * | 2016-05-20 | 2019-03-05 | 北京奇虎科技有限公司 | Docker container uploads/downloads the control method and device of characteristic |
| CN105978781A (en) * | 2016-06-28 | 2016-09-28 | 浪潮电子信息产业股份有限公司 | Method and system for establishing network connection of Docker container, and client side |
-
2016
- 2016-12-01 CN CN201611095487.1A patent/CN106506314B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN106506314A (en) | 2017-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106506314B (en) | Network high-availability method and device based on docker | |
| US8601158B2 (en) | Virtual gateway router | |
| US8830870B2 (en) | Network adapter hardware state migration discovery in a stateful environment | |
| US9164795B1 (en) | Secure tunnel infrastructure between hosts in a hybrid network environment | |
| JP6033789B2 (en) | Integrated software and hardware system that enables automated provisioning and configuration based on the physical location of the blade | |
| US8954785B2 (en) | Redundancy and load balancing in remote direct memory access communications | |
| Wolf et al. | Virtualization: from the desktop to the enterprise | |
| US9928107B1 (en) | Fast IP migration in a hybrid network environment | |
| US9686129B2 (en) | Sharing a java virtual machine | |
| CN104079507A (en) | Method and device for synchronizing IP (Internet Protocol) information | |
| CN104718723A (en) | A framework for networking and security services in virtual networks | |
| CN101924693A (en) | Be used for method and system in migrating processes between virtual machines | |
| CN116348841A (en) | NIC supported distributed storage services | |
| CN105450759A (en) | System mirror image management method and device | |
| US20220231943A1 (en) | Dynamic ip routing in a cloud environment | |
| US8640127B2 (en) | Relocating guest machine using proxy tool having multiple virtual machines where one virtual machines provides host route for relocation | |
| US10931581B2 (en) | MAC learning in a multiple virtual switch environment | |
| US20230153140A1 (en) | Live migration between hosts of a virtual machine connection to a host interface | |
| US11405277B2 (en) | Information processing device, information processing system, and network communication confirmation method | |
| US11550608B2 (en) | Guest-to-host virtual networking | |
| US20240212019A1 (en) | Automated compatibility assessment and migration asset shape generation | |
| US20240211304A1 (en) | Systems and methods for migration planning, assessment, and launch | |
| US20240098021A1 (en) | Systems and methods for route mismatch identification | |
| US20240056402A1 (en) | Network architecture for dedicated region cloud at customer | |
| US20240195681A1 (en) | Secure bi-directional network connectivity system between private networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191217 Termination date: 20211201 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |