CN109587281B - Container configuration method and computing node - Google Patents

Container configuration method and computing node Download PDF

Info

Publication number
CN109587281B
CN109587281B CN201710911984.2A CN201710911984A CN109587281B CN 109587281 B CN109587281 B CN 109587281B CN 201710911984 A CN201710911984 A CN 201710911984A CN 109587281 B CN109587281 B CN 109587281B
Authority
CN
China
Prior art keywords
target
network
container
virtual machine
bridge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710911984.2A
Other languages
Chinese (zh)
Other versions
CN109587281A (en
Inventor
李涛
胡斐然
贾应波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201710911984.2A priority Critical patent/CN109587281B/en
Publication of CN109587281A publication Critical patent/CN109587281A/en
Application granted granted Critical
Publication of CN109587281B publication Critical patent/CN109587281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Abstract

The application discloses a container configuration method and a computing node, and belongs to the technical field of networks. The method is applied to any one of a plurality of computing nodes, wherein a virtual machine and a bridge configuration module are installed in the computing node, and the method comprises the following steps: the virtual machine receives a container configuration instruction for configuring the target container; the virtual machine generates a network resource creating request carrying a target network identifier and sends the network resource creating request to the control node; and when the virtual machine and the network bridge configuration module receive the network resource information sent by the control node, configuring a target container established in the virtual machine according to the network resource information. In the application, each container in the plurality of computing nodes respectively has an independent network resource, so that when the container in a certain computing node is migrated to other computing nodes, the container can communicate without changing the used network resource, thereby realizing the persistence and migration of the network resource used by the container.

Description

Container configuration method and computing node
Technical Field
The present application relates to the field of network technologies, and in particular, to a container configuration method and a computing node.
Background
Containers were born with the development of lightweight virtualization, which is located between the underlying operating system and the upper-level applications, and can shield the details of the underlying operating system to present a consistent interface to application developers. After the host creates the container, the host may configure an Internet Protocol (IP) address of the container, and the container may be used by the host after the configuration is completed.
Currently, the IP address of a container is managed on a single host basis, i.e., each host can configure an internal IP address for the created container. As shown in fig. 1, a host 1 having an IP address of 10.10.10.1 may configure internal IP addresses 172.28.0.2 and 172.28.0.3 for created containers c1 and c2, respectively. Likewise, host 2 with an IP address of 10.10.10.2 may configure internal IP addresses 172.28.0.2 and 172.28.0.3 for created containers c3 and c4, respectively.
In this case, communication between containers in different hosts may be implemented using Network Address Translation (NAT) technology. For example, when container c1 in host 1 communicates with container c3 in host 2, container c1 may transmit the generated data packet to the gateway of host 1, and the gateway of host 1 may translate the source address of the data packet from the internal IP address 172.28.0.2 of container c1 to the IP address 10.10.10.1 of host 1, and then forward the data packet to container c3 in host 2.
Since containers in different hosts use IP addresses of their hosts to communicate indirectly when communicating with each other, that is, access to a certain container is actually achieved by access to the host of the container, when a container in a certain host is migrated to another host, the access address of the container will be changed from the IP address of the host to the IP address of the other host, and thus, the related art cannot support persistence and migration of the IP address of the container.
Disclosure of Invention
The application provides a container configuration method and a computing node, which can solve the problem that the persistence and migration of an IP address of a container cannot be supported in the related technology. The technical scheme is as follows:
in a first aspect, a container configuration method is provided, which is applied to any one of a plurality of computing nodes, where a virtual machine and a bridge configuration module are installed in the computing node, and the method includes:
the virtual machine receives a container configuration instruction used for configuring a target container, wherein the container configuration instruction carries a target network identifier, the target container is borne on the virtual machine, and a target network is a network to which the target container needs to be accessed;
the virtual machine generates a network resource creating request carrying the target network identifier, sends the network resource creating request to a control node, distributes network resources of the target network for the target container by the control node, and sends network resource information corresponding to the network resources to the virtual machine and the bridge configuration module, wherein the network resource information comprises a target address of the target container, a target network type and a target network transmission mark;
and when the virtual machine and the network bridge configuration module receive the network resource information sent by the control node, configuring the target container created in the virtual machine according to the network resource information.
It should be noted that a container may be created in the virtual machine; the bridge configuration module may configure a bridge in the computing node, and the bridge may forward a data packet generated by a container in the virtual machine; the target network identification is used to uniquely identify the target network.
In addition, the network resource creation request may not only carry the target network identifier, but also carry the address of the virtual machine, so that the subsequent control node may accurately send the network resource information to the virtual machine and the bridge configuration module in the computing node according to the address of the virtual machine.
In the embodiment of the present invention, the containers in the plurality of computing nodes are all allocated network resources by the control node, that is, the network resources used by the containers in the plurality of computing nodes are all managed by the control node, at this time, each container in the plurality of computing nodes will own a separate network resource, and thus, each two containers in the plurality of computing nodes can directly communicate with each other through the respective network resources. In this case, when the container in a certain computing node among the plurality of computing nodes is migrated to another computing node, the container can communicate without changing the network resource used, and thus persistence and migration of the network resource used by the container are realized.
In addition, in the embodiment of the present invention, the Control node may allocate network resources to the multiple computing nodes according to networks to which the containers in the multiple computing nodes Access, so that the containers in the multiple computing nodes Access different networks are isolated, and the containers in the same network Access direct communication, and in a case where each container has a separate network resource, the containers in the same network Access are in two-layer interworking, and Media Access Control (MAC) addresses of the containers are visible to each other.
Wherein, when the virtual machine and the bridge configuration module receive the network resource information sent by the control node, configuring the target container created in the virtual machine according to the network resource information, including:
when the virtual machine receives the network resource information sent by the control node, configuring network resources corresponding to the network resource information for the target container;
and when the network bridge configuration module receives the network resource information sent by the control node, storing the network resource information into a network bridge, wherein the network bridge is used for forwarding the data message generated by the target container.
In the embodiment of the present invention, the virtual machine configures the network resource corresponding to the network resource information for the target container, that is, configures the network attribute of the target container, so that the target container can use the network resource to transmit the data packet, and the bridge configuration module stores the network resource information in the bridge, that is, configures the transmission attribute of the target container, so that the bridge can forward the data packet generated by the target container according to the network resource information.
The configuring, by the virtual machine, network resources corresponding to the network resource information for the target container includes:
when a target network interface connected to the target network does not exist in the virtual machine, creating the target network interface in the virtual machine according to the target network type;
the virtual machine takes the target network interface as a parent interface to establish a child interface as a container interface of the target container;
and the virtual machine sets the address of the container interface of the target container as the target address.
In the embodiment of the present invention, the target network interface is a network interface connected to the target network, that is, the container may access the target network through the target network interface. At this time, each network has a separate network interface, and the containers of the same network can access the same network interface, thereby realizing the isolation between the containers of different networks and realizing the two-layer intercommunication between the containers of the same network.
In addition, the target network interface is used as a parent interface to create a child interface as a container interface of the target container, that is, the target network interface is connected with the container interface of the target container, and at this time, the data packet sent by the target container through the container interface of the target container is transmitted to the target network interface.
Furthermore, the address of the container interface of the target container is set as the target address, that is, the address of the target container is set as the target address, so that the configuration of the network attribute of the target container can be realized.
The method comprises the following steps that a target Network interface is created in a Virtual machine according to a target Network identifier and the target Network type, wherein the target Network type is a Virtual local Area Network (Virtual L Area Network, vlan), the target Network transmission label is a target vlan label, and the method comprises the following steps:
creating a network interface for connecting a vlan in the virtual machine;
and setting the vlan tag of the corresponding subnet in the network interface as the target vlan tag to obtain the target network interface.
In the embodiment of the present invention, a network interface for connecting a vlan is created in the virtual machine, that is, a network interface capable of encapsulating a vlan tag for a data packet from a container is created in the virtual machine. And setting the vlan tag of the corresponding subnet as the target vlan tag in the network interface, that is, setting the vlan tag which can be encapsulated by the network interface as the target vlan tag, thereby obtaining the target network interface which can be connected to the target network.
The target network type is a Virtual eXtensible L ocular area network (vxlan) type, the target network transmission mark is a target vxlan mark, the bridge configuration module stores the network resource information into the bridge, and the method comprises the following steps:
and the bridge configuration module correspondingly stores the target address and the target vxlan identifier into the bridge.
It should be noted that, the bridge configuration module stores the target address and the target vxlan identifier into the bridge, so that the bridge can forward the data packet generated by the target container with the target address as the address according to the target xlan identifier, thereby implementing the configuration of the transmission attribute of the target container.
In practical applications, when receiving a data packet sent by a computing node other than the computing node, the bridge may also transmit the data packet to a target container, in which case, the bridge needs to store a correspondence between a target address and a target vlan tag, so that the bridge may transmit the data packet with the target address as the target address to the target container according to the target xlan tag. Therefore, when the bridge configuration module stores the network resource information in the bridge, the bridge configuration module may further store the target address and the target vlan tag in the bridge in a corresponding manner when the target network type is the vlan type and the target network transmission flag is the target vlan tag.
Further, after configuring the target container created in the virtual machine according to the network resource information, the method further includes:
when the target container receives a first sending instruction, transmitting the generated first data message to the target network interface through a container interface of the target container;
when the target network interface receives the first data message, generating a first encapsulation message carrying the first data message and the target vlan tag, and transmitting the first encapsulation message to the network bridge;
and when the network bridge receives the first encapsulation message, forwarding the first encapsulation message.
It should be noted that, in order to facilitate the bridge to distinguish the data packets from the vlan or the vxlan, the target network interface may encapsulate the first data packet using the target vlan tag to obtain a first encapsulated packet for transmission to the bridge. After receiving the first encapsulation message, the bridge may first determine whether the first encapsulation message carries a vlan tag, and if the first encapsulation message carries the vlan tag, the bridge may determine that the first encapsulation message is from the vlan.
In addition, after the bridge forwards the first encapsulation message, the other computing nodes may receive the first encapsulation message, and specifically, when the bridge in the other computing nodes receives the first encapsulation message sent by the computing node, the bridge may transmit the first encapsulation message to a network interface to which the first encapsulation message is sent according to a vlan tag carried by the first encapsulation message; when the network interface receives the first encapsulation message, the network interface may obtain a first data message from the first encapsulation message, and transmit the first data message to a corresponding container according to a destination address of the first data message.
Further, after configuring the target container created in the virtual machine according to the network resource information, the method further includes:
when the target container receives a second sending instruction, transmitting the generated second data message to the target network interface through the container interface of the target container;
when the target network interface receives the second data message, transmitting the second data message to the network bridge;
and when the bridge receives the second data message, generating a second encapsulation message carrying the second data message and the target vxlan identifier, and forwarding the second encapsulation message.
It should be noted that, after receiving the second data packet, the bridge may first determine whether the second data packet carries a vlan tag, and if not, may determine that the second data packet is from the vxlan, and at this time, the bridge may obtain a target vxlan identifier based on a source address (i.e., a target address) of the second data packet, generate a second encapsulation packet carrying the second data packet and the target vxlan identifier, and forward the second encapsulation packet.
In addition, after the bridge forwards the second encapsulation message, the other computing nodes may receive the second encapsulation message, specifically, when the bridge in the other computing nodes receives the second encapsulation message sent by the computing node, the bridge may obtain the second data message from the second encapsulation message, and transmit the second data message to a network interface to which the second encapsulation message is to be sent according to the vxlan identifier carried in the second encapsulation message; when the network interface receives the data packet, the data packet may be transmitted to a corresponding container according to a destination address of the data packet.
Further, the method further comprises:
when the network bridge receives an encapsulation message sent by other computing nodes except the computing node, if the encapsulation message carries a vlan tag, the network bridge transmits the encapsulation message to a destination network interface to which the encapsulation message is sent according to the vlan tag; when the destination network interface receives the packaging message, acquiring a data message from the packaging message, and transmitting the data message to a corresponding container according to the destination address of the data message;
if the vxlan identifier is carried in the encapsulated message, acquiring a data message from the encapsulated message, and transmitting the data message to a target network interface to which the encapsulated message is to be sent according to the vxlan identifier; and when the destination network interface receives the data message, transmitting the data message to a corresponding container according to the destination address of the data message.
In a second aspect, a computing node is provided, where the computing node has a function of implementing the behavior of the container configuration method in the first aspect. The computing node comprises at least one functional module, and the at least one functional module is configured to implement the container configuration method provided in the first aspect.
In a third aspect, a computing node is provided, where the structure of the computing node includes a processor and a memory, where the memory is used to store a program that supports the computing node to execute the container configuration method provided in the first aspect, and to store data used to implement the container configuration method provided in the first aspect. The processor is configured to execute programs stored in the memory. The computing node may further comprise a communication bus for establishing a connection between the processor and the memory.
In a fourth aspect, a computer-readable storage medium is provided, having stored therein instructions, which, when run on a computer, cause the computer to perform the container configuration method of the first aspect described above.
In a fifth aspect, there is provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the container configuration method of the first aspect described above.
The technical effects obtained by the second, third, fourth and fifth aspects are similar to the technical effects obtained by the corresponding technical means in the first aspect, and are not described herein again.
The beneficial effect that technical scheme that this application provided brought is: when receiving the container configuration instruction, the virtual machine in any one of the plurality of computing nodes may generate a network resource configuration request and send the network resource configuration request to the control node. After receiving the network resource configuration request, the control node may allocate network resources of a target network to which a target container is to be accessed to the target container, and send network resource information corresponding to the network resources to the virtual machine and the bridge configuration module in the computing node, and the virtual machine and the bridge configuration module configure the target container created in the virtual machine according to the network resource information. Since the network resources used by the containers in the plurality of computing nodes are all managed by the control node, each container in the plurality of computing nodes will own a separate network resource, and thus, each two containers in the plurality of computing nodes can directly communicate with each other through the respective network resources. In this case, when the container in a certain computing node among the plurality of computing nodes is migrated to another computing node, the container can communicate without changing the network resource used, and thus persistence and migration of the network resource used by the container are realized.
Drawings
FIG. 1 is a schematic diagram of a container configuration provided in the related art;
FIG. 2A is a schematic diagram of an implementation environment provided by embodiments of the invention;
FIG. 2B is a schematic diagram of another exemplary implementation environment provided by embodiments of the invention;
FIG. 3 is a schematic structural diagram of a compute node according to an embodiment of the present invention;
FIG. 4 is a flow chart of a method for configuring a container according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another computing node according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Before explaining the embodiments of the present invention in detail, application scenarios and implementation environments related to the embodiments of the present invention will be described.
First, an application scenario according to an embodiment of the present invention will be described.
The embodiment of the invention can be applied to a container configuration scene, and particularly can be applied to a scene of configuring network attributes (such as IP addresses, MAC addresses and the like) and transmission attributes (such as data transmission modes and the like) of a container after the container is created. For example, after receiving a configuration instruction triggered by a user, the virtual machine may configure the created container, or may create and configure a container.
Next, an embodiment environment according to the embodiment of the present invention will be described.
Fig. 2A is a schematic diagram of an implementation environment according to an embodiment of the present invention. Referring to fig. 2A, the implementation environment includes: a plurality of computing nodes 21 and a control node 22, each computing node 21 of the plurality of computing nodes 21 may communicate with the control node 22 through a wired connection or a wireless connection.
Wherein, for any computing node 21 in the plurality of computing nodes 21, the computing node 21 may send a network resource creation request to the control node 22 when receiving a container configuration instruction for configuring a target container; when the control node 22 receives the network resource creation request sent by the computing node 21, it may allocate a network resource to a target container, and send network resource information corresponding to the network resource to the computing node 21; when the computing node 21 receives the network resource information sent by the control node 22, the target container may be configured according to the network resource information.
The structure of the computing node 21 will be explained below.
Referring to fig. 2B, the computing node 21 may include: virtual machine 211, and bridge configuration module 212. The virtual machine 211 may have a container C created therein, and the virtual machine 211 may receive a container configuration instruction for configuring a target container, generate a network resource creation request according to the container configuration instruction, and send the network resource creation request to the control node 22. Thereafter, the virtual machine 211 and the bridge configuration module 212 may respectively receive the network resource information sent by the control node 22, and configure the target container created in the virtual machine 211 according to the network resource information.
Further, the computing node 21 may further include a network bridge B and a physical network card eth, and the network bridge B may forward the data packet from the container C out of the computing node 21 through the physical network card eth. Correspondingly, the virtual machine 211 may further include a container management module 2111, a management plug-in 2112, a network interface 2113 and a virtual network card eth ', and the container C in the virtual machine 211 may transmit the generated data packet to the bridge B through the corresponding network interface 2113 and virtual network card eth'.
The container management module 2111 may receive a container configuration instruction for configuring the target container, generate a network resource creation request according to the container configuration instruction, and transmit the network resource creation request to the management plugin 2112.
Among them, the management plug-in 2112 may include an Application Programming Interface (API) submodule and a network interface control submodule. The API sub-module may receive the network resource creation request transmitted by the container management module 2111, and send the network resource creation request to the control node 22, and then, the API sub-module may receive the network resource information sent by the control node 22; the network interface control sub-module may configure, according to the network resource information received by the API sub-module, a network resource corresponding to the network resource information for the target container in the virtual machine 211. That is, the management plug-in 2112 is used to take charge of network resource initialization in the virtual machine 211.
The bridge configuration module 212 may also receive network resource information sent by the control node 22, and store the network resource information in the bridge B, so that the bridge B may forward the data packet from the target container according to the network resource information. That is, the bridge configuration module 212 is responsible for network resource initialization in the compute node 21.
It should be noted that the management plug-in 2112 may provide network access capability for the container C in the virtual machine 211, and may communicate directly with the control node 22. In practical applications, the management plug-in 2112 and the control node 22 may be implemented in an OpenStack architecture, for example, the management plug-in 2112 may be a Kuryr plug-in OpenStack, and the control node 22 may include a Neutron component in OpenStack, at which time the management plug-in 2112 may call a Neutron public api to communicate with the control node 22.
In addition, the network interface 2113 may be a virtual bridge, i.e. a virtual two-layer switching device, and the network interface 2113 may be connected to a corresponding network, at this time, containers accessing the network may communicate with each other through the network interface 2113.
The structure of the control node 22 will be explained below.
Referring to fig. 2B, the control node 22 may include a container configuration module 221, and when receiving a network resource creation request sent by the virtual machine 211 in the computing node 21, the container configuration module 221 may allocate a network resource to a target container, and send network resource information corresponding to the network resource to the virtual machine 211 and the bridge configuration module 212 in the computing node 21, respectively.
It should be noted that the container configuration module 221 may directly communicate with the management plug-in 2112 in the virtual machine 211, and when the control node 22 is implemented in an OpenStack architecture, the container configuration module 221 may be a Neutron component in OpenStack.
Fig. 3 is a schematic structural diagram of a computing node according to an embodiment of the present invention, where the computing node may be the computing node 21 shown in fig. 2A. Referring to fig. 3, the computing node comprises at least one processor 301, a communication bus 302, a memory 303 and at least one communication interface 304.
The processor 301 may be a general-purpose Central Processing Unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more ics for controlling the execution of programs in accordance with the present invention.
The communication bus 302 may include a path that conveys information between the aforementioned components.
The Memory 303 may be a Read-Only Memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory 303 may be separate and coupled to the processor 301 through a communication bus 302. The memory 303 may also be integrated with the processor 301.
The communication interface 304 may be any device, such as a transceiver, for communicating with other devices or communication networks, such as ethernet, Radio Access Network (RAN), Wireless local area Network (W L AN), etc.
In particular implementations, processor 301 may include one or more CPUs such as CPU0 and CPU1 shown in fig. 3 for one embodiment.
In particular implementations, the compute node may include multiple processors, such as processor 301 and processor 305 shown in FIG. 3, for example, as an embodiment. Each of these processors may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
In particular implementations, the computing node may also include, as an example, an output device 306 and an input device 307, the output device 306 being in communication with the processor 301 and being capable of displaying information in a variety of ways, for example, the output device 306 may be a liquid crystal display (L CD), a light emitting diode (L ED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like.
The computing node may be a general purpose computing node or a special purpose computing node. In a specific implementation, the computing node may be a desktop computer, a laptop computer, a network server, a Personal Digital Assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, or an embedded device, and the embodiment of the present invention does not limit the type of the computing node.
The memory 303 is used for storing the program code 310 for executing the scheme of the present application, and the processor 301 is used for executing the program code 310 stored in the memory 303. The computing node may implement the operations performed by the computing node in the embodiment of fig. 4 below by the processor 301 and the program code 310 in the memory 303.
Fig. 4 is a flowchart of a container configuration method according to an embodiment of the present invention. Referring to fig. 4, the method includes:
step 401: and the virtual machine in the computing node receives a container configuration instruction for configuring the target container, wherein the container configuration instruction carries the target network identifier.
It should be noted that the computing node may be any one of a plurality of computing nodes, and a virtual machine and a bridge configuration module may be installed in the computing node. Wherein, a container can be established in the virtual machine; the bridge configuration module may configure a bridge in the computing node, and the bridge may forward a data packet generated by a container in the virtual machine.
In addition, a container configuration instruction is used for instructing the configuration of the target container created in the virtual machine, and the container configuration instruction can be triggered by a user or can be automatically triggered by the computing node. When the container configuration instruction is triggered by the user, the user may trigger through a first specified operation, where the first specified operation may be a click operation, a slide operation, a voice operation, or the like.
Also, the target network identification is used to uniquely identify the target network, for example, the target network identification may be the name of the target network, etc. The target container is borne on the virtual machine, that is, before the virtual machine receives the container configuration instruction, the virtual machine may already create the target container, and at this time, the virtual machine may directly configure the target container when receiving the container configuration instruction; or, when the virtual machine receives the container configuration instruction, the virtual machine may not have created the target container, and at this time, the virtual machine may create the target container first and then configure the target container.
Step 402: the virtual machine in the computing node generates a network resource creation request carrying a target network identifier, and sends the network resource creation request to the control node.
It should be noted that the network resource creation request is used to request the control node to allocate the network resource of the target network to the target container.
Further, in order to facilitate the subsequent control node to return the network resource information corresponding to the allocated network resource to the computing node, before step 402, the virtual machine may further obtain an address of the virtual machine, and then in step 402, the virtual machine may generate a network resource creation request carrying a target network identifier and the address of the virtual machine, and send the network resource creation request to the control node, so that the subsequent control node may accurately send the network resource information to the virtual machine and the bridge configuration module in the computing node according to the address of the virtual machine.
It should be noted that the address of the virtual machine may include a network address (e.g., an IP address, etc.), a MAC address, etc. of the virtual machine.
Step 403: and when the control node receives a network resource creation request sent by the virtual machine in the computing node, allocating the network resource of the target network for the target container according to the target network identifier.
When the control node allocates the network resource of the target network to the target container according to the target network identifier, the control node may acquire the network information of the target network according to the target network identifier, and allocate the network resource of the target network to the target container according to the network information of the target network.
It should be noted that the network information of a certain network may include subnet information, network type, network transmission flag, and the like of the network. For example, the network information of the target network may include target subnet information, target network type, target network transmission flag, and the like.
In addition, the network transmission flag of a certain network is used to flag data transmitted in the network, for example, when the network is a vlan, the network transmission flag of the network may be a vlan tag (i.e., vlan tag), and when the network is a vxlan, the network transmission flag of the network may be a vxlan identifier (i.e., vxlan id).
The control node may pre-store a correspondence between the network identifier and the network information, and at this time, when the control node acquires the network information of the target network according to the target network identifier, the control node may acquire the corresponding network information from the stored correspondence between the network identifier and the network information according to the target network identifier, and determine the acquired network information as the network information of the target network.
When the control node allocates the network resource of the target network to the target container according to the network information of the target network, a network address can be selected from a network segment indicated by the target subnet information included in the network information of the target network, a MAC address is generated, the network address and the MAC address are determined as the target address of the target container, information except the target subnet information in the network information of the target network and the target address is determined as network resource information, and the network resource corresponding to the network resource information is determined as the network resource of the target network allocated to the target container.
Step 404: and the control node respectively sends the network resource information corresponding to the network resource to the virtual machine and the network bridge configuration module in the computing node.
It should be noted that the network resource information corresponding to the network resource is related information of the network resource, and the network resource information may be a target address and information other than target subnet information in the network information of the target network, for example, the network resource information may include a target address, a target network type (e.g., vlan type or vxlan type), a target network transmission flag (e.g., target vlan tag or target vxlan identifier), and the like.
Specifically, the control node may send the network resource information to the virtual machine according to the address of the virtual machine in the computing node; the network resource information may be sent to a network bridge configuration module in the computing node according to the physical network card identifier of the computing node.
It should be noted that the virtual network card identifier may be used to uniquely identify the virtual network card, for example, the virtual network card identifier may be a name of the virtual machine network card; the physical network card identifier may be used to uniquely identify the physical network card, for example, the physical network card identifier may be a name of the physical network card.
The control node may pre-store a corresponding relationship between a virtual machine address and a virtual network card identifier, and at this time, when the control node acquires the virtual network card identifier of the virtual machine according to the address of the virtual machine in the computing node, the control node may acquire the corresponding virtual network card identifier from the stored corresponding relationship between the virtual machine address and the virtual network card identifier according to the address of the virtual machine, and determine the acquired virtual network card identifier as the virtual network card identifier of the virtual machine.
The control node may pre-store a corresponding relationship between the virtual network card identifier and the physical network card identifier, and at this time, when the control node acquires the physical network card identifier of the computing node according to the virtual network card identifier of the virtual machine, the control node may acquire the corresponding physical network card identifier from the stored corresponding relationship between the virtual network card identifier and the physical network card identifier according to the virtual network card identifier of the virtual machine, and determine the acquired physical network card identifier as the physical network card identifier of the computing node.
Step 405: when the virtual machine and the bridge configuration module in the computing node receive the network resource information sent by the control node, configuring a target container created in the virtual machine according to the network resource information.
It should be noted that, the process of configuring the target container according to the network resource information is a process of configuring network attributes (such as an IP address, a MAC address, and the like), transmission attributes (such as a data transmission manner, and the like) for the target container, and after the configuration is completed, the target container may transmit a data packet by using the network resource corresponding to the network resource information.
In addition, in the embodiment of the present invention, the containers in the plurality of computing nodes are all allocated network resources by the control node, that is, the network resources used by the containers in the plurality of computing nodes are all managed by the control node, at this time, each container in the plurality of computing nodes will own a separate network resource, and thus, each two containers in the plurality of computing nodes can directly communicate with each other through a respective network resource. In this case, when the container in a certain computing node among the plurality of computing nodes is migrated to another computing node, the container can communicate without changing the network resource used, and thus persistence and migration of the network resource used by the container are realized.
Furthermore, in the embodiment of the present invention, the control node may allocate network resources to the multiple computing nodes according to the networks to which the containers are to be accessed, so that the containers accessed to different networks in the multiple computing nodes are isolated, the containers accessed to the same network are in direct communication, and in the case that each container has a separate network resource, the containers accessed to the same network are in two-layer interworking, and MAC addresses of the containers are visible to each other.
Specifically, when the virtual machine receives the network resource information sent by the control node, configuring a network resource corresponding to the network resource information for a target container; when the network bridge configuration module receives the network resource information sent by the control node, the network resource information is stored in the network bridge in the computing node.
It should be noted that, before the virtual machine configures the network resource corresponding to the network resource information for the target container, the target container may be created in the virtual machine, and the virtual machine may create the target container in the virtual machine before receiving a container configuration instruction for configuring the target container, or may create the target container in the virtual machine when receiving the network resource information sent by the control node.
In addition, the virtual machine configures the network resource corresponding to the network resource information for the target container, that is, configures the network attribute of the target container so that the target container can use the network resource to transmit the data packet, and the bridge configuration module stores the network resource information into the bridge, that is, configures the transmission attribute of the target container so that the bridge can forward the data packet generated by the target container according to the network resource information.
When the virtual machine configures the network resource corresponding to the network resource information for the target container, it may first determine whether a target network interface connected to a target network exists in the virtual machine; when the target network interface does not exist in the virtual machine, creating the target network interface in the virtual machine according to the type of the target network; the virtual machine takes a target network interface as a father interface to establish a child interface as a container interface of a target container; the virtual machine sets an address of a container interface of a target container as a target address.
It should be noted that the target network interface is a network interface connected to the target network, that is, the container may access the target network through the target network interface. At this time, each network has a separate network interface, and the containers of the same network can access the same network interface, thereby realizing the isolation between the containers of different networks and realizing the two-layer intercommunication between the containers of the same network.
In addition, the target network interface is used as a parent interface to create a child interface as a container interface of the target container, that is, the target network interface is connected with the container interface of the target container, and at this time, the data packet sent by the target container through the container interface of the target container is transmitted to the target network interface.
Furthermore, the address of the container interface of the target container is set as the target address, that is, the address of the target container is set as the target address, so that the configuration of the network attribute of the target container can be realized.
The virtual machine may set a name of the network interface as a network identifier of a network to which the network interface is connected in advance, and at this time, when the virtual machine determines whether a target network interface connected to a target network exists in the virtual machine, it may determine whether a network interface whose name is the target network identifier exists in the virtual machine; if the network interface with the name of the target network identifier exists in the virtual machine, the target network interface exists in the virtual machine; if the network interface with the name of the target network identifier does not exist in the virtual machine, it can be determined that the target network interface does not exist in the virtual machine.
When the virtual machine creates a target network interface in the virtual machine according to the target network type, when the target network type is a vlan type and the target network transmission mark is a target vlan tag, creating a network interface for connecting the vlan in the virtual machine, and setting the vlan tag of a corresponding subnet as the target vlan tag in the network interface to obtain the target network interface; when the target network type is the vxlan type, a network interface used for connecting the vxlan is established in the virtual machine, and the network interface is used as the target network interface.
It should be noted that a network interface for connecting the vlan is created in the virtual machine, that is, a network interface capable of encapsulating a vlan tag for a data packet from a container is created in the virtual machine. And setting the vlan tag of the corresponding subnet as the target vlan tag in the network interface, that is, setting the vlan tag which can be encapsulated by the network interface as the target vlan tag, thereby obtaining the target network interface which can be connected to the target network.
In addition, when the target network type is a vlan type, a target network interface needs to be created in the virtual machine according to the target vlan tag, and when the target network type is a vxlan type, the target network interface can be directly created in the virtual machine without a target vxlan identifier, so that when the target network type is the vlan type, the network resource information sent to the virtual machine by the control node may carry a target network transmission mark, and when the target network type is the vxlan type, the network resource information sent to the virtual machine by the control node may not carry the target network transmission mark.
When the bridge configuration module stores the network resource information in the bridge, the target address and the target vxlan identifier may be correspondingly stored in the bridge when the target network type is the vxlan type and the target network transmission flag is the target vxlan identifier.
It should be noted that, the bridge configuration module stores the target address and the target vxlan identifier into the bridge, so that the bridge can forward the data packet generated by the target container with the target address as the address according to the target xlan identifier, thereby implementing the configuration of the transmission attribute of the target container.
In practical applications, when receiving a data packet sent by a computing node other than the computing node, the bridge may also transmit the data packet to a target container, in which case, the bridge needs to store a correspondence between a target address and a target vlan tag, so that the bridge may transmit the data packet with the target address as the target address to the target container according to the target xlan tag. Therefore, when the bridge configuration module stores the network resource information in the bridge, the bridge configuration module may further store the target address and the target vlan tag in the bridge in a corresponding manner when the target network type is the vlan type and the target network transmission flag is the target vlan tag.
Further, after configuring the target container created in the virtual machine according to the network resource information in step 405, the target container may send the generated data packet. When the network types of the target networks to which the target containers are accessed are different, the modes of sending the data messages by the target containers are also different, and the following two cases are specifically described.
In the first case: when the network type of the target network accessed by the target container is a vlan type, the process of forwarding the first data packet generated by the target container out of the computing node may include the following steps (1) - (3).
(1) And when the target container receives the first sending instruction, transmitting the generated first data message to a target network interface through a container interface of the target container.
It should be noted that the first sending instruction is used to instruct to send the generated first data packet, and the first sending instruction may be triggered by a user or may be triggered automatically by the computing node. When the first sending instruction is triggered by the user, the user can trigger through a second specified operation, and the second specified operation can be click operation, sliding operation, voice operation and the like.
In addition, because the container interface of the target container takes the target network interface as a parent interface, the target container can directly transmit the first data message to the target network interface after sending the generated first data message through the container interface of the target container.
(2) When the target network interface receives the first data message transmitted by the target container, a first encapsulation message carrying the first data message and the target vlan tag is generated, and the first encapsulation message is transmitted to the bridge.
It should be noted that, in order to facilitate the subsequent bridge to distinguish the data packet from the vlan or the vxlan, the target network interface may encapsulate the first data packet by using the target vlan tag, so as to obtain a first encapsulated packet for transmission to the bridge.
In addition, when the target network interface generates a first encapsulation packet carrying the first data packet and the target vlan tag, the target vlan tag may be used to encapsulate the first data packet, so as to attach the target vlan tag to the first data packet, thereby obtaining the first encapsulation packet.
Furthermore, when the target network interface transmits the first encapsulation message to the network bridge, the first encapsulation message can be transmitted to the network bridge through the virtual network card of the virtual machine.
(3) And when the network bridge receives the first encapsulation message transmitted by the target network interface, forwarding the first encapsulation message.
It should be noted that, after receiving the first encapsulation packet, the bridge may first determine whether the first encapsulation packet carries a vlan tag, and if the first encapsulation packet carries the vlan tag, may determine that the first encapsulation packet is from the vlan.
In addition, when the network bridge forwards the first encapsulation message, the network bridge can forward the first encapsulation message through the physical network card of the computing node.
Further, after the bridge forwards the first encapsulation packet, the other computing nodes may receive the first encapsulation packet, and specifically, when the bridge in the other computing nodes receives the first encapsulation packet sent by the computing node, the bridge may transmit the first encapsulation packet to a network interface to which the first encapsulation packet is sent according to a vlan tag carried by the first encapsulation packet; when the network interface receives the first encapsulation message, the network interface may obtain a first data message from the first encapsulation message, and transmit the first data message to a corresponding container according to a destination address of the first data message.
When the network bridge in the other computing node transmits the first encapsulation message to the network interface to which the first encapsulation message is sent according to the vlan tag carried by the first encapsulation message, the network bridge in the other computing node can determine the destination virtual machine according to the vlan tag carried by the first encapsulation message and transmit the first encapsulation message to the destination virtual machine; when the destination virtual machine receives the first encapsulation message, the network interface to which the first encapsulation message is sent can be determined according to the vlan tag carried by the first encapsulation message, and the first encapsulation message is transmitted to the network interface.
At this time, when the bridges in the other computing nodes determine the destination virtual machine according to the vlan tag carried in the first encapsulation packet, the bridges in the other computing nodes may obtain the container address stored corresponding to the vlan tag carried in the first encapsulation packet, and determine the virtual machine in which the container with the address being the obtained container address is located as the destination virtual machine.
When the destination virtual machine determines the network interface to which the first encapsulation message is to be sent according to the vlan tag carried by the first encapsulation message, the network interface, which can encapsulate the vlan tag carried by the first encapsulation message for the data message, in the destination virtual machine may be determined as the network interface to which the first encapsulation message is to be sent.
When the network interface in the other computing node obtains the first data packet from the first encapsulated packet, the network interface in the other computing node may decapsulate the first encapsulated packet to remove the vlan tag carried by the first encapsulated packet, so as to obtain the first data packet.
In the second case: when the network type of the target network accessed by the target container is the vxlan type, the process of forwarding the second data packet generated by the target container out of the computing node may include the following steps (4) - (6).
(4) And when the target container receives the second sending instruction, transmitting the generated second data message to the target network interface through the container interface of the target container.
It should be noted that the second sending instruction is used to instruct to send the generated second data message, and the second sending instruction may be triggered by a user or may be triggered automatically by the computing node. When the second sending instruction is triggered by the user, the user can trigger through a third specified operation, and the third specified operation can be click operation, sliding operation, voice operation and the like.
In addition, the container interface of the target container takes the target network interface as a parent interface, so that the target container can directly transmit the second data message to the target network interface after sending the generated second data message through the container interface of the target container.
(5) And when the target network interface receives the second data message transmitted by the target container, transmitting the second data message to the network bridge.
It should be noted that, when the target network interface transmits the second data packet to the bridge, the second data packet may be transmitted to the bridge through the virtual network card of the virtual machine.
(6) And when the network bridge receives a second data message transmitted by the target network interface, generating a second encapsulation message carrying the second data message and the target vxlan identifier, and forwarding the second encapsulation message.
It should be noted that, after receiving the second data packet, the bridge may first determine whether the second data packet carries a vlan tag, and if not, may determine that the second data packet is from the vxlan, and at this time, the bridge may obtain a target vxlan identifier based on a source address (i.e., a target address) of the second data packet, generate a second encapsulation packet carrying the second data packet and the target vxlan identifier, and forward the second encapsulation packet.
In addition, since the bridge stores the corresponding relationship between the target address and the target vxlan identifier in advance, after receiving the second data message, the bridge can directly obtain the target vxlan identifier stored in correspondence with the source address according to the source address (i.e., the target address) of the second data message.
And when the network bridge forwards the second encapsulation message, the network bridge can forward the second encapsulation message through the physical network card of the computing node.
Further, after the bridge forwards the second encapsulation packet, the other computing nodes may receive the second encapsulation packet, specifically, when the bridge in the other computing nodes receives the second encapsulation packet sent by the computing node, the bridge may obtain a second data packet from the second encapsulation packet, and transmit the second data packet to a network interface to which the second encapsulation packet is sent according to the vxlan identifier carried in the second encapsulation packet; when the network interface receives the data packet, the data packet may be transmitted to a corresponding container according to a destination address of the data packet.
When the bridges in the other computing nodes obtain the second data message from the second encapsulated message, the second encapsulated message may be decapsulated to remove the vxlan identifier carried by the second encapsulated message from the second encapsulated message, so as to obtain the second data message.
When the network bridge in the other computing node transmits the second data message to the network interface to which the second encapsulation message is sent according to the vxlan identifier carried in the second encapsulation message, the network bridge in the other computing node can determine a target virtual machine according to the vxlan identifier carried in the second encapsulation message and transmit the second data message to the target virtual machine; when the destination virtual machine receives the second data message, the network interface to which the second data message is to be sent can be determined according to the destination address of the second data message, and the second data message is transmitted to the network interface.
At this time, when the bridges in the other computing nodes determine the destination virtual machine according to the vxlan identifier carried in the second encapsulation packet, the bridges in the other computing nodes may obtain the container address stored corresponding to the vxlan identifier carried in the second encapsulation packet, and determine the virtual machine in which the container with the address being the obtained container address is located as the destination virtual machine.
When the destination virtual machine determines the network interface to which the second data message is to be sent according to the destination address of the second data message, the network interface connected to the container with the address of the destination virtual machine being the destination address of the second data message may be determined as the network interface to which the second data message is to be sent.
Further, the computing node may also receive the encapsulation packet sent by another computing node, and the operation of receiving the encapsulation packet sent by another computing node by the computing node is similar to the operation of receiving the first encapsulation packet or the second encapsulation packet sent by the computing node by the other computing node.
That is, when a bridge in the computing node receives an encapsulation message sent by other computing nodes except the computing node, if the encapsulation message carries a vlan tag, the encapsulation message may be transmitted to a destination network interface to which the encapsulation message is to be sent according to the vlan tag, and when the destination network interface receives the encapsulation message, a data message is obtained from the encapsulation message and transmitted to a corresponding container according to a destination address of the data message; if the vxlan identifier is carried in the encapsulated message, a data message can be acquired from the encapsulated message, the data message is transmitted to a destination network interface to which the encapsulated message is to be sent according to the vxlan identifier, and when the destination network interface receives the data message, the data message is transmitted to a corresponding container according to a destination address of the data message.
In the embodiment of the present invention, when receiving the container configuration instruction, the virtual machine in any one of the plurality of computing nodes may generate a network resource configuration request, and send the network resource configuration request to the control node. After receiving the network resource configuration request, the control node may allocate network resources of a target network to which a target container is to be accessed to the target container, and send network resource information corresponding to the network resources to the virtual machine and the bridge configuration module in the computing node, and the virtual machine and the bridge configuration module configure the target container created in the virtual machine according to the network resource information. Since the network resources used by the containers in the plurality of computing nodes are all managed by the control node, each container in the plurality of computing nodes will own a separate network resource, and thus, each two containers in the plurality of computing nodes can directly communicate with each other through the respective network resources. In this case, when the container in a certain computing node among the plurality of computing nodes is migrated to another computing node, the container can communicate without changing the network resource used, and thus persistence and migration of the network resource used by the container are realized.
Fig. 5 is a schematic structural diagram of a computing node according to an embodiment of the present invention, where the computing node is any one of multiple computing nodes, a virtual machine 501 and a bridge configuration module 502 are installed in the computing node, and the computing node may be the computing node shown in fig. 3.
Referring to fig. 5, the computing node includes:
a virtual machine 501, configured to perform step 401 in the embodiment of fig. 4;
the virtual machine 501 is further configured to execute step 402 in the embodiment of fig. 4, so that the control node executes step 403 and step 404 in the embodiment of fig. 4;
a virtual machine 501 and a bridge configuration module 502 for performing step 405 in the embodiment of fig. 4.
Alternatively,
the virtual machine 501 is configured to configure network resources corresponding to the network resource information for the target container when receiving the network resource information sent by the control node;
the bridge configuration module 502 is configured to, when receiving the network resource information sent by the control node, store the network resource information in a bridge, where the bridge is configured to forward a data packet generated by the target container.
Optionally, the virtual machine 501 is configured to:
when a target network interface connected to a target network does not exist in the virtual machine, creating the target network interface in the virtual machine according to the type of the target network;
creating a child interface as a container interface of the target container by taking the target network interface as a parent interface;
the address of the container interface of the target container is set to the target address.
Optionally, the target network type is a vlan type, and the target network transmission flag is a target vlan tag; virtual machine 501, configured to:
creating a network interface for connecting the vlan in the virtual machine;
and setting the vlan tag of the corresponding subnet as a target vlan tag in the network interface to obtain the target network interface.
Optionally, the target network type is a vxlan type, and the target network transmission mark is a target vxlan identifier; a bridge configuration module 502 for:
and storing the target address and the target vxlan identification in the bridge correspondingly.
Alternatively,
a target container for performing step (1) in step 405 in the embodiment of fig. 4;
a target network interface for performing step (2) of step 405 in the embodiment of fig. 4;
a bridge configured to perform step (3) of step 405 in the embodiment of fig. 4.
Alternatively,
a target container for performing step (4) of step 405 in the embodiment of fig. 4;
a target network interface for performing step (5) of step 405 in the embodiment of fig. 4;
a bridge for performing step (6) of step 405 in the embodiment of fig. 4.
In the embodiment of the present invention, when receiving the container configuration instruction, the virtual machine in any one of the plurality of computing nodes may generate a network resource configuration request, and send the network resource configuration request to the control node. After receiving the network resource configuration request, the control node may allocate network resources of a target network to which a target container is to be accessed to the target container, and send network resource information corresponding to the network resources to the virtual machine and the bridge configuration module in the computing node, and the virtual machine and the bridge configuration module configure the target container created in the virtual machine according to the network resource information. Since the network resources used by the containers in the plurality of computing nodes are all managed by the control node, each container in the plurality of computing nodes will own a separate network resource, and thus, each two containers in the plurality of computing nodes can directly communicate with each other through the respective network resources. In this case, when the container in a certain computing node among the plurality of computing nodes is migrated to another computing node, the container can communicate without changing the network resource used, and thus persistence and migration of the network resource used by the container are realized.
It should be noted that: in the above embodiment, when configuring the container, the computing node is only illustrated by dividing the functional modules, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the computing node and the container configuration method provided by the above embodiments belong to the same concept, and the specific implementation process thereof is described in the method embodiments, and is not described herein again.
The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g., from one website, computer, server, or data center via a wired (e.g., coaxial cable, fiber optic, Digital Subscriber line (Digital Subscriber line L ine, DS L)) or wireless (e.g., infrared, wireless, microwave, etc.) manner to transmit to another website, computer, server, or data center via a wired (e.g., Digital Subscriber line (DVD), DS L)) or wireless (e.g., infrared, wireless, microwave, etc.), may be any available media such as a Solid State Disk (DVD), or optical Disk (SSD), etc.), or any available media such as a floppy Disk, a Solid State Disk (DVD), or a Solid State Disk (optical Disk (DVD), etc.), or any available media such as a floppy Disk, or optical Disk (optical Disk, etc.), may be implemented in whole or in part using software.
The above-mentioned embodiments are provided not to limit the present application, and any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (15)

1. A container configuration method applied to any one of a plurality of computing nodes, wherein a virtual machine and a bridge configuration module are installed in the computing node, the method comprising:
the virtual machine receives a container configuration instruction used for configuring a target container, wherein the container configuration instruction carries a target network identifier, the target container is borne on the virtual machine, and a target network is a network to which the target container needs to be accessed;
the virtual machine generates a network resource creating request carrying the target network identifier, sends the network resource creating request to a control node, the control node allocates network resources of the target network for the target container, and sends network resource information corresponding to the network resources to the virtual machine and the bridge configuration module, wherein the network resource information comprises a target address of the target container, a target network type and a target network transmission mark, and the target network transmission mark is used for marking data transmitted in the target network;
and when the virtual machine and the network bridge configuration module receive the network resource information sent by the control node, configuring the target container created in the virtual machine according to the network resource information.
2. The method of claim 1, wherein the configuring the target container created in the virtual machine according to the network resource information when the virtual machine and the bridge configuration module receive the network resource information sent by the control node, comprises:
when the virtual machine receives the network resource information sent by the control node, configuring network resources corresponding to the network resource information for the target container;
and when the network bridge configuration module receives the network resource information sent by the control node, storing the network resource information into a network bridge, wherein the network bridge is used for forwarding the data message generated by the target container.
3. The method of claim 2, wherein the configuring, by the virtual machine, the network resource corresponding to the network resource information for the target container comprises:
when a target network interface connected to the target network does not exist in the virtual machine, creating the target network interface in the virtual machine according to the target network type;
the virtual machine takes the target network interface as a parent interface to establish a child interface as a container interface of the target container;
and the virtual machine sets the address of the container interface of the target container as the target address.
4. The method of claim 3, wherein the target network type is a Virtual Local Area Network (VLAN) type, and the target network transmission marker is a target vlan tag; the creating the target network interface in the virtual machine according to the target network type includes:
creating a network interface for connecting a vlan in the virtual machine;
and setting the vlan tag of the corresponding subnet in the network interface as the target vlan tag to obtain the target network interface.
5. The method of claim 4, wherein after configuring the target container created in the virtual machine according to the network resource information, further comprising:
when the target container receives a first sending instruction, transmitting the generated first data message to the target network interface through a container interface of the target container;
when the target network interface receives the first data message, generating a first encapsulation message carrying the first data message and the target vlan tag, and transmitting the first encapsulation message to the network bridge;
and when the network bridge receives the first encapsulation message, forwarding the first encapsulation message.
6. The method according to claim 2 or 3, wherein the target network type is a virtual extensible local area network, vxlan, type, and the target network transmission flag is a target vxlan flag; the bridge configuration module stores the network resource information into a bridge, and the method comprises the following steps:
and the bridge configuration module correspondingly stores the target address and the target vxlan identifier into the bridge.
7. The method of claim 6, wherein after configuring the target container created in the virtual machine according to the network resource information, further comprising:
when the target container receives a second sending instruction, transmitting the generated second data message to the target network interface through the container interface of the target container;
when the target network interface receives the second data message, transmitting the second data message to the network bridge;
and when the bridge receives the second data message, generating a second encapsulation message carrying the second data message and the target vxlan identifier, and forwarding the second encapsulation message.
8. The method of claim 5 or 7, further comprising:
when the network bridge receives an encapsulation message sent by other computing nodes except the computing node, if the encapsulation message carries a vlan tag, the network bridge transmits the encapsulation message to a destination network interface to which the encapsulation message is sent according to the vlan tag; when the destination network interface receives the packaging message, acquiring a data message from the packaging message, and transmitting the data message to a corresponding container according to the destination address of the data message;
if the vxlan identifier is carried in the encapsulated message, acquiring a data message from the encapsulated message, and transmitting the data message to a target network interface to which the encapsulated message is to be sent according to the vxlan identifier; and when the destination network interface receives the data message, transmitting the data message to a corresponding container according to the destination address of the data message.
9. A computing node, wherein the computing node is any one of a plurality of computing nodes, and wherein a virtual machine and a bridge configuration module are installed in the computing node, the computing node comprising:
the virtual machine is configured to receive a container configuration instruction for configuring a target container, where the container configuration instruction carries a target network identifier, the target container is borne on the virtual machine, and a target network is a network to which the target container needs to be accessed;
the virtual machine is further configured to generate a network resource creation request carrying the target network identifier, send the network resource creation request to a control node, allocate, by the control node, a network resource of the target network to the target container, and send network resource information corresponding to the network resource to the virtual machine and the bridge configuration module, where the network resource information includes a target address of the target container, a target network type, and a target network transmission flag, and the target network transmission flag is used to flag data transmitted in the target network;
and the virtual machine and the bridge configuration module are used for configuring the target container created in the virtual machine according to the network resource information when the network resource information sent by the control node is received.
10. The computing node of claim 9,
the virtual machine is used for configuring network resources corresponding to the network resource information for the target container when the network resource information sent by the control node is received;
and the network bridge configuration module is used for storing the network resource information into a network bridge when the network resource information sent by the control node is received, and the network bridge is used for forwarding the data message generated by the target container.
11. The computing node of claim 10, wherein the virtual machine is to:
when a target network interface connected to the target network does not exist in the virtual machine, creating the target network interface in the virtual machine according to the target network type;
creating a child interface as a container interface of the target container by taking the target network interface as a parent interface;
setting an address of a container interface of the target container as the target address.
12. The computing node of claim 11, wherein the target network type is a Virtual Local Area Network (VLAN) type, and the target network transmission marker is a target vlan tag; the virtual machine is configured to:
creating a network interface for connecting a vlan in the virtual machine;
and setting the vlan tag of the corresponding subnet in the network interface as the target vlan tag to obtain the target network interface.
13. The computing node of claim 12,
the target container is used for transmitting the generated first data message to the target network interface through a container interface of the target container when receiving a first sending instruction;
the target network interface is configured to generate a first encapsulation packet carrying the first data packet and the target vlan tag when receiving the first data packet, and transmit the first encapsulation packet to the bridge;
and the network bridge is used for forwarding the first encapsulation message when receiving the first encapsulation message.
14. The computing node according to claim 10 or 11, wherein the target network type is a virtual extensible local area network, vxlan, type, and the target network transmission marker is a target vxlan identity; the bridge configuration module is configured to:
and correspondingly storing the target address and the target vxlan identifier into the bridge.
15. The computing node of claim 14,
the target container is used for transmitting the generated second data message to the target network interface through a container interface of the target container when a second sending instruction is received;
the target network interface is configured to transmit the second data packet to the network bridge when receiving the second data packet;
and the network bridge is used for generating a second encapsulation message carrying the second data message and the target vxlan identifier when receiving the second data message, and forwarding the second encapsulation message.
CN201710911984.2A 2017-09-29 2017-09-29 Container configuration method and computing node Active CN109587281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710911984.2A CN109587281B (en) 2017-09-29 2017-09-29 Container configuration method and computing node

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710911984.2A CN109587281B (en) 2017-09-29 2017-09-29 Container configuration method and computing node

Publications (2)

Publication Number Publication Date
CN109587281A CN109587281A (en) 2019-04-05
CN109587281B true CN109587281B (en) 2020-07-28

Family

ID=65919122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710911984.2A Active CN109587281B (en) 2017-09-29 2017-09-29 Container configuration method and computing node

Country Status (1)

Country Link
CN (1) CN109587281B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109819070B (en) * 2019-04-12 2020-07-07 苏州浪潮智能科技有限公司 Network address translation method
CN110601949B (en) * 2019-09-10 2021-05-04 中国人民解放军国防科技大学 Multi-virtual equipment container networking method
CN113132188B (en) * 2019-12-31 2023-12-19 华为技术有限公司 Communication method and network equipment
CN111522624B (en) * 2020-04-17 2023-10-20 成都安恒信息技术有限公司 Message forwarding performance elastic expansion system and expansion method based on virtualization technology
CN114338606B (en) * 2020-09-25 2023-07-18 华为云计算技术有限公司 Public cloud network configuration method and related equipment
CN112291094B (en) * 2020-10-30 2022-07-15 康键信息技术(深圳)有限公司 Container network management method, device, equipment and storage medium
CN114615109B (en) * 2020-11-23 2024-03-01 北京达佳互联信息技术有限公司 Container network creation method, device, electronic equipment and storage medium
CN113810230A (en) * 2021-09-16 2021-12-17 广州虎牙科技有限公司 Method, device and system for carrying out network configuration on containers in container cluster
CN114172802B (en) * 2021-12-01 2024-04-26 百果园技术(新加坡)有限公司 Container network configuration method, device, computing node, master node and storage medium
CN114629844B (en) * 2022-02-28 2024-04-05 浙江大华技术股份有限公司 Message forwarding method and device and electronic equipment
CN114244717B (en) * 2022-02-28 2022-05-20 苏州浪潮智能科技有限公司 Configuration method and device of virtual network card resources, computer equipment and medium
CN115426259A (en) * 2022-08-29 2022-12-02 浪潮电子信息产业股份有限公司 Network access control method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105630607A (en) * 2015-12-23 2016-06-01 联想(北京)有限公司 Resource pool management method, container creation method and electronic equipment
CN106603592A (en) * 2015-10-15 2017-04-26 中国电信股份有限公司 Application cluster migrating method and migrating device based on service model
CN106844000A (en) * 2016-12-21 2017-06-13 北京大学 Using the method and apparatus of browser access linux container cluster under a kind of multi-user environment
JP2017167822A (en) * 2016-03-16 2017-09-21 Kddi株式会社 Network service evaluation system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9692666B2 (en) * 2014-12-22 2017-06-27 Rovio Entertainment Ltd. Container manager
CN106487850B (en) * 2015-08-29 2019-10-25 华为技术有限公司 The methods, devices and systems of mirror image are obtained under a kind of cloud environment
CN105812222A (en) * 2016-03-10 2016-07-27 汉柏科技有限公司 Multi-tenant virtual network and realization method based on virtual machine and container
CN105893133A (en) * 2016-03-31 2016-08-24 乐视控股(北京)有限公司 Application service seamless migration method and system based on container technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603592A (en) * 2015-10-15 2017-04-26 中国电信股份有限公司 Application cluster migrating method and migrating device based on service model
CN105630607A (en) * 2015-12-23 2016-06-01 联想(北京)有限公司 Resource pool management method, container creation method and electronic equipment
JP2017167822A (en) * 2016-03-16 2017-09-21 Kddi株式会社 Network service evaluation system
CN106844000A (en) * 2016-12-21 2017-06-13 北京大学 Using the method and apparatus of browser access linux container cluster under a kind of multi-user environment

Also Published As

Publication number Publication date
CN109587281A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
CN109587281B (en) Container configuration method and computing node
CN108293022B (en) Method, device and system for transmitting message
US11005755B2 (en) Packet processing method in cloud computing system, host, and system
US10491517B2 (en) Packet processing method in cloud computing system, host, and system
CN108347493B (en) Hybrid cloud management method and device and computing equipment
US10038665B2 (en) Reducing broadcast flooding in a software defined network of a cloud
CN106031116A (en) Method, apparatus and system for associating NS with VNF
CN105577632A (en) Secure network access method based on network isolation and terminal
CN113141405B (en) Service access method, middleware system, electronic device, and storage medium
CN108092923B (en) Message processing method and device based on SR-IOV
CN105450585A (en) Information transmission method and device
CN108540408B (en) Openstack-based distributed virtual switch management method and system
CN113342456A (en) Connection method, device, equipment and storage medium
CN108353017B (en) Computing system and method for operating multiple gateways on a multi-gateway virtual machine
CN113612643B (en) Network configuration method, device and equipment of cloud mobile phone and storage medium
CN114157455A (en) Data transmission method, device, equipment and storage medium
CN114531320A (en) Communication method, device, equipment, system and computer readable storage medium
CN113630300A (en) Method and node for message transmission
US11909624B2 (en) Communication method, apparatus, device, system, and computer-readable storage medium
US20240056391A1 (en) Communication method, apparatus, device, and system, and computer-readable storage medium
CN115333997A (en) Communication method, device, equipment, system and computer readable storage medium
CN114928589A (en) Data transmission method, data transmission device, computer readable medium and equipment
CN117527812A (en) Message request processing method, device, equipment and storage medium
CN117608746A (en) Virtual machine network equipment creation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220221

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technology Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right