CN109617995A - To management system, method and the electronic equipment of tenant's cluster VPC internal container - Google Patents

To management system, method and the electronic equipment of tenant's cluster VPC internal container Download PDF

Info

Publication number
CN109617995A
CN109617995A CN201811653800.8A CN201811653800A CN109617995A CN 109617995 A CN109617995 A CN 109617995A CN 201811653800 A CN201811653800 A CN 201811653800A CN 109617995 A CN109617995 A CN 109617995A
Authority
CN
China
Prior art keywords
access request
management
encapsulation
server
encapsulated message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811653800.8A
Other languages
Chinese (zh)
Other versions
CN109617995B (en
Inventor
王风腾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Beijing Kingsoft Cloud Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Beijing Kingsoft Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd, Beijing Kingsoft Cloud Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Priority to CN201811653800.8A priority Critical patent/CN109617995B/en
Publication of CN109617995A publication Critical patent/CN109617995A/en
Application granted granted Critical
Publication of CN109617995B publication Critical patent/CN109617995B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application provides management system, method and the electronic equipment of a kind of pair of tenant's cluster VPC internal container, which includes: management object, management terminal and the network equipment;Management object operates on the first server cluster of cloud service tenant;Management terminal operates on the second server cluster of cloud service provider;Management terminal sends access request to management object by the network equipment, to be managed to the management object;The access request of management terminal is packaged by the network equipment, and the access request after encapsulation is sent to management object.The management terminal for corresponding to cloud service tenant is deployed on the second server cluster of cloud service provider by which, thus when by the management terminal to corresponding management object is managed, without logging in management terminal by way of the VPC for accessing tenant, avoid the operating process of encrypting and decrypting, simplify operating process, the complexity for effectively reducing operation management reduces manpower and time cost.

Description

To management system, method and the electronic equipment of tenant's cluster VPC internal container
Technical field
This application involves field of cloud computer technology, more particularly, to the management system of a kind of pair of tenant's cluster VPC internal container System, method and electronic equipment.
Background technique
Container technique virtualization technology has become a kind of server resource sharing mode being widely recognized as by everybody.Container Technology can provide greatly flexibly in the process of building container technique operation system example on demand for system manager Property.
Wherein, container cluster needed for tenant can use container platform application.Such as based on Google Kubernetes Container platform application container cluster when, default be the Etcd, Kube-ApiServer for needing to create tenant's clustered node, The service of Kube-Scheduler, Kube-Controller-Manager, these services are deployed in cloud service shown in FIG. 1 Tenant's cluster A and cloud service tenant's cluster B corresponding " management terminal ".
If cloud service tenant's cluster goes wrong, the management terminal for needing to log on each cloud service tenant is grasped Make;Since the management terminal of each cloud service tenant is deployed in respective virtual private cloud VPC (Virtual Private Cloud in), therefore the controlling terminal in the management cluster of cloud service provider needs to pass through encryption when accessing management terminal The process of decryption is accessed to corresponding VPC, is operated relatively complicated.Increase as tenant measures, tenant's cluster number increases, tenant's management Complexity can be gradually increased, and human cost and time cost are consequently increased.
Summary of the invention
In view of this, management system, the method for being designed to provide a kind of pair of tenant's cluster VPC internal container of the application And electronic equipment, to simplify the operating process of tenant's access, and then the complexity of later period operation management is effectively reduced, reduced Human cost and time cost.
In a first aspect, the embodiment of the present application provides the management system to tenant's cluster VPC internal container, comprising: management Object, management terminal and the network equipment;The management object operates on the first server cluster of cloud service tenant, and described One server cluster is built in virtual private cloud VPC network environment;The management terminal operates in the of cloud service provider On two server clusters, the network environment of the network environment of the second server cluster and the first server cluster every From;The management terminal by the network equipment to the management object send access request, with to the management object into Row management;The network equipment is connect with the management terminal and management object communication respectively, and the network equipment is used for institute The access request for stating management terminal is packaged, and the access request after encapsulation is sent to the management object.
With reference to first aspect, the embodiment of the present application provides the first possible embodiment of first aspect, wherein institute Stating first server cluster includes an at least server;Operation has at least one pod on the server;It is transported in the pod Row has at least one container;The management object is the container in the pod for operate in the first server cluster.
With reference to first aspect, the embodiment of the present application provides second of possible embodiment of first aspect, wherein institute Stating second server cluster includes an at least server;Operation has at least one pod on the server;It is transported in the pod Row has at least one container;The management terminal operates in the container of the second server cluster.
The first or second of possible embodiment, the embodiment of the present application with reference to first aspect provides first party The third possible embodiment in face, wherein the server is virtual machine or physical machine.
The third possible embodiment with reference to first aspect, the embodiment of the present application provide the 4th kind of first aspect Possible embodiment, wherein the access request is for accessing to the management object inside target tenant VPC;It is described Access request includes source address and destination address;The source address is the container IP address where the management terminal, the mesh Address be manage object container IP address.
The 4th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the 5th kind of first aspect Possible embodiment, wherein the network equipment includes bridge, net on the server where operating in the management terminal Network component and network interface card;The bridge is used to the access request being forwarded to the networking component;The networking component receives After access request, preset package module is called to be packaged the access request, and the access request after encapsulation is sent To the network interface card.
The 5th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the 6th kind of first aspect Possible embodiment, wherein the network equipment further include: operate in the net in the virtual private cloud VPC network environment The interchanger for closing and being connect respectively with the network interface card and gateway communication;Access request after the network interface card is used to encapsulate is sent To the interchanger;Access request after encapsulation is sent to the gateway by the interchanger;The gateway is by the visit after encapsulation Ask the server that request is sent to where management object;The access request is sent to the management object by the server.
The 5th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the 7th kind of first aspect Possible embodiment, wherein the package module includes: VNI encapsulation unit, for carrying out VNI envelope to the access request Dress, obtains the first encapsulated message;UDP encapsulation unit obtains the second envelope for carrying out UDP encapsulation to first encapsulated message Fill message;IP encapsulation unit carries out IP encapsulation to second encapsulated message, obtains third encapsulated message;Ethernet encapsulation Unit obtains the 4th encapsulated message for carrying out Ethernet encapsulation to the third encapsulated message.
The 7th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the 8th kind of first aspect Possible embodiment, wherein the VNI encapsulation unit is also used to: based on the destination address in the access request, from VNI corresponding with the destination address is obtained in Neutron;Wherein, the VNI is the VXLAN network mark of the VPC where tenant Know;Increase VXLAN header heading in the header of the access request, wherein the VXLAN header heading Including the VNI.
The 7th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the 9th kind of first aspect Possible embodiment, wherein the UDP encapsulation unit is also used to: based on the destination address in the access request, from DestPort corresponding with destination address is obtained in Neutron;Wherein, the DestPort is the server managed where object UDP port number;Increase Outer UDP header heading in the header of first encapsulated message;Wherein, described Outer UDP header heading includes the DestPort.
The 8th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the tenth kind of first aspect Possible embodiment, wherein the IP encapsulation unit is also used to: based on the destination address in the access request, from IP DA is obtained in Neutron;Wherein, the IP DA is the IP address for managing the server where object;In second envelope The header for filling message increases Outer IP header heading, wherein the Outer IP header heading includes The IP DA.
The 8th kind of possible embodiment with reference to first aspect, the embodiment of the present application provide the 11st of first aspect The possible embodiment of kind, wherein the Ethernet encapsulation unit is also used to: based on the destination in the access request Location obtains MAC DA from Neutron;Wherein, the MAC DA is the MAC Address for managing the server where object;Institute The header for stating third encapsulated message increases Outer Ethernet header heading, wherein the Outer Ethernet header heading includes the MAC DA.
Second aspect, the embodiment of the present application also provide the management method of a kind of pair of tenant's VPC internal container, are applied to network Component, which comprises after the networking component receives access request, four layers of encapsulation are carried out to the access request, and Access request after encapsulation is sent to network interface card;Wherein, described that four layers of encapsulation are carried out to the access request, comprising: to access Request carries out VNI encapsulation, obtains the first encapsulated message;UDP encapsulation is carried out to first encapsulated message, obtains the second encapsulation report Text;IP encapsulation is carried out to second encapsulated message, obtains third encapsulated message;The third encapsulated message is carried out Ethernet encapsulation, obtains the 4th encapsulated message.
In conjunction with second aspect, the embodiment of the present application provides the first possible embodiment of second aspect, wherein institute It states and VNI is carried out to access request encapsulates to obtain the first encapsulated message, comprising: based on the destination address in the access request, from VNI corresponding with the destination address is obtained in Neutron;Wherein, the VNI is the VXLAN network mark of the VPC where tenant Know;Increase VXLAN header heading in the header of the access request, wherein the VXLAN header heading Including the VNI.
In conjunction with second aspect, the embodiment of the present application provides second of possible embodiment of second aspect, wherein institute It states and UDP encapsulation is carried out to first encapsulated message, obtain the second encapsulated message, comprising: based on the mesh in the access request Address, DestPort corresponding with destination address is obtained from Neutron;Wherein, the DestPort is management object institute Server UDP port number;Increase Outer UDP header heading in the header of first encapsulated message; Wherein, the Outer UDP header heading includes the DestPort.
In conjunction with second aspect, the embodiment of the present application provides the third possible embodiment of second aspect, wherein institute It states and IP encapsulation is carried out to second encapsulated message, obtain third encapsulated message, comprising: based on the purpose in the access request Address obtains IP DA from Neutron;Wherein, the IP DA is the IP address for managing the server where object;Described The header of second encapsulated message increases Outer IP header heading, wherein the Outer IP header message Head includes the IP DA.
In conjunction with second aspect, the embodiment of the present application provides the 4th kind of possible embodiment of second aspect, wherein institute It states and Ethernet encapsulation is carried out to the third encapsulated message, obtain the 4th encapsulated message, comprising: based in the access request Destination address, from Neutron obtain MAC DA;Wherein, the MAC DA is the MAC for managing the server where object Location;Increase Outer Ethernet header heading in the header of the third encapsulated message, wherein the Outer Ethernet header heading includes the MAC DA.
The third aspect, the embodiment of the present application also provide a kind of computer-readable medium, and the machine readable storage medium is deposited Machine-executable instruction is contained, when being called and being executed by processor, the machine is executable to be referred to the machine-executable instruction Order promotes the processor to realize method described in the first aspect and its any possible embodiment.
Fourth aspect, the embodiment of the present application also provide a kind of electronic equipment, including memory, processor, the memory On be stored with the computer program that can be run on the processor, the processor is realized when executing the computer program State method described in first aspect and its any possible embodiment.
The embodiment of the present application bring it is following the utility model has the advantages that
The management system of a kind of pair of tenant's cluster VPC internal container is provided in the embodiment of the present application, which includes: pipe Manage object, management terminal and the network equipment;Management object operates on the first server cluster of cloud service tenant, first service Device cluster building is in virtual private cloud VPC network environment;Management terminal operates in the second server collection of cloud service provider On group, the network environment of second server cluster is isolated with the network environment of first server cluster;Management terminal passes through network Equipment sends access request to management object, to be managed to the management object;The network equipment respectively with management terminal and pipe Object communication connection is managed, the network equipment asks the access after encapsulation for being packaged the access request of management terminal It asks and is sent to management object.The management terminal for corresponding to cloud service tenant is deployed in the second of cloud service provider by which On server cluster, thus when being managed by the management terminal to management object, without passing through access cloud service tenant The mode of VPC log in management terminal, avoid the operating process of encrypting and decrypting, simplify operating process, and then effectively drop The low complexity of later period operation management, reduces human cost and time cost.
Other feature and advantage of the application will illustrate in the following description, also, partly become from specification It obtains it is clear that being understood and implementing the application.The purpose of the application and other advantages are in specification and attached drawing Specifically noted structure is achieved and obtained.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the application specific embodiment or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the application, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of network model schematic diagram of container platform system in the prior art;
Fig. 2 is the structural representation of the management system of a kind of couple of tenant cluster VPC internal container provided by the embodiments of the present application Figure;
Fig. 3 is that another kind provided by the embodiments of the present application shows the structure of the management system of tenant's cluster VPC internal container It is intended to;
Fig. 4 is the schematic diagram of the message of the access request after a kind of encapsulation provided by the embodiments of the present application;
Fig. 5 is a kind of flow diagram of access request encapsulation process provided by the embodiments of the present application;
Fig. 6 is the structural schematic diagram of a kind of electronic equipment provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with attached drawing to the application Technical solution be clearly and completely described, it is clear that described embodiment is some embodiments of the present application, rather than Whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall in the protection scope of this application.
The network model of currently used container platform system is as shown in Figure 1, comprising: the management cluster of cloud service provider With cloud service tenant's cluster.Wherein, management cluster includes cluster management terminal and controlling terminal, and cluster management terminal and control are eventually End is connected by the corresponding network equipment (such as interchanger), for managing the controlling terminal.Cloud service tenant's clustered deploy(ment) exists In the corresponding VPC of tenant, in each cloud service tenant cluster, it is deployed with such as Etcd, Kube-ApiServer, Kube- The management terminal of the services such as Scheduler, Kube-Controller-Manager uses tenant's application in tenant's cluster Resource node accesses control.
It is arranged in the VPC of cloud service tenant due to management terminal, in order to guarantee the network security of tenant, works as system administration When personnel carry out operational administrative to some tenant, corresponding encrypting and decrypting program is carried out by controlling terminal, could be passed through corresponding The network equipment log in the management terminal that each cloud service tenant is accessed.Increase in this way as tenant measures, tenant's cluster number increases More, browsing process and operational administrative complexity can be gradually increased, and human cost and time cost are consequently increased.
Based on this, management system, method and the electricity of a kind of couple of tenant cluster VPC internal container provided by the embodiments of the present application The management terminal for corresponding to cloud service tenant is deployed in the second server cluster of cloud service provider in the technology by sub- equipment On, thus when being managed by the management terminal to management object, without by way of the VPC for accessing cloud service tenant Management terminal is logged in, the operating process of encrypting and decrypting is avoided, simplifies operating process, and then effectively reduce later period O&M The complexity of management reduces human cost and time cost.
For convenient for understanding the present embodiment, first to a kind of couple of tenant's cluster VPC disclosed in the embodiment of the present application The management system of internal container describes in detail.
The management system of a kind of couple of tenant cluster VPC internal container provided by the embodiments of the present application shown referring to fig. 2 Structural schematic diagram.The management system to tenant's cluster VPC internal container includes: management object, management terminal and the network equipment.
Wherein the management object operates on the first server cluster of cloud service tenant, the first server cluster building In virtual private cloud VPC network environment, wherein the management object be can be, but not limited to develop program.Management terminal operates in On the second server cluster of cloud service provider, the network environment of second server cluster and the network of first server cluster It is environmentally isolated.That is, mutually disconnected between the network environment of first server cluster and the network environment of device cluster, cannot directly into Row double layered communication need to carry out data exchange by non-routable agreement.
Management terminal sends access request to management object by the network equipment, to be managed to the management object.Example Such as, which may include the operations such as the log for management object being increased, modify, deleting and being obtained newly management object.
The above-mentioned network equipment is connect with management terminal and management object communication respectively, which is used for management terminal Access request be packaged, and the access request after encapsulation is sent to management object.
In the embodiment of the present application, the management terminal for corresponding to cloud service tenant is deployed in the second clothes of cloud service provider It is engaged on device cluster, thus when being managed by the management terminal to management object, without passing through access cloud service tenant's The mode of VPC logs in management terminal, avoids the operating process of encrypting and decrypting, simplifies operating process, and then effectively reduce The complexity of later period operation management, reduces human cost and time cost.
In a possible embodiment, referring to Fig. 3, first server cluster includes an at least server;On the server Operation has at least one pod;Operation has at least one container in the pod;Managing object is to operate in first server cluster Container in pod.Second server cluster includes an at least server;Operation has at least one pod on the server;It should Operation has at least one container in pod;Management terminal operates in the container of second server cluster.On it should be noted that Stating server can be virtual machine or physical machine.Management object and management terminal are disposed in a manner of container in this way, are easy to move It plants, convenient for management, and overhead can be effectively reduced.
It should be noted that the structure of Pod and server is only with server A 1 or server B 1 and corresponding in Fig. 3 It for Pod1, is not intended as specifically limiting, the structure in other each Pod can be identical, includes multiple containers;Other are each Structure in server can be identical, includes multiple Pod.
In addition, the VPC of each cloud service tenant needs independent since the VPC of each cloud service tenant is mutually isolated Distribution server (virtual machine or physical machine);It is at this time realization to multiple spot management, to prevent caused by a server failure Cloud service tenant can not normal use VPC the problem of, usually individually distribute multiple services in the VPC of each cloud service tenant Device, to dispose multiple management terminals.Therefore when tenant's amount is gradually increased, the following resources requirement is gradually increased, and is provided Source utilization rate is relatively low, results in waste of resources.
And above-mentioned management terminal is the second server that cloud service provider is deployed in the form of container in the present embodiment It, can be by the management terminal portion of different tenants on cluster, therefore in order to improve resource utilization while realizing multiple spot management Administration is in same server, and in a possible embodiment based on this, above-mentioned management terminal can be divided into multiple groups, wrap in every group The management terminal corresponding to each cloud service tenant is included, group of the above-mentioned management terminal according to belonging to it is disposed on the server, Above-mentioned management terminal is namely subjected to unified plan according to group, such as by a certain group of management terminal unified plan same On server.Orderly disposed by multiple groups in this way, multiple spot management, while improving resource utilization, safeguards system it is reliable Property.
For example, it is assumed that above-mentioned cloud service tenant includes tenant A and tenant B, three management terminals are distributed for each tenant, are rented A corresponding management terminal in family is respectively terminal a1, terminal a2 and terminal a3;The corresponding management terminal of tenant B be respectively terminal b1, Terminal b2 and terminal b3;It includes tenant A and tenant B that tenant A and the corresponding management terminal of tenant B, which are divided into three groups, every group, Management terminal, such as three groups be respectively as follows: one group, terminal a1 and terminal b1;Two groups, terminal a2 and terminal b2;Three groups, terminal a3 With terminal b3.To realize multiple spot management, each group of management terminal is deployed on the same virtual machine, to utilize three void Quasi- machine stores above-mentioned six management terminals.
It follows that when each tenant needs to distribute n management terminal, the prior art one tenant of every increase is then needed Increase n server;When the number of tenant is m, required number of servers is m*n;And in the present embodiment, server Quantity be to be determined according to the maximum of its container that can be disposed, when the maximum of server born is enough (i.e. one When a server can dispose m container), it is only necessary to n server, therefore, the present embodiment can be in safeguards systems While reliability, resource utilization is effectively increased.
It is at this time reality since the network environment of second server cluster is isolated with the network environment of the first server cluster The management object being now deployed in the first server cluster of VPC network environment and the management being deployed on second server cluster The communication of terminal further includes in a possible embodiment the access section connecting with management terminal in above-mentioned first server cluster Point, management object can access management terminal by the accessed node.For example, the deployment access section in the first server cluster Point ingress, the Ingress can provide the access entrance of the cluster outside access cluster, to realize management object to pipe Manage the access of terminal.
And for from management terminal to the communication direction of management object, the network environment as where managing object is VPC Network belongs to internal private network, therefore management terminal is limited, external (except VPC) network to the access of management object The management object inside VPC can not directly be accessed.Based on this, the application is the access request by the network equipment to management terminal It is packaged, and the access request after encapsulation is sent to management object, to realize visit of the management terminal to management object It asks.Wherein, the access request is for accessing to the management object inside target tenant VPC;The access request includes source Location and destination address;The source address is that (Internet Protocol is interconnected between network by container IP where management terminal Agreement) address, which is the container IP address for managing object.
Above-mentioned access request can also include the mark of cloud service tenant, which can use title either coding schedule Show.Such as the administrative staff of the system, it needs to access some management object of cloud service tenant, then can pass through management terminal Interactive interface sends the access request, and the access request is sent to corresponding management eventually according to the mark of cloud service tenant End.
In a possible embodiment, referring to Fig. 3, the above-mentioned network equipment includes on the server where operating in management terminal Bridge, networking component and network interface card;Bridge is used to access request being forwarded to networking component;Networking component receives access request Afterwards, it calls preset package module to be packaged access request, and the access request after encapsulation is sent to network interface card, Jin Ertong It crosses the network interface card and sends out access request from transit server.
Wherein above-mentioned package module can be, but not limited to include following unit:
(1) VNI encapsulation unit obtains the first encapsulated message for carrying out VNI encapsulation to above-mentioned access request.
It should be noted that record has management object in the web services component Neutron of system in the embodiment of the present application IP address and VNI, DestPort, IP DA and MAC DA between corresponding relationship.Wherein VNI (VXLAN Network Identifier) VXLAN (Virtual Extensible LAN, empty like extension local area network) network of the VPC where tenant Mark;Wherein, which is UDP (User Datagram Protocol, the number of users for managing the server where object According to datagram protocol) port numbers;Wherein, which is the IP address for managing the server where object.MAC (the Media Access Control, media access control) DA be manage object where server MAC Address.
Therefore, above-mentioned VNI encapsulation unit, is also used to: based on the destination address in above-mentioned access request, from Neutron Obtain VNI corresponding with destination address;Wherein, should;Increase VXLAN header heading in the header of access request, In, which includes above-mentioned VNI.The different VPC belongs to different VXLAN, to realize different VPC Network Isolation.
In specific implementation, in order to guarantee the integralities of data, referring to fig. 4, above-mentioned VXLAN header heading includes Field it is specific as follows:
VXLAN Flags: marker bit, 16 bits (storage size occupied);
Group ID: tenant organizes ID, 16 bits.When taking 1 for VXLAN Flags field first, the value of the field is Group ID.When taking 0, the value of the field is full 0;
VNI:VXLAN network identity is made of for distinguishing VXLAN sections 24 bits, supports the up to tenant of 16M.One Tenant can have one or more VNI, cannot directly carry out two layers between the tenant of different VNI and be in communication with each other, to realize net Network isolation;
Reserved: being left unused, and is made of 8 bits, is set as 0.
(2) UDP encapsulation unit obtains the second encapsulated message for carrying out UDP encapsulation to the first encapsulated message.
Wherein UDP encapsulation unit is specifically used for based on the destination address in above-mentioned access request, obtained from Neutron with The corresponding DestPort of destination address;Increase Outer UDP header message in the header of above-mentioned first encapsulated message Head;Wherein, which includes above-mentioned DestPort.
In specific implementation, in order to guarantee the integralities of data, referring to fig. 4, Outer UDP header heading is specific Including following field:
DestPort: purpose UDP port number is set as 4789 (can change);As manage the server where object UDP port number;
Source Port: source UDP port number, the value after being calculated according to internal layer Ethernet message head by hash algorithm;As The UDP port number of server where management terminal.
(3) IP encapsulation unit obtains third encapsulated message for carrying out IP encapsulation to above-mentioned second encapsulated message.
Wherein IP encapsulation unit is specifically used for obtaining IP from Neutron based on the destination address in above-mentioned access request DA;Increase Outer IP header heading in the header of above-mentioned second encapsulated message, wherein the Outer IP Header heading includes above-mentioned IP DA.
In specific implementation, in order to guarantee the integralities of data, referring to fig. 4, Outer IP header heading is specifically wrapped Include following field:
IP SA: source IP address, the IP address of the tunnel VXLAN source VTEP;The IP of server as where management terminal Address;
IP DA: purpose IP address, the IP address of the tunnel VXLAN destination VTEP, the as server where management object IP address.
(4) Ethernet encapsulation unit obtains the 4th envelope for carrying out Ethernet encapsulation to above-mentioned third encapsulated message Fill message.
Wherein Ethernet encapsulation unit is specifically used for based on the destination address in above-mentioned access request, from Neutron Obtain MAC DA;Increase Outer Ethernet header heading in the header of the third encapsulated message, wherein on Stating Outer Ethernet header heading includes above-mentioned MAC DA.
In specific implementation, in order to guarantee the integralities of data, referring to fig. 4, above-mentioned Outer Ethernet header report Literary head specifically includes following field;
MAC DA: target MAC (Media Access Control) address, to reach ((the tunnel side Vxlan Tunnel End Point, Vxlan purpose VTEP Edge node) path on, the MAC Address of next-hop device;As manage the MAC Address of the server where object;
MAC SA: source MAC sends the MAC Address of the source VTEP of message;Server as where management terminal MAC Address;
802.1Q Tag: Optional Field, the field are the VLAN Tag carried in message;
Ethernet Type: Ethernet message type, the field value is 0x0800 in IP agreement message.
In addition, in specific implementation, the original message head of above-mentioned access request can be, but not limited to include interior zone net Network heading Inner Ethemet header, internal IP packet head inner IP header and key message Payload are (i.e. Access request when unencapsulated).Wherein for the container IP address where storage management terminal, pipe in inner IP header Manage the container IP address of object.
It should be noted that above-mentioned VNI encapsulation unit, UDP encapsulation unit, IP encapsulation unit and Ethernet encapsulation unit Encapsulation sequence in encapsulation process is unlimited, is not limited thereto.
After the encapsulation for completing above-mentioned access request, in order to realize the access to VPC network, the above-mentioned network equipment is also wrapped It includes: the gateway operated in virtual private cloud VPC network environment and the interchanger being connect respectively with network interface card and gateway communication.It should Network interface card is used to the access request after encapsulation being sent to interchanger;Access request after encapsulation is sent to gateway by the interchanger; Access request after encapsulation is sent to the server where management object by gateway;The access request is sent to management by server Object.
For example, the gateway parses the header of the access request after encapsulation, the management of target tenant therein is obtained The IP address of server where object, so that the access request is sent to corresponding server.
In possible embodiment, it is provided with decapsulation module in the server where above-mentioned management object, the deblocking Die-filling piece, according to corresponding rule, decapsulates the access request after the encapsulation, to obtain the IP address of management object. Then according to the IP address of above-mentioned management object, access request is sent to objective management object.
In same VPC, due to the IP address of management object be it is unique, managing server where object can be with It is directly accessed by the IP address in the VPC where it and manages object accordingly, to realize management terminal to tenant's The access of management object in VPC.
In this method embodiment, from the management terminal of second server cluster to the VPC internal transmission of cloud service tenant Access request be packaged by preset package module, wherein encapsulation after heading in include management terminal where clothes The IP address of business device is decapsulated after the server receives access request to obtain the key message of access request, will The key message is forwarded to the corresponding management object of the inside of the VPC of its tenant, to realize management terminal to the VPC of tenant The access of management object in private network.
For the ease of the understanding to above-described embodiment, the embodiment of the present application also provides one is realize example.Assuming that the The management pair in the server B 1 in management terminal a access first server cluster in server A 1 in two server clusters As the request container log in b, detailed process can be described as follows:
Management terminal a in server A 1 generates the access request for accessing container log.Wherein in the access request IP address (internal network source address) including management terminal a: 10.100.1.2 manages the IP address (Intranet destination address) of object: 10.100.2.2。
By the bridge (such as can be docker) that first access request is sent in networking component, and sent out by the bridge It send to networking component, which calls preset package module, and the IP address pair of management object b is obtained from Neutron The information such as the VNI, DestPort, IP DA and the MAC DA that answer, are packaged access request.Wherein assume the management got The IP address (outer net source address) of server where terminal a are as follows: 172.20.33.110 manages the server where object b IP address (outer net destination address) is 172.16.1.2.
Access request after encapsulation is sent to gateway by interchanger by networking component, and gateway asks the access after the encapsulation The heading asked is parsed, and determines that the corresponding server of outer net destination address 172.16.1.2 is server B 1, by the envelope Access request after dress is sent to server B 1.
Server B 1 continues to parse the access request after the encapsulation, determines the corresponding pipe of Intranet destination address 10.100.2.2 Managing object is management object b, and access request is sent to management object b.
To sum up, pass through from the network environment of the VPC of network environment and tenant where second server cluster to message Communication is realized in encapsulation.From the management terminal of second server cluster internal access tenant VPC inside management object when, pass through Specific package module, increases the outlet message of second server cluster, and target is the internal control object of the VPC of tenant The IP address of the server at place.When exporting the server where message to the internal control object of the VPC of tenant, server Specific decapsulation module can split outlet message, analytic message, the inside for forwarding it to the VPC of its tenant is to be visited Management object, to realize the access of management terminal in second server cluster to the management object in the VPC of tenant.
The embodiment of the present application also provides the management method of a kind of pair of tenant's VPC internal container, this method is applied to network Component, this method comprises: carrying out four layers of encapsulation to the access request, and will be after encapsulation after networking component receives access request Access request be sent to network interface card;Wherein, right referring to Fig. 5, access request carries out four layers of encapsulation, including the following steps:
Step S501 carries out VNI encapsulation to access request, obtains the first encapsulated message;
Step S502 carries out UDP encapsulation to above-mentioned first encapsulated message, obtains the second encapsulated message;
Step S503 carries out IP encapsulation to above-mentioned second encapsulated message, obtains third encapsulated message;
Step S504 carries out Ethernet encapsulation to above-mentioned third encapsulated message, obtains the 4th encapsulated message.
Optionally, above-mentioned steps S501 is included: and is obtained from Neutron based on the destination address in above-mentioned access request VNI corresponding with destination address;Wherein, which is the VXLAN network identity of the VPC where tenant;In above-mentioned access request Header increases VXLAN header heading, wherein the VXLAN header heading includes the VNI.
Optionally, above-mentioned steps S502 is included: and is obtained from Neutron based on the destination address in above-mentioned access request DestPort corresponding with destination address;Wherein, which is the UDP port number for managing the server where object;? The header of above-mentioned first encapsulated message increases Outer UDP header heading;Wherein, the Outer UDP header Heading includes above-mentioned DestPort.
Optionally, above-mentioned steps S503 is included: and is obtained from Neutron based on the destination address in above-mentioned access request IP DA;Wherein, which is the IP address for managing the server where object;In the header of above-mentioned second encapsulated message Increase Outer IP header heading, wherein the Outer IP header heading includes above-mentioned IP DA;
Optionally, above-mentioned steps S504 is included: and is obtained from Neutron based on the destination address in above-mentioned access request MAC DA;Wherein, which is the MAC Address for managing the server where object;In the message of above-mentioned third encapsulated message Head increases Outer Ethernet header heading, wherein the Outer Ethernet header heading includes institute State MAC DA.
Referring to Fig. 6, the embodiment of the present application also provides a kind of electronic equipment 100, comprising: processor 40, memory 41, bus 42 and communication interface 43, the processor 40, communication interface 43 and memory 41 are connected by bus 42;Processor 40 is for holding The executable module stored in line storage 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, Random Access Memory), It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least One communication interface 43 (can be wired or wireless) realizes the communication between the system network element and at least one other network element Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 42 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 6, it is not intended that an only bus or A type of bus.
Wherein, memory 41 is for storing program, and the processor 40 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned the embodiment of the present application any embodiment discloses defines can be applied to handle In device 40, or realized by processor 40.
Processor 40 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side Each step of method can be completed by the integrated logic circuit of the hardware in processor 40 or the instruction of software form.Above-mentioned Processor 40 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present application Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly in hardware decoding processing Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally In the storage medium of field maturation.The storage medium is located at memory 41, and processor 40 reads the information in memory 41, in conjunction with Its hardware completes the step of above method.
Management method provided by the embodiments of the present application to tenant's VPC internal container, with provided by the above embodiment to rent The management system technical characteristic having the same of family VPC internal container reaches identical so also can solve identical technical problem Technical effect.
The computer program product of the management method to tenant's VPC internal container is carried out provided by the embodiment of the present application, Computer readable storage medium including storing the executable non-volatile program code of processor, said program code include Instruction can be used for executing previous methods method as described in the examples, specific implementation can be found in embodiment of the method, herein no longer It repeats.
It is apparent to those skilled in the art that for convenience and simplicity of description, the method for foregoing description , can be with reference to the corresponding process in aforementioned system embodiment with the specific work process of electronic equipment, details are not described herein.
The flow chart and block diagram in the drawings show multiple embodiment method and computer program products according to the application Architecture, function and operation in the cards.In this regard, each box in flowchart or block diagram can represent one A part of module, section or code, a part of the module, section or code include it is one or more for realizing The executable instruction of defined logic function.It should also be noted that in some implementations as replacements, function marked in the box It can also can occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be substantially parallel Ground executes, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram And/or the combination of each box in flow chart and the box in block diagram and or flow chart, it can the function as defined in executing Can or the dedicated hardware based system of movement realize, or can come using a combination of dedicated hardware and computer instructions real It is existing.
In the description of the present application, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for describe the application and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation, It is constructed and operated in a specific orientation, therefore should not be understood as the limitation to the application.In addition, term " first ", " second ", " third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.Unless specifically stated otherwise, otherwise exist Component described in these embodiments and opposite step, numerical expression and the numerical value of step do not limit the scope of the application.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, the application Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the application State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with Store the medium of program code.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen It please be described in detail, those skilled in the art should understand that: anyone skilled in the art Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution, should all cover the protection in the application Within the scope of.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.

Claims (19)

1. the management system of a kind of pair of tenant's cluster VPC internal container characterized by comprising management object, management terminal and The network equipment;
The management object operates on the first server cluster of cloud service tenant, and the first server cluster building is in void In quasi- private clound VPC network environment;
The management terminal operates on the second server cluster of cloud service provider, the network of the second server cluster Environment is isolated with the network environment of the first server cluster;
The management terminal by the network equipment to the management object send access request, with to the management object into Row management;
The network equipment is connect with the management terminal and management object communication respectively, and the network equipment is used for the pipe The access request of reason terminal is packaged, and the access request after encapsulation is sent to the management object.
2. system according to claim 1, which is characterized in that
The first server cluster includes an at least server;
Operation has at least one pod on the server;Operation has at least one container in the pod;
The management object is the container in the pod for operate in the first server cluster.
3. system according to claim 1, which is characterized in that
The second server cluster includes an at least server;
Operation has at least one pod on the server;Operation has at least one container in the pod;
The management terminal operates in the container of the second server cluster.
4. system according to claim 2 or 3, which is characterized in that
The server is virtual machine or physical machine.
5. system according to claim 4, which is characterized in that the access request is used for inside to target tenant VPC Management object accesses;The access request includes source address and destination address;The source address is the management terminal institute Container IP address, the destination address be manage object container IP address.
6. system according to claim 5, which is characterized in that the network equipment includes operating in the management terminal institute Server on bridge, networking component and network interface card;
The bridge is used to the access request being forwarded to the networking component;
After the networking component receives access request, preset package module is called to be packaged the access request, and Access request after encapsulation is sent to the network interface card.
7. system according to claim 6, which is characterized in that the network equipment further include: operate in the virtual private The interchanger for having the gateway in cloud VPC network environment and being connect respectively with the network interface card and gateway communication;
The network interface card is used to the access request after encapsulation being sent to the interchanger;
Access request after encapsulation is sent to the gateway by the interchanger;
Access request after encapsulation is sent to the server where management object by the gateway;
The access request is sent to the management object by the server.
8. system according to claim 6, which is characterized in that the package module includes:
VNI encapsulation unit obtains the first encapsulated message for carrying out VNI encapsulation to the access request;
UDP encapsulation unit obtains the second encapsulated message for carrying out UDP encapsulation to first encapsulated message;
IP encapsulation unit carries out IP encapsulation to second encapsulated message, obtains third encapsulated message;
Ethernet encapsulation unit obtains the 4th encapsulated message for carrying out Ethernet encapsulation to the third encapsulated message.
9. system according to claim 8, which is characterized in that the VNI encapsulation unit is also used to:
Based on the destination address in the access request, VNI corresponding with the destination address is obtained from Neutron;Wherein, The VNI is the VXLAN network identity of the VPC where tenant;
Increase VXLAN header heading in the header of the access request, wherein the VXLAN header message Head includes the VNI.
10. system according to claim 8, which is characterized in that the UDP encapsulation unit is also used to:
Based on the destination address in the access request, DestPort corresponding with destination address is obtained from Neutron;Its In, the DestPort is the UDP port number for managing the server where object;
Increase Outer UDP header heading in the header of first encapsulated message;Wherein, the Outer UDP Header heading includes the DestPort.
11. system according to claim 8, which is characterized in that the IP encapsulation unit is also used to:
Based on the destination address in the access request, IP DA is obtained from Neutron;Wherein, the IP DA is management pair As the IP address of the server at place;
Increase Outer IP header heading in the header of second encapsulated message, wherein the Outer IP Header heading includes the IP DA.
12. system according to claim 8, which is characterized in that the Ethernet encapsulation unit is also used to:
Based on the destination address in the access request, MAC DA is obtained from Neutron;Wherein, the MAC DA is management The MAC Address of server where object;
Increase Outer Ethernet header heading in the header of the third encapsulated message, wherein described Outer Ethernet header heading includes the MAC DA.
13. the management method of a kind of pair of tenant's VPC internal container, which is characterized in that be applied to networking component, the method packet It includes:
After the networking component receives access request, four layers of encapsulation are carried out to the access request, and by the access after encapsulation Request is sent to network interface card;It is wherein, described that four layers of encapsulation are carried out to the access request, comprising:
VNI encapsulation is carried out to access request, obtains the first encapsulated message;
UDP encapsulation is carried out to first encapsulated message, obtains the second encapsulated message;
IP encapsulation is carried out to second encapsulated message, obtains third encapsulated message;
Ethernet encapsulation is carried out to the third encapsulated message, obtains the 4th encapsulated message.
14. according to the method for claim 13, which is characterized in that described to encapsulate to obtain first to access request progress VNI Encapsulated message, comprising:
Based on the destination address in the access request, VNI corresponding with the destination address is obtained from Neutron;Wherein, The VNI is the VXLAN network identity of the VPC where tenant;
Increase VXLAN header heading in the header of the access request, wherein the VXLAN header message Head includes the VNI.
15. according to the method for claim 13, which is characterized in that it is described that UDP encapsulation is carried out to first encapsulated message, Obtain the second encapsulated message, comprising:
Based on the destination address in the access request, DestPort corresponding with destination address is obtained from Neutron;Its In, the DestPort is the UDP port number for managing the server where object;
Increase Outer UDP header heading in the header of first encapsulated message;Wherein, the Outer UDP Header heading includes the DestPort.
16. according to the method for claim 13, which is characterized in that it is described that IP encapsulation is carried out to second encapsulated message, Obtain third encapsulated message, comprising:
Based on the destination address in the access request, IP DA is obtained from Neutron;Wherein, the IP DA is management pair As the IP address of the server at place;
Increase Outer IP header heading in the header of second encapsulated message, wherein the Outer IP Header heading includes the IP DA.
17. according to the method for claim 13, which is characterized in that described to carry out Ethernet to the third encapsulated message Encapsulation, obtains the 4th encapsulated message, comprising:
Based on the destination address in the access request, MAC DA is obtained from Neutron;Wherein, the MAC DA is management The MAC Address of server where object;
Increase Outer Ethernet header heading in the header of the third encapsulated message, wherein described Outer Ethernet header heading includes the MAC DA.
18. a kind of computer readable storage medium, which is characterized in that computer program is stored on the storage medium, it is described The step of any one of claim 13 to 17 the method is realized when program is executed by processor.
19. a kind of electronic equipment characterized by comprising memory, processor and be stored on the memory and can be The computer program run on the processor, the processor realize any one of claim 13 to 17 when executing described program The step of the method.
CN201811653800.8A 2018-12-29 2018-12-29 Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment Active CN109617995B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811653800.8A CN109617995B (en) 2018-12-29 2018-12-29 Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811653800.8A CN109617995B (en) 2018-12-29 2018-12-29 Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment

Publications (2)

Publication Number Publication Date
CN109617995A true CN109617995A (en) 2019-04-12
CN109617995B CN109617995B (en) 2022-02-25

Family

ID=66016071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811653800.8A Active CN109617995B (en) 2018-12-29 2018-12-29 Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment

Country Status (1)

Country Link
CN (1) CN109617995B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111193653A (en) * 2019-12-31 2020-05-22 腾讯科技(深圳)有限公司 Data transmission method, device, equipment and storage medium
CN112291288A (en) * 2019-07-24 2021-01-29 北京金山云网络技术有限公司 Container cluster expansion method and device, electronic equipment and readable storage medium
CN112491984A (en) * 2020-11-13 2021-03-12 上海连尚网络科技有限公司 Container editing engine cluster management system based on virtual network bridge
CN112953884A (en) * 2019-12-10 2021-06-11 阿里巴巴集团控股有限公司 Method, device and apparatus for establishing access channel
CN113852669A (en) * 2021-09-03 2021-12-28 紫光云(南京)数字技术有限公司 Efficient container cluster deployment method suitable for various network environments
CN113947391A (en) * 2021-12-20 2022-01-18 深圳市明源云采购科技有限公司 Web-based adoption and enrollment system management method, device, equipment and storage medium
CN114640556A (en) * 2022-03-02 2022-06-17 京东科技信息技术有限公司 Cross-cluster network communication system and method
WO2023134066A1 (en) * 2022-01-14 2023-07-20 平安科技(深圳)有限公司 Virtual private cloud service access method, apparatus and device, and storage medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130185438A1 (en) * 2012-01-13 2013-07-18 Nec Laboratories America, Inc. Policy-Aware Based Method for Deployment of Enterprise Virtual Tenant Networks
CN105376303A (en) * 2015-10-23 2016-03-02 深圳前海达闼云端智能科技有限公司 Docker implementation system and communication method thereof
CN106559511A (en) * 2016-10-18 2017-04-05 上海优刻得信息科技有限公司 Cloud system, high in the clouds public service system and the exchanging visit method for cloud system
CN106899478A (en) * 2017-03-23 2017-06-27 国网浙江省电力公司 The method that power test business realizes resource resilient expansion by cloud platform
US20170249374A1 (en) * 2016-02-26 2017-08-31 Red Hat, Inc. Container clustering in a container-based architecture
US20180026877A1 (en) * 2016-02-04 2018-01-25 Twilio, Inc. Systems and methods for providing secure network exchanged for a multitenant virtual private cloud
CN107864131A (en) * 2017-11-03 2018-03-30 郑州云海信息技术有限公司 A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations
CN108108223A (en) * 2017-11-30 2018-06-01 国网浙江省电力公司信息通信分公司 Container Management platform based on Kubernetes
CN108462752A (en) * 2018-03-26 2018-08-28 深信服科技股份有限公司 It is a kind of to access method, system and the VPC management equipments and readable storage medium storing program for executing for sharing network
US20180314746A1 (en) * 2017-04-27 2018-11-01 Citrix Systems, Inc. Methods for enhancing a legacy single tenant application system to a multi-tenant application system with minimal changes
CN108920251A (en) * 2018-06-08 2018-11-30 郑州云海信息技术有限公司 A kind of management system and method for container
CN109032806A (en) * 2018-07-30 2018-12-18 华为技术有限公司 The service scheduling method and device of container
CN109067827A (en) * 2018-06-22 2018-12-21 杭州才云科技有限公司 Based on Kubernetes and OpenStack container cloud platform multi-tenant construction method, medium, equipment

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130185438A1 (en) * 2012-01-13 2013-07-18 Nec Laboratories America, Inc. Policy-Aware Based Method for Deployment of Enterprise Virtual Tenant Networks
CN105376303A (en) * 2015-10-23 2016-03-02 深圳前海达闼云端智能科技有限公司 Docker implementation system and communication method thereof
US20180026877A1 (en) * 2016-02-04 2018-01-25 Twilio, Inc. Systems and methods for providing secure network exchanged for a multitenant virtual private cloud
US20170249374A1 (en) * 2016-02-26 2017-08-31 Red Hat, Inc. Container clustering in a container-based architecture
CN106559511A (en) * 2016-10-18 2017-04-05 上海优刻得信息科技有限公司 Cloud system, high in the clouds public service system and the exchanging visit method for cloud system
CN106899478A (en) * 2017-03-23 2017-06-27 国网浙江省电力公司 The method that power test business realizes resource resilient expansion by cloud platform
US20180314746A1 (en) * 2017-04-27 2018-11-01 Citrix Systems, Inc. Methods for enhancing a legacy single tenant application system to a multi-tenant application system with minimal changes
CN107864131A (en) * 2017-11-03 2018-03-30 郑州云海信息技术有限公司 A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations
CN108108223A (en) * 2017-11-30 2018-06-01 国网浙江省电力公司信息通信分公司 Container Management platform based on Kubernetes
CN108462752A (en) * 2018-03-26 2018-08-28 深信服科技股份有限公司 It is a kind of to access method, system and the VPC management equipments and readable storage medium storing program for executing for sharing network
CN108920251A (en) * 2018-06-08 2018-11-30 郑州云海信息技术有限公司 A kind of management system and method for container
CN109067827A (en) * 2018-06-22 2018-12-21 杭州才云科技有限公司 Based on Kubernetes and OpenStack container cloud platform multi-tenant construction method, medium, equipment
CN109032806A (en) * 2018-07-30 2018-12-18 华为技术有限公司 The service scheduling method and device of container

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
WEI-TEK TSAI,XIN SUN,QIHONG SHAO: ""Two-Tier Multi-tenancy Scaling and Load Balancing"", 《2010 IEEE 7TH INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING》 *
周佳威: ""Kubernetes跨集群管理的设计与实现"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291288B (en) * 2019-07-24 2022-10-04 北京金山云网络技术有限公司 Container cluster expansion method and device, electronic equipment and readable storage medium
CN112291288A (en) * 2019-07-24 2021-01-29 北京金山云网络技术有限公司 Container cluster expansion method and device, electronic equipment and readable storage medium
CN112953884A (en) * 2019-12-10 2021-06-11 阿里巴巴集团控股有限公司 Method, device and apparatus for establishing access channel
CN112953884B (en) * 2019-12-10 2023-03-24 阿里巴巴集团控股有限公司 Method and device for establishing access channel
CN111193653A (en) * 2019-12-31 2020-05-22 腾讯科技(深圳)有限公司 Data transmission method, device, equipment and storage medium
CN111193653B (en) * 2019-12-31 2021-08-06 腾讯科技(深圳)有限公司 Data transmission method, device, equipment and storage medium
CN112491984A (en) * 2020-11-13 2021-03-12 上海连尚网络科技有限公司 Container editing engine cluster management system based on virtual network bridge
CN113852669A (en) * 2021-09-03 2021-12-28 紫光云(南京)数字技术有限公司 Efficient container cluster deployment method suitable for various network environments
CN113852669B (en) * 2021-09-03 2024-01-12 紫光云(南京)数字技术有限公司 Efficient container cluster deployment method suitable for various network environments
CN113947391A (en) * 2021-12-20 2022-01-18 深圳市明源云采购科技有限公司 Web-based adoption and enrollment system management method, device, equipment and storage medium
CN113947391B (en) * 2021-12-20 2022-04-08 深圳市明源云采购科技有限公司 Web-based adoption and enrollment system management method, device, equipment and storage medium
WO2023134066A1 (en) * 2022-01-14 2023-07-20 平安科技(深圳)有限公司 Virtual private cloud service access method, apparatus and device, and storage medium
CN114640556A (en) * 2022-03-02 2022-06-17 京东科技信息技术有限公司 Cross-cluster network communication system and method

Also Published As

Publication number Publication date
CN109617995B (en) 2022-02-25

Similar Documents

Publication Publication Date Title
CN109617995A (en) To management system, method and the electronic equipment of tenant's cluster VPC internal container
CN104685507B (en) Virtual secure device architecture is provided to virtual cloud foundation structure
CN104704778B (en) Method and system for virtual and physical network integration
CN103259727B (en) A kind of message forwarding method and equipment
CN105429870B (en) VXLAN security gateway devices under SDN environment and its application process
CN107911258A (en) A kind of realization method and system in the secure resources pond based on SDN network
CN106685826B (en) Switchboard stacked system, from equipment, exchange chip and processing protocol message method
CN107920023A (en) A kind of realization method and system in secure resources pond
CN106603550B (en) A kind of Network Isolation method and device
CN105765926A (en) Configurable service proxy mapping
CN105991387A (en) Message transformation method and device of virtual extensible local area network (VXLAN)
CN101286922B (en) Signalling control method, system and apparatus
CN105612719A (en) Enhanced network virtualization using metadata in encapsulation header
CN103716213B (en) The method run in fixed access network and in a user device
CN104010049A (en) Ethernet IP message packaging method based on SDN and network isolation and DHCP implementing method based on SDN
CN105991435B (en) For obtaining the method and device of port path
CN108173694A (en) The secure resources pond cut-in method and system of a kind of data center
CN107579900A (en) From the method, apparatus and system of vlan network access VXLAN networks
CN111064649A (en) Method and device for realizing binding of layered ports, control equipment and storage medium
CN107003860A (en) A kind of software defined network controller and its creation method
CN108432189A (en) Load balance on multiple endpoint of a tunnel
CN106789748A (en) A kind of distributed couple in multiplexer DAM stacking network system and its apparatus
CN109995639A (en) A kind of data transmission method, device, interchanger and storage medium
CN106506315B (en) A kind of transparent configuration method of message forwarding
CN110311860A (en) Multi-link load balance method and device under VXLAN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant