CN112398688B - Container network configuration method, container network system, and storage medium - Google Patents

Container network configuration method, container network system, and storage medium Download PDF

Info

Publication number
CN112398688B
CN112398688B CN202011270398.2A CN202011270398A CN112398688B CN 112398688 B CN112398688 B CN 112398688B CN 202011270398 A CN202011270398 A CN 202011270398A CN 112398688 B CN112398688 B CN 112398688B
Authority
CN
China
Prior art keywords
virtual
physical host
container
vnic
local controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011270398.2A
Other languages
Chinese (zh)
Other versions
CN112398688A (en
Inventor
赖培源
李程
李奎
廖晓东
戴川
周海涛
王增辉
叶世兵
孙晓麒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong South China Technology Transfer Center Co ltd
Original Assignee
Guangdong South China Technology Transfer Center Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong South China Technology Transfer Center Co ltd filed Critical Guangdong South China Technology Transfer Center Co ltd
Priority to CN202011270398.2A priority Critical patent/CN112398688B/en
Publication of CN112398688A publication Critical patent/CN112398688A/en
Application granted granted Critical
Publication of CN112398688B publication Critical patent/CN112398688B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Abstract

The present disclosure provides a container network configuration method, a container network system and a storage medium, which relate to the technical field of cloud computing, wherein the configuration method comprises the following steps: deploying at least one virtual machine in a physical host machine, and deploying at least one container instance in the virtual machine; configuring a first virtual network card vNIC for a virtual machine through a local controller, and configuring a second vNIC for a container instance; the container instance is connected with the second vNIC and conducts data transmission; configuring a forwarding module through a local controller to be respectively connected with a first vNIC and a second vNIC, and performing data communication in a physical host machine and between the physical host machines through the forwarding module based on a message processing rule; the method, the system and the storage medium can reduce the switching load facing the container inside the virtual machine, reduce the cache relocation between the virtual machines once, effectively improve the overall performance of a container network and improve the flexibility of centralized control.

Description

Container network configuration method, container network system, and storage medium
Technical Field
The present disclosure relates to the field of cloud computing technologies, and in particular, to a container network configuration method, a container network system, and a storage medium.
Background
With the development of container technology and the continuous improvement of its arrangement technology, more and more manufacturers start to operate services in containers. In the current use scenario, a virtualization technology is combined with a container technology to construct a unified fusion platform, and a virtual machine and a container are nested and deployed. For the scenario, data communication of a common container network is realized through two layers of virtual switches deployed on a virtual machine and a host machine, and such a three-level jump network mode inevitably causes great performance loss, and the three-level jump also greatly increases the complexity of the network, and causes certain difficulty for network management.
Disclosure of Invention
The present disclosure is proposed to solve the above technical problems. Embodiments of the present disclosure provide a container network configuration method, a container network system, and a storage medium.
According to a first aspect of the embodiments of the present disclosure, there is provided a container network configuration method, including: deploying at least one virtual machine in a physical host machine, and deploying at least one container instance in the virtual machine; deploying a local controller in the physical host, configuring a first virtual network card vNIC for the virtual machine through the local controller, and configuring a second vNIC for the container instance; wherein the container instance is connected with the second vNIC and performs data transparent transmission; deploying a forwarding module in the physical host, configuring, by the local controller, the forwarding module to be connected with the first vNIC and the second vNIC, respectively, and configuring a message processing rule for the forwarding module; and performing data communication in the physical host machines and among the physical host machines through the forwarding module based on the message processing rule.
Optionally, the number of the physical hosts is multiple, and a local controller is deployed in each physical host; the method further comprises the following steps: each local controller sends the network configuration information to the centralized controller; and carrying out centralized configuration management on each local controller through the centralized controller, and providing a transportation and management platform interface for the outside.
Optionally, the forwarding module includes: virtual switch; deploying a virtual switch in each physical host; the method further comprises the following steps: configuring the virtual switch to be respectively connected with the first vNIC and the second vNIC through the local controller; and forwarding the interactive data between the virtual machines and the container examples in the physical host machine through the virtual switch and based on the message processing rule, and encapsulating and decapsulating the interactive data between the virtual machines and the container examples in the physical host machine and the interactive data between the virtual machines and the container examples in other physical host machines and forwarding the interactive data.
Optionally, configuring, by the local controller and based on an address configuration rule, a first virtual MAC address and a second virtual MAC address for the first vNIC and the second vNIC, respectively; the virtual switch judges whether the MAC address in the service message is a first virtual MAC address or a second virtual MAC address, and determines that the source or the destination of the service message is the virtual machine or the container instance based on the judgment result.
Optionally, the virtual switch receives a service message sent by a virtual machine or a container instance in the physical host machine, and acquires a target MAC address in the service message; and if the target MAC address is the first virtual MAC address of other virtual machines or the second virtual MAC address of other container instances deployed in the same physical host, the virtual switch forwards the service message to the other virtual machines or other container instances deployed in the same physical host.
Optionally, if the target MAC address is a first virtual MAC address of a virtual machine deployed in another physical host or a second virtual MAC address of a container instance, the virtual switch encapsulates a service packet based on a preset packet encapsulation rule, and sends the encapsulated service packet to the virtual switch in the another physical host through a tunnel; and the virtual switch in the other physical host machines decapsulates the encapsulated service message, and sends the service message to the virtual machines or container examples in the other physical host machines according to the target MAC address in the decapsulated service message.
Optionally, the local controller monitors the physical host where the local controller is located, so as to detect whether the network resource or the network configuration of the physical host changes; if yes, performing corresponding configuration processing through the local controller, and sending network configuration update information to the centralized controller; and the centralized controller performs network information synchronization processing on local controllers in other physical hosts based on the configuration updating information.
Optionally, the performing, by the local controller, corresponding configuration processing, and sending network configuration update information to the centralized controller further includes: if the virtual machine is detected to be added in the physical host machine, configuring the first vNIC for the newly added virtual machine through the local controller, and configuring a first virtual MAC address for the first vNIC; and sending network configuration updating information corresponding to the newly added virtual machine to the centralized controller through the local controller.
Optionally, the performing, by the local controller, corresponding configuration processing, and sending network configuration update information to the centralized controller further includes: if the fact that the container instance is added in the virtual machine is detected, configuring a second vNIC for the newly added container instance through the local controller, and configuring a second virtual MAC address for the second vNIC; configuring the newly-added container instance to be connected with the corresponding second vNIC through the local controller and carrying out data transmission; and the local controller sends the network configuration updating information corresponding to the newly added container instance to the centralized controller.
Optionally, the performing, by the local controller, corresponding configuration processing, and sending network configuration update information to the centralized controller further includes: if the virtual machine is detected to be deleted from the physical host machine, updating the network configuration information corresponding to the deleted virtual machine and all container instances deployed in the virtual machine through the local controller; and the local controller sends the network configuration updating information corresponding to the deleted virtual machine to the centralized controller.
Optionally, the performing, by the local controller, corresponding configuration processing, and sending network configuration update information to the centralized controller further includes: if the container instance is detected to be deleted in the physical host machine, updating network configuration information corresponding to the deleted container instance through the local controller; and the local controller sends the network configuration updating information corresponding to the deleted container instance to the centralized controller.
According to a second aspect of embodiments of the present disclosure, there is provided a container network system including: the system comprises a virtualized resource pool, a local controller and a forwarding module; the virtualized resource pool comprises: a physical host, at least one virtual machine deployed in the physical host, and at least one container instance deployed in the virtual machine; the local controller is deployed in the physical host machine and is used for configuring a first virtual network card vNIC for the virtual machine and configuring a second vNIC for the container instance, and the container instance is connected with the second vNIC and conducts data transmission; configuring the forwarding module to be respectively connected with the first vNIC and the second vNIC, and configuring message processing rules for the forwarding module; and the forwarding module is deployed in the physical host machine and used for carrying out data communication in the physical host machine and between the physical host machines based on the message processing rule.
Optionally, the number of the physical hosts is multiple, and a local controller is deployed in each physical host; the system further comprises: a centralized controller; each local controller sends network configuration information to the centralized controller; the centralized controller is used for performing centralized configuration management on each local controller and providing an operation and management platform interface for the outside.
Optionally, the forwarding module includes: virtual switch; deploying a virtual switch in each physical host; the local controller is further configured to configure the virtual switch to be connected to the first vNIC and the second vNIC respectively; the virtual switch is configured to forward the interactive data between the virtual machine and the container instance in the physical host machine based on the message processing rule, and encapsulate and decapsulate the interactive data between the virtual machine and the container instance in the physical host machine and the interactive data between the virtual machine and the container instance in the other physical host machines and forward the interactive data.
Optionally, the local controller is configured to configure a first virtual MAC address and a second virtual MAC address for the first vNIC and the second vNIC, respectively, based on an address configuration rule; the virtual switch is configured to determine whether an MAC address in a service packet is a first virtual MAC address or a second virtual MAC address, and determine, based on a determination result, that a source or a destination of the service packet is the virtual machine or the container instance.
Optionally, the virtual switch is configured to receive a service packet sent by a virtual machine or a container instance in the physical host, and acquire a target MAC address in the service packet; and if the target MAC address is the first virtual MAC address of other virtual machines or the second virtual MAC address of other container instances deployed in the same physical host machine, forwarding the service message to the other virtual machines or other container instances deployed in the same physical host machine.
Optionally, the virtual switch is further configured to encapsulate the service packet based on a preset packet encapsulation rule if the target MAC address is a first virtual MAC address of a virtual machine deployed in another physical host or a second virtual MAC address of a container instance, and send the encapsulated service packet to the virtual switch in the other physical host through a tunnel. And the virtual switch in the other physical host machines decapsulates the encapsulated service message, and sends the service message to the virtual machines or container instances in the other physical host machines according to the target MAC address in the decapsulated service message.
Optionally, the local controller is further configured to monitor a physical host where the local controller is located, so as to detect whether a network resource or a network configuration of the physical host changes; if yes, performing corresponding configuration processing through the local controller, and sending network configuration update information to the centralized controller; and the centralized controller is used for carrying out network information synchronization processing on the local controllers in other physical hosts based on the configuration updating information.
Optionally, the local controller is further configured to configure the first vNIC for the newly added virtual machine and configure a first virtual MAC address for the first vNIC if it is detected that a virtual machine is added to the physical host; and sending the network configuration updating information corresponding to the newly added virtual machine to the centralized controller.
Optionally, the local controller is further configured to configure the second vNIC for the newly added container instance and configure a second virtual MAC address for the second vNIC if it is detected that the container instance is added to the virtual machine; configuring the newly added container instance to be connected with the corresponding second vNIC and perform data transmission; and sending the network configuration updating information corresponding to the newly added container instance to the centralized controller.
Optionally, the local controller is further configured to, if it is detected that a virtual machine is deleted from the physical host, update network configuration information corresponding to the deleted virtual machine and all container instances deployed in the virtual machine; and sending the network configuration updating information corresponding to the deleted virtual machine to the centralized controller.
Optionally, the local controller is further configured to, if it is detected that the container instance is deleted from the physical host, update network configuration information corresponding to the deleted container instance; and sending the network configuration updating information corresponding to the deleted container instance to the centralized controller.
According to a third aspect of embodiments of the present disclosure, there is provided a container network system including: a processor; a memory for storing the processor-executable instructions; the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method described above.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium storing a computer program for executing the above-mentioned method.
Based on the container network configuration method, the container network system and the storage medium provided by the embodiments of the present disclosure, the container network system directly connects the virtual network card through the container transparent transmission, and only one virtual switch is deployed in the physical host to complete the data communication between the host and the cross-host, thereby reducing the switching load of the inside of the virtual machine facing the container, and simultaneously reducing the cache relocation between the virtual switches, and effectively improving the overall performance of the container network; the controller configures the virtual MAC address for the virtual network card in the virtual machine based on a specific rule, so that the container instance or the virtual machine corresponding to the virtual network card can be distinguished, network management is facilitated, and the flexibility of centralized control is improved.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in more detail embodiments of the present disclosure with reference to the attached drawings. The accompanying drawings are included to provide a further understanding of the embodiments of the disclosure, and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the principles of the disclosure and not to limit the disclosure. In the drawings, like reference numbers generally represent like parts or steps.
FIG. 1 is a diagram illustrating a nested deployment of virtual machines and containers in the prior art;
FIG. 2 is a flow diagram of one embodiment of a container network configuration method of the present disclosure;
fig. 3 is a schematic diagram of a nested deployment of virtual machines and containers according to an embodiment of the container network configuration method of the present disclosure;
FIG. 4 is a schematic diagram of one embodiment of a container network system of the present disclosure;
fig. 5 is a schematic flow chart illustrating management of network resources in an embodiment of a container network configuration method according to the present disclosure;
fig. 6 is a schematic flow chart illustrating management of network resources in another embodiment of the container network configuration method according to the present disclosure;
FIG. 7 is a schematic diagram of another embodiment of a container network system of the present disclosure;
fig. 8 is a schematic diagram of yet another embodiment of a container network system of the present disclosure.
Detailed Description
Example embodiments according to the present disclosure will be described in detail below with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a subset of the embodiments of the present disclosure and not all embodiments of the present disclosure, with the understanding that the present disclosure is not limited to the example embodiments described herein.
It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those of skill in the art that the terms "first," "second," and the like in the embodiments of the present disclosure are used merely to distinguish one element from another, and are not intended to imply any particular technical meaning, nor is the necessary logical order between them.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more than two, and "at least one" may refer to one, two or more than two.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing the associated object, and means that there may be three kinds of relationships, such as a and/or B, and may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Embodiments of the present disclosure may be implemented in electronic devices such as terminal devices, computer systems, servers, etc., which are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with an electronic device, such as a terminal device, computer system, or server, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set top boxes, programmable consumer electronics, network pcs, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment. In a distributed cloud computing environment, tasks may be performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
Exemplary method
With the development of technology and increasing business demands, new IT service model for integrating existing technology, cloud computing, is proposed and rapidly developed. Key technologies in the field of cloud computing include virtualization technologies, parallel programming technologies, mass data management, cloud computing platform management technologies, and the like. The virtualization technology is the basis of cloud computing, flexible resource allocation of the cloud computing is achieved, and the utilization rate of computing resources is improved.
The virtualization technology is a resource management technology, and provides corresponding services by creating virtual resources (virtual computer hardware platform, storage device, computer network resources, etc.), and the principle is to segment physical resources (network, memory, server, etc.) and create virtual devices having the same functions and attributes as the physical devices, thereby realizing resource sharing and multiplexing. The virtualized device cannot be operated independently from the physical resources of the entities, but can be allocated in a software mode, so that the barrier that the physical resources of the entities cannot be cut is broken, and the resources of the virtualized device can be adjusted according to specific user or service requirements.
In cloud computing, virtualization technology is the basis for all services and applications on the cloud. Virtualization technologies can be classified into storage virtualization, server virtualization, network virtualization, and the like according to a virtualization object. The container technology has influence on the existing information technology infrastructure to a great extent, and promotes the development of the fields of PaaS, DevOps and the like. With the development of container technology and the continuous improvement of its arrangement technology, more and more manufacturers start to run services in containers.
Through development for many years, cloud computing is widely applied to the fields of private cloud, public cloud, mixed cloud and the like, and manufacturers do not want to construct a new container cloud. Moreover, because of the shared kernel mechanism of the container itself, the security and isolation of the container is not as sophisticated as virtualization technology. Therefore, the combination of the virtualization technology and the container technology is used for a foreseeable long time to construct a unified fusion platform, which is a more practical method.
As shown in fig. 1, in the prior art, a common deployment mode of a container network system is a virtual machine and container nested deployment, a container needs to communicate with a host through a virtual switch deployed in a virtual machine, and then communicate across hosts through the virtual switch deployed on the host. The loss of network performance is large due to three-level jump from the container to the virtual machine and then to the host, and the three-level jump also greatly increases the complexity of the network and causes certain difficulty to the management of the network.
Fig. 2 is a flowchart of an embodiment of a container network configuration method of the present disclosure, where the method shown in fig. 2 includes the steps of: S201-S204. The following will explain each step.
S201, deploying at least one virtual machine in a physical host machine, and deploying at least one container instance in the virtual machine. The virtual machine may be a variety of existing virtual machines and the container instance may be a variety of virtualized container instances.
S202, deploying a local controller in a physical host, configuring a first virtual Network card (vNIC) (virtual Network Interface card) for a virtual machine through the local controller, and configuring a second vNIC for a container example; wherein the container instance is connected with the second vNIC and performs data transparent transmission.
In one embodiment, the first vNIC and the second vNIC may be existing multiple vnics. The local controller may be a variety of local controllers, such as an SDN local controller or the like. The container instance may connect to and data transparently transfer the second vNIC using existing transparent transfer techniques.
S203, a forwarding module is deployed in the physical host, the forwarding module is configured through the local controller to be connected with the first vNIC and the second vNIC respectively, and message processing rules are configured for the forwarding module. The message processing rule may include rules for encapsulating and decapsulating the service message, and the message processing rule may also include a forwarding flow table for forwarding the message, and the forwarding flow table is maintained and updated by the local controller.
And S204, performing data communication in the physical host machines and among the physical host machines through the forwarding module based on the message processing rule.
In one embodiment, the number of the physical hosts is multiple, and a local controller is deployed in each physical host; each local controller sends network configuration information to the centralized controller, wherein the network configuration information comprises information of a virtual machine, a container instance, a vNIC (virtual network interface) and a virtual switch, deployment information, change information and the like; and carrying out centralized configuration management on each local controller through the centralized controller, and providing a transportation and management platform interface for the outside.
As shown in fig. 3, the forwarding module includes a virtual switch; a virtual switch is deployed in each physical host. And configuring virtual switch through a local controller to be respectively connected with the first vNIC and the second vNIC.
Forwarding interactive data between a virtual machine and a container instance in a physical host machine through a virtual switch and based on a message processing rule, namely carrying out data communication in the physical host machine; and performing encapsulation and decapsulation processing and forwarding on interactive data between the virtual machines and the container examples in the physical host machines and the virtual machines and the container examples in other physical host machines through virtual switch and based on message processing rules, namely performing data communication between the physical host machines.
The nested container (example) in the virtual machine communicates with the virtual switch in the physical host through the direct connection of the second vNIC. Both the virtual machines and containers (instances) within the physical hosts communicate data with the local controller and outside of the physical hosts through virtual switches within the physical hosts.
In one embodiment, as shown in fig. 4, a virtual machine deployed in a physical host and a container (instance) deployed in the virtual machine together form a virtualized resource pool, and a virtual switch deployed in each physical host node forms a forwarding module. The forwarding module is responsible for the identification of the container network and the virtual machine network and the processing and forwarding of the corresponding network request. The forwarding module can exchange and forward network messages in the physical host, encapsulate and decapsulate cross-host network messages and communicate with the local controller.
The forwarding module comprises a virtual switch deployed in the physical host machine and is used for processing and forwarding network requests sent from the virtual machine and communicating with the local controller. The local controller deployed at each physical host node and the centralized controller deployed outside the physical host nodes form a control module. The local controller is used for maintaining network resources and configuration data, monitoring a local network structure, performing configuration management on direct transmission of the container (instance) and the virtual network card, controlling and updating a local forwarding flow table, communicating with the centralized controller and the like. The centralized controller is responsible for storing network data and the like of local controllers in all physical hosts which are communicated with the centralized controller synchronously, and simultaneously provides a third-party operation and management platform interface.
As shown in fig. 4, the container network system allocates a second vNIC for the container instance and performs direct connection by using the elastic expansion characteristic of the vNIC, so that the container instance in the virtual machine can have an independent virtual MAC address, and cross-host communication of the container network can be completed only by deploying a virtual switch in the physical host, thereby reducing one-time virtual switching and effectively improving network performance; unified management to container instance, virtual machine, physical host machine etc. is realized through SDN centralized control ware based on Overlay to reduce the virtual exchange load of virtual machine inside towards many container exchanges, reduce once the buffer memory and move, can effectively promote the network IO performance between the container, promote centralized control's flexibility.
In one embodiment, the address configuration rule is a specific address rule for distinguishing the container instance from the virtual machine. Respectively configuring a first virtual MAC address and a second virtual MAC address for the first vNIC and the second vNIC through a local controller and based on an address configuration rule; the virtual switch judges whether the MAC address in the service message is a first virtual MAC address or a second virtual MAC address, and determines that the source or the destination of the service message is a virtual machine or a container example based on the judgment result.
For example, the mantissa of the first virtual MAC address is an odd number, the mantissa of the second virtual MAC address is an even number, and the virtual switch determines that the source or destination of the service packet is a virtual machine or a container instance by determining that the mantissa of the MAC address in the service packet is an odd number or an even number. By distinguishing that the MAC address belongs to the container instance or the virtual machine, the container instance and the virtual machine in the physical host can be managed, the virtual machine and the container can be effectively distinguished, and network communication and management are facilitated.
A virtual switch receives a service message sent by a virtual machine or a container instance in a physical host machine, and acquires a target MAC address in the service message; if the target MAC address is the first virtual MAC address of other virtual machines or the second virtual MAC address of other container instances deployed in the same physical host machine, the virtual switch forwards the service message to the other virtual machines or other container instances deployed in the same physical host machine.
If the target MAC address is a first virtual MAC address of a virtual machine deployed in other physical hosts or a second virtual MAC address of a container instance, the virtual switch encapsulates a service message based on a preset message encapsulation rule, and sends the encapsulated service message to the virtual switch in other physical hosts through a tunnel; and (4) carrying out decapsulation processing on the encapsulated service message by virtual switch in other physical host machines, and sending the service message to virtual machines or container examples in other physical host machines according to a target MAC address in the decapsulated service message.
In one embodiment, there are multiple situations for forwarding a service packet: inter-communication between container instances in the same virtual machine, inter-communication between container instances in different virtual machines in the same physical host, communication between virtual machines and container instances, communication between virtual machines, and communication between container instances across physical host nodes, etc.
The virtual machines and the container instances in the physical host machines are configured with independent MAC addresses, and the virtual machines and the container instances are logically viewed as parallel relations although the virtual machines and the container instances are arranged in a nesting mode and are connected to the same virtual switch.
For example, as shown in fig. 4, after receiving a service packet sent by a virtual machine or a container instance, a virtual switch determines that a target address of the service packet belongs to another physical host, performs vlan tunnel encapsulation according to a target IP address and related network configuration information queried by the virtual switch, and sends the encapsulated service packet to the virtual switch located on the target physical host through a tunnel. When a virtual switch in a target physical host receives service messages from other physical hosts, the virtual switch decapsulates the service messages and performs matching and forwarding according to the destination addresses of the service messages after decapsulation.
Fig. 5 is a schematic flow chart illustrating management of network resources in an embodiment of a container network configuration method according to the present disclosure; the method as shown in fig. 5 comprises the steps of: S501-S503. The following describes each step.
S501, the local controller monitors the physical host where the local controller is located, so as to detect whether the network resource or the network configuration of the physical host changes.
And S502, if so, performing corresponding configuration processing through the local controller, and sending network configuration update information to the centralized controller.
And S503, the centralized controller performs network information synchronization processing on the local controllers in other physical hosts based on the configuration updating information. The centralized controller stores the configuration update information and synchronizes the update information to the local controllers in other physical hosts.
If the virtual machine is detected to be added in the physical host machine, configuring a first vNIC for the newly added virtual machine through the local controller, and configuring a first virtual MAC address for the first vNIC; and sending the network configuration updating information corresponding to the newly added virtual machine to the centralized controller through the local controller. And if the container instance is detected to be added in the virtual machine, configuring a second vNIC for the newly added container instance through the local controller, and configuring a second virtual MAC address for the second vNIC. And connecting the newly added container instance with the corresponding second vNIC through the configuration of the local controller, and carrying out data transmission, and sending network configuration updating information corresponding to the newly added container instance to the centralized controller by the local controller.
If the virtual machine is detected to be deleted from the physical host machine, updating the network configuration information corresponding to the deleted virtual machine and all container instances deployed in the virtual machine through the local controller; and the local controller sends the network configuration updating information corresponding to the deleted virtual machine to the centralized controller. If the container instance is detected to be deleted in the physical host machine, updating network configuration information corresponding to the deleted container instance through a local controller; and the local controller sends the network configuration updating information corresponding to the deletion container instance to the centralized controller.
Fig. 6 is a schematic flow chart illustrating management of network resources in another embodiment of the container network configuration method according to the present disclosure; the method as shown in fig. 6 comprises the steps of: S601-S609. The following describes each step.
S601, the local controller monitors the network information in the physical host. When a new network node is detected, the step S602 is entered; when removal of the network node is detected, the flow proceeds to step S603.
S602, judging the type of the newly added node; when the newly added node is a virtual machine, the step S603 is performed; when the new node is a container instance, the process proceeds to step S604.
S603, the local controller configures the MAC address of the virtual network card used by the newly added virtual machine, and the MAC address accords with the appointed specific rule.
S604, the local controller creates a virtual network card in the virtual machine where the container instance is located and configures an MAC address, wherein the MAC address meets the appointed specific rule.
In one embodiment, the local controller discovers new virtual machine or container instances in the physical hosts by snooping. If the virtual machine is newly added, a corresponding virtual MAC address is configured for the virtual machine through an appointed specific rule, the mantissa of the MAC address is even, and the configured virtual MAC address is 9C-30-5B-7C-2C-EC, for example. If the new virtual network card is added as the container instance, a virtual network card with odd MAC address mantissas (such as 9C-30-5B-7C-2C-ED) is added in the virtual machine where the new virtual network card is located, and a veth-pair is created to connect the virtual network card and the container instance.
S605, judging the type of the removed node; when the removal node is a virtual machine, step S606 is entered; when the removal node is a container instance, the process proceeds to step S607.
S606, the local controller processes the removed virtual machine and the related network information of all container instances in the virtual machine, and updates the network information in the local controller.
S607, the local controller processes the network information related to the removed container instance, and updates the network information in the local controller.
And S608, the local controllers communicate with the centralized controller, and network information is synchronized to the local controllers in all the physical host machines.
And S609, the local controller communicates with the forwarding module to update the data stored in the virtual switch.
In one embodiment, when a virtual machine or a container in the virtual machine is deleted from a physical host, the local controller monitors the deletion, processes and modifies the network information stored in the local controller, synchronizes the updated network information to the local controllers of all physical nodes through the centralized controller, and sends the updated network information to the virtual switch, and the virtual switch performs modification operations of switching flow tables and the like.
Exemplary devices
In one embodiment, as shown in fig. 7, the present disclosure provides a container network system comprising: a virtualized resource pool, a local controller, and a forwarding module. The virtualized resource pool includes: physical hosts 71 and 72, virtual machine 711,712,721,722 deployed in physical hosts 71, 72, and container instances 7111,7112,7121,7122, 7211,7212,7221,7222 deployed in virtual machine 711,712,721,722. The following description will take the physical host 71 as an example.
The local controller 714 is deployed in the physical host 71, and configures a first virtual network card vNIC 7115,7125 for the virtual machines 711 and 712, respectively, and configures a second vNIC7113,7114,7123, and 7124 for the container instance 7111,7112,7121,7122, and the container instance 7111,7112,7121,7122 is connected to and performs data transmission with the second vNIC7113,7114,7123, and 7124, respectively. The local controller 714 configures a forwarding module to be connected to the first vNIC 7115,7125 and the second vNIC7113,7114,7123,7124, respectively, and configures a message processing rule for the forwarding module. The forwarding module is deployed in the physical host 71, and is configured to perform data communication in the physical host 71 and between the physical host 71 and the physical host 72 based on the message processing rule.
In one embodiment, the number of physical hosts is two, three, four, etc. For example, the number of physical hosts is two, and one local controller 714,724 is disposed in each of the physical hosts 71, 72. The local controller 714,724 sends the network configuration information to the centralized controller 73, and the centralized controller 73 performs centralized configuration management on the local controller 714,724 and provides an interface for the transportation and management platform.
The following description will take the physical host 71 as an example. The forwarding module comprises a virtual switch. A virtual switch713 is deployed in the physical host 71, and the local controller 714 configures the virtual switch713 to connect with the first vNIC 7115,7125 and the second vNIC7113,7114,7123,7124, respectively. The virtual switch713 forwards the interaction data between the virtual machines 711 and 712 and the container instance 7111,7112,7121,7122 in the physical host 71 based on the message processing rule, and encapsulates and decapsulates the interaction data between the virtual machines 711 and 712 and the container instance 7111,7112,7121,7122 in the physical host 71 and the interaction data between the virtual machines 721 and 722 and the container instance 7211,7212,7221,7222 in the other physical host 72 and forwards the interaction data.
The local controller 714 configures the first and second vnics 7115,7125, 7114,7123,7124 with first and second virtual MAC addresses, respectively, based on address configuration rules. virtual switch713 judges whether the MAC address in the service message is a first virtual MAC address or a second virtual MAC address, and determines that the source or the destination of the service message is a virtual machine or a container instance based on the judgment result.
virtual switch713 receives a service message sent by a virtual machine or a container instance in a physical host 71, and obtains a target MAC address in the service message. And if the target MAC address is the first virtual MAC address of other virtual machines or the second virtual MAC address of other container instances deployed in the same physical host 71, forwarding the service message to the other virtual machines or other container instances deployed in the same physical host 71.
If the target MAC address is the first virtual MAC address of the virtual machine deployed in the other physical host 72 or the second virtual MAC address of the container instance, the virtual switch713 encapsulates the service packet based on a preset packet encapsulation rule, and sends the encapsulated service packet to the virtual switch in the other physical host 72 through the tunnel. The virtual switch 723 in the other physical host 72 decapsulates the encapsulated service packet, and sends the service packet to a virtual machine or a container instance in the other physical host 72 according to the target MAC address in the decapsulated service packet.
In one embodiment, the local controller 714 listens to the physical host 71 where it is located to detect whether the network resource or network configuration of the physical host 71 changes; if yes, the local controller 714 performs corresponding configuration processing, and sends network configuration update information to the centralized controller 73; the centralized controller 73 performs network information synchronization processing on the local controllers 724 in the other physical hosts 72 based on the configuration update information.
If the local controller 714 detects that a virtual machine is added to the physical host 71, it configures a first vNIC for the newly added virtual machine, and configures a first virtual MAC address for the first vNIC; the network configuration update information corresponding to the newly added virtual machine is sent to the centralized controller 73. If the local controller 714 detects that a container instance is added to the virtual machine in the physical host 71, it configures a second vNIC for the added container instance and configures a second virtual MAC address for the second vNIC; the local controller 714 configures the newly added container instance to connect with the corresponding second vNIC, performs data transparent transmission, and sends network configuration update information corresponding to the newly added container instance to the centralized controller 73.
If detecting that a virtual machine is deleted from the physical host 71, the local controller 714 performs update processing on the network configuration information corresponding to the deleted virtual machine and all container instances deployed in the virtual machine, and sends the network configuration update information corresponding to the deleted virtual machine to the centralized controller 73. If detecting that the container instance is deleted from the physical host, the local controller 714 performs update processing on the network configuration information corresponding to the deleted container instance, and sends the network configuration update information corresponding to the deleted container instance to the centralized controller 73.
Fig. 8 is a schematic diagram of yet another embodiment of the container network system of the present disclosure, as shown in fig. 8, the container network system 81 includes one or more processors 811 and memory 812.
The processor 811 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capability and/or instruction execution capability, and may control other components in the container network system 81 to perform desired functions.
Memory 812 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. Volatile memory, for example, may include: random Access Memory (RAM) and/or cache memory (cache), etc. The nonvolatile memory, for example, may include: read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on a computer-readable storage medium and executed by processor 811 to implement the container network configuration methods of the various embodiments of the disclosure above and/or other desired functions. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the container network system 81 may further include: an input device 813 and an output device 814, etc., which are interconnected by a bus system and/or other form of connection mechanism (not shown). The input device 813 may also include, for example, a keyboard, a mouse, and the like. The output device 814 may output various information to the outside. The output devices 814 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the container network system 81 relevant to the present disclosure are shown in fig. 8, omitting components such as buses, input/output interfaces, and the like. In addition, the container network system 81 may include any other suitable components depending on the particular application.
In addition to the above-described methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the container network configuration method according to various embodiments of the present disclosure described in the above-mentioned "exemplary methods" section of this specification.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in a container network configuration method according to various embodiments of the present disclosure described in the "exemplary methods" section above in this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium may include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing describes the general principles of the present disclosure in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present disclosure are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure will be described in detail with reference to specific details.
In the container network configuration method, the container network system and the storage medium in the embodiments, the container network system transparently transmits the direct connection virtual network card through the container, and data communication between the host and the cross-host can be completed only by deploying one virtual switch in the physical host, so that the switching load of the inside of the virtual machine facing the container is reduced, the cache relocation between virtual switches is also reduced, and the overall performance of the container network can be effectively improved; the controller configures the virtual MAC address for the virtual network card in the virtual machine based on a specific rule, so that the container instance or the virtual machine corresponding to the virtual network card can be distinguished, network management is facilitated, and the flexibility of centralized control is improved.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The block diagrams of devices, apparatuses, systems referred to in this disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, and systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," comprising, "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably therewith. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the devices, apparatuses, and methods of the present disclosure, each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects, and the like, will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, the description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.

Claims (16)

1. A container network configuration method, comprising:
deploying at least one virtual machine in a physical host machine, and deploying at least one container instance in the virtual machine;
deploying a local controller in the physical host, configuring a first virtual network card vNIC for the virtual machine through the local controller, and configuring a second vNIC for the container instance; wherein the container instance is connected with the second vNIC and performs data transparent transmission;
deploying a forwarding module in the physical host, configuring, by the local controller, the forwarding module to be connected with the first vNIC and the second vNIC, respectively, and configuring a message processing rule for the forwarding module;
performing data communication in and between the physical host machines through the forwarding module and based on the message processing rule;
the number of the physical host machines is multiple, and a local controller is deployed in each physical host machine; the method further comprises the following steps:
each local controller sends the network configuration information to the centralized controller; carrying out centralized configuration management on each local controller through the centralized controller, and providing a transportation and management platform interface to the outside;
the forwarding module includes: virtual switch; deploying a virtual switch in each physical host; the method further comprises the following steps:
configuring the virtual switch to be respectively connected with the first vNIC and the second vNIC through the local controller; forwarding interactive data between the virtual machines and the container examples in the physical host machine through the virtual switch and based on the message processing rule, and encapsulating and decapsulating the interactive data between the virtual machines and the container examples in the physical host machine and the interactive data between the virtual machines and the container examples in other physical host machines and forwarding the interactive data;
respectively configuring a first virtual MAC address and a second virtual MAC address for the first vNIC and the second vNIC through the local controller and based on an address configuration rule; the virtual switch judges whether an MAC address in a service message is a first virtual MAC address or a second virtual MAC address, and determines that the source or the destination of the service message is the virtual machine or the container instance based on the judgment result; the virtual switch receives a service message sent by a virtual machine or a container instance in the physical host machine, and acquires a target MAC address in the service message; and if the target MAC address is the first virtual MAC address of other virtual machines or the second virtual MAC address of other container instances deployed in the same physical host machine, the virtual switch forwards the service message to the other virtual machines or other container instances deployed in the same physical host machine.
2. The method of claim 1, further comprising:
if the target MAC address is a first virtual MAC address of a virtual machine deployed in other physical host machines or a second virtual MAC address of a container instance, the virtual switch encapsulates a service message based on a preset message encapsulation rule, and sends the encapsulated service message to the virtual switch in the other physical host machines through a tunnel;
and the virtual switch in the other physical host machines decapsulates the encapsulated service message, and sends the service message to the virtual machines or container examples in the other physical host machines according to the target MAC address in the decapsulated service message.
3. The method of claim 1, further comprising:
monitoring the physical host machine where the local controller is located through the local controller so as to detect whether the network resource or the network configuration of the physical host machine is changed;
if yes, performing corresponding configuration processing through the local controller, and sending network configuration update information to the centralized controller;
and the centralized controller performs network information synchronization processing on local controllers in other physical hosts based on the configuration updating information.
4. The method of claim 3, wherein the performing, by the local controller, the corresponding configuration processing and sending the network configuration update information to the centralized controller comprises:
if the virtual machine is detected to be added in the physical host machine, configuring the first vNIC for the newly added virtual machine through the local controller, and configuring a first virtual MAC address for the first vNIC;
and sending network configuration updating information corresponding to the newly added virtual machine to the centralized controller through the local controller.
5. The method of claim 3, wherein the performing, by the local controller, the corresponding configuration processing and sending the network configuration update information to the centralized controller comprises:
if the fact that the container instance is added in the virtual machine is detected, configuring a second vNIC for the newly added container instance through the local controller, and configuring a second virtual MAC address for the second vNIC;
configuring the newly-added container instance to be connected with the corresponding second vNIC through the local controller and carrying out data transmission;
and the local controller sends the network configuration updating information corresponding to the newly added container instance to the centralized controller.
6. The method of claim 3, wherein the performing, by the local controller, the corresponding configuration processing and sending the network configuration update information to the centralized controller comprises:
if the virtual machine is detected to be deleted from the physical host machine, updating the network configuration information corresponding to the deleted virtual machine and all container instances deployed in the virtual machine through the local controller;
and the local controller sends the network configuration updating information corresponding to the deleted virtual machine to the centralized controller.
7. The method of claim 3, wherein the performing, by the local controller, the corresponding configuration processing and sending the network configuration update information to the centralized controller comprises:
if the container instance is detected to be deleted in the physical host machine, updating network configuration information corresponding to the deleted container instance through the local controller;
and the local controller sends the network configuration updating information corresponding to the deleted container instance to the centralized controller.
8. A container network system comprising:
the system comprises a virtualized resource pool, a local controller and a forwarding module;
the virtualized resource pool comprises: a physical host, at least one virtual machine deployed in the physical host, and at least one container instance deployed in the virtual machine;
the local controller is deployed in the physical host machine and is used for configuring a first virtual network card vNIC for the virtual machine and configuring a second vNIC for the container instance, and the container instance is connected with the second vNIC and conducts data transmission; configuring the forwarding module to be respectively connected with the first vNIC and the second vNIC, and configuring message processing rules for the forwarding module;
the forwarding module is deployed in the physical host machine and used for carrying out data communication in the physical host machine and among the physical host machines based on the message processing rule;
the number of the physical host machines is multiple, and a local controller is deployed in each physical host machine; the system further comprises: a centralized controller; each local controller sends network configuration information to the centralized controller;
the centralized controller is used for carrying out centralized configuration management on each local controller and providing a transportation and management platform interface for the outside;
the forwarding module includes: virtual switch; deploying a virtual switch in each physical host;
the local controller is further configured to configure the virtual switch to be connected to the first vNIC and the second vNIC respectively;
the virtual switch is used for forwarding the interactive data between the virtual machine and the container instance in the physical host machine based on the message processing rule, and encapsulating and decapsulating the interactive data between the virtual machine and the container instance in the physical host machine and the interactive data between the virtual machine and the container instance in other physical host machines and forwarding the interactive data;
the local controller is configured to configure a first virtual MAC address and a second virtual MAC address for the first vNIC and the second vNIC, respectively, based on an address configuration rule;
the virtual switch is used for judging whether an MAC address in a service message is a first virtual MAC address or a second virtual MAC address, and determining that the source or the destination of the service message is the virtual machine or the container instance based on the judgment result;
the virtual switch is used for receiving a service message sent by a virtual machine or a container instance in the physical host machine and acquiring a target MAC address in the service message; and if the target MAC address is the first virtual MAC address of other virtual machines or the second virtual MAC address of other container instances deployed in the same physical host machine, forwarding the service message to the other virtual machines or other container instances deployed in the same physical host machine.
9. The container network system according to claim 8,
the virtual switch is further configured to encapsulate a service packet based on a preset packet encapsulation rule if the target MAC address is a first virtual MAC address of a virtual machine deployed in another physical host or a second virtual MAC address of a container instance, and send the encapsulated service packet to the virtual switch in the other physical host through a tunnel;
and the virtual switch in the other physical host machines decapsulates the encapsulated service message, and sends the service message to the virtual machines or container examples in the other physical host machines according to the target MAC address in the decapsulated service message.
10. The container network system according to claim 9,
the local controller is also used for monitoring the physical host machine where the local controller is located, and is used for detecting whether the network resource or the network configuration of the physical host machine is changed; if yes, performing corresponding configuration processing through the local controller, and sending network configuration update information to the centralized controller;
and the centralized controller is used for carrying out network information synchronization processing on the local controllers in other physical hosts based on the configuration updating information.
11. The container network system of claim 10,
the local controller is further configured to configure the first vNIC for the newly added virtual machine and configure a first virtual MAC address for the first vNIC if it is detected that a virtual machine is added to the physical host; and sending the network configuration updating information corresponding to the newly added virtual machine to the centralized controller.
12. The container network system according to claim 10,
the local controller is further configured to configure the second vNIC for the newly added container instance and configure a second virtual MAC address for the second vNIC if it is detected that the container instance is added to the virtual machine; configuring the newly added container instance to be connected with the corresponding second vNIC and perform data transmission; and sending the network configuration updating information corresponding to the newly added container instance to the centralized controller.
13. The container network system according to claim 10,
the local controller is further configured to update network configuration information corresponding to the deleted virtual machine and all container instances deployed in the virtual machine if it is detected that the virtual machine is deleted from the physical host; and sending the network configuration updating information corresponding to the deleted virtual machine to the centralized controller.
14. The container network system according to claim 10,
the local controller is further configured to update network configuration information corresponding to the deleted container instance if it is detected that the container instance is deleted from the physical host; and sending the network configuration updating information corresponding to the deleted container instance to the centralized controller.
15. A container network system comprising:
a processor; a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the method of any one of claims 1-7.
16. A computer-readable storage medium, the storage medium storing a computer program for performing the method of any of the preceding claims 1-7.
CN202011270398.2A 2020-11-13 2020-11-13 Container network configuration method, container network system, and storage medium Active CN112398688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011270398.2A CN112398688B (en) 2020-11-13 2020-11-13 Container network configuration method, container network system, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011270398.2A CN112398688B (en) 2020-11-13 2020-11-13 Container network configuration method, container network system, and storage medium

Publications (2)

Publication Number Publication Date
CN112398688A CN112398688A (en) 2021-02-23
CN112398688B true CN112398688B (en) 2022-06-03

Family

ID=74600303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011270398.2A Active CN112398688B (en) 2020-11-13 2020-11-13 Container network configuration method, container network system, and storage medium

Country Status (1)

Country Link
CN (1) CN112398688B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113114571A (en) * 2021-03-26 2021-07-13 咪咕文化科技有限公司 Data packet processing method and device, electronic equipment and storage medium
CN113176930B (en) * 2021-05-19 2023-09-01 重庆紫光华山智安科技有限公司 Floating address management method and system for virtual machines in container
CN113556248B (en) * 2021-07-16 2023-05-12 广东电网有限责任公司 Cluster measurement and control dynamic deployment method, device, equipment and storage medium
CN113626154A (en) * 2021-08-27 2021-11-09 鼎链数字科技(深圳)有限公司 Block chain intelligent contract operation method and system
CN114327757B (en) * 2021-12-21 2023-03-24 北京永信至诚科技股份有限公司 Network target range tool delivery method, device, equipment and readable storage medium
CN114780211B (en) * 2022-06-16 2022-11-08 阿里巴巴(中国)有限公司 Method for managing a secure container and system based on a secure container
CN116095145B (en) * 2023-01-04 2023-08-04 北京志凌海纳科技有限公司 Data control method and system of VPC cluster
CN116527494B (en) * 2023-07-05 2023-09-12 南京赛宁信息技术有限公司 Shooting range virtual machine network initialization method and system based on virtual network card cloning
CN117592039B (en) * 2024-01-18 2024-03-22 三未信安科技股份有限公司 Flexibly managed hardware virtualization system and method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10261814B2 (en) * 2014-06-23 2019-04-16 Intel Corporation Local service chaining with virtual machines and virtualized containers in software defined networking
US10579403B2 (en) * 2015-06-29 2020-03-03 Vmware, Inc. Policy based provisioning of containers
US10063469B2 (en) * 2015-12-16 2018-08-28 Nicira, Inc. Forwarding element implementation for containers
US10313205B2 (en) * 2016-06-29 2019-06-04 Nicira, Inc. Context-sensitive command whitelisting for centralized troubleshooting tool
US10893023B2 (en) * 2018-01-12 2021-01-12 Vmware, Inc. Per-application VPN in container based environments
CN108418705B (en) * 2018-01-29 2021-01-08 浪潮云信息技术股份公司 Virtual network management method and system of virtual machine and container mixed nested architecture
CN110704155B (en) * 2018-07-09 2023-03-17 阿里巴巴集团控股有限公司 Container network construction method and device, physical host and data transmission method

Also Published As

Publication number Publication date
CN112398688A (en) 2021-02-23

Similar Documents

Publication Publication Date Title
CN112398688B (en) Container network configuration method, container network system, and storage medium
US10757072B2 (en) Packet transmission method, apparatus, and system
US9602307B2 (en) Tagging virtual overlay packets in a virtual networking system
JP6605713B2 (en) Packet processing method, host and system in cloud computing system
CN112398687B (en) Configuration method of cloud computing network, cloud computing network system and storage medium
US9628290B2 (en) Traffic migration acceleration for overlay virtual environments
US9935920B2 (en) Virtualization gateway between virtualized and non-virtualized networks
US11057270B2 (en) Physical network orchestration for data centers
US20190081921A1 (en) Management of domain name systems in a large-scale processing environment
US9178828B2 (en) Architecture for agentless service insertion
US20140254603A1 (en) Interoperability for distributed overlay virtual environments
CN109194589B (en) MDC (media data center) implementation method and device
CN110830574B (en) Method for realizing intranet load balance based on docker container
US9654421B2 (en) Providing real-time interrupts over ethernet
CN117061352A (en) Method, device, equipment and medium for implementing multi-mode virtual network element
CN112583655B (en) Data transmission method and device, electronic equipment and readable storage medium
WO2017092363A1 (en) Vxlan processing device and working method therefor
CN108353017B (en) Computing system and method for operating multiple gateways on a multi-gateway virtual machine
CN115665026A (en) Cluster networking method and device
JP2017532912A (en) Switch processing method, controller, switch, and switch processing system
US11036532B2 (en) Fast join and leave virtual network
CN115686730A (en) Virtual machine migration method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant