CN114629845B - The method comprises the following steps of: container-based is a routing data of (1) Central network management method and system - Google Patents
The method comprises the following steps of: container-based is a routing data of (1) Central network management method and system Download PDFInfo
- Publication number
- CN114629845B CN114629845B CN202210257953.0A CN202210257953A CN114629845B CN 114629845 B CN114629845 B CN 114629845B CN 202210257953 A CN202210257953 A CN 202210257953A CN 114629845 B CN114629845 B CN 114629845B
- Authority
- CN
- China
- Prior art keywords
- container
- route
- target
- controller
- bgp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 title claims description 25
- 238000011217 control strategy Methods 0.000 claims abstract description 52
- 230000006399 behavior Effects 0.000 claims description 14
- 238000011144 upstream manufacturing Methods 0.000 claims description 5
- 238000001914 filtration Methods 0.000 claims description 3
- 239000007788 liquid Substances 0.000 claims 1
- 238000012423 maintenance Methods 0.000 abstract description 8
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000002071 nanotube Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
Abstract
The embodiment of the invention provides a routing data center network management method and system based on a container, comprising the following steps: a container in a routing data center network announces a container IP address carried by a computing node in the container to a target routing controller; the target route controller calls an incoming route control strategy defined by the route controller, and the IP route of the container is identified and formed according to the incoming route control strategy; the target route controller announces the container IP route to a target network switch which is a BGP peer with the target route controller according to the outgoing route control strategy, and the target network switch sends the container IP address to a target network pointed by the target network switch according to the BGP community attribute of the container IP route. Multiple data center networks are only required a set of routing controllers is deployed and, centralized management can greatly improve operation and maintenance efficiency.
Description
Technical Field
The present invention relates to in the field of container networks, in particular to a method and a system for managing a routing type data center network based on a container.
Background
In a container network pure three-layer networking scheme, each compute node (node) acts as a router for the container endpoint on that node, the data plane is provided by the Linux kernel, and the control plane is provided by the BGP protocol. The Node can exchange routing information with the physical network, thereby realizing that the IP address of the container can be routed in a larger network and simultaneously connecting the physical server, the virtual machine and the container in one network.
And in a Full Mesh mode, BGP peer-to-peer connection is established between nodes in the container cluster for route information exchange. As the cluster size increases, the mesh mode will form a huge service grid, and the number of connections increases multiple times. BGP full connectivity does not solve complexity and scale problems.
The route reflector can be used for solving the problem of iBGP full connection, and in the container network cluster, the route reflector can only manage the routes in the cluster and can not serve multiple clusters at the same time.
In the prior art, in the data center network CLOS networking, the corresponding relation between the container node and the physical switch is required to be acquired, each switch is configured independently, and the operation and maintenance workload is large due to non-centralized management.
In carrying out the present invention, the applicant has found that at least the following problems exist in the prior art:
in a data center network scene based on CLOS, a computing node or a route reflector node needs to establish BGP peer-to-peer connection with a switch, and in a large-scale multi-service container cluster data center, BGP session management and policy control are needed to be carried out on hundreds of ToR switches, so that the operation and maintenance difficulty is high.
Disclosure of Invention
The embodiment of the invention provides a container-based routing type data center network management method and system, wherein a plurality of data center networks only need to be deployed with one set of routing controllers, and the centralized management can greatly improve the operation and maintenance efficiency.
In order to achieve the above object, in one aspect, an embodiment of the present invention provides a method for managing a routing data center network based on a container, including:
a container in a routing data center network announces a container IP address borne by a computing node in the container to a target routing controller, wherein the target routing controller is a routing controller which is a BGP peer with the computing node bearing the container IP address; the IP address of the container carries the home service and home machine room of the container; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers;
The target route controller calls an incoming route control strategy defined by the route controller, identifies an attribution service and an attribution machine room carried by the container IP address according to the incoming route control strategy, and adds a corresponding BGP group attribute identifier for the container IP address according to the attribution service and the attribution machine room carried by the container IP address to form the container IP route; wherein, two devices establishing BGP dialogue based on BGP protocol are BGP peers, the devices are route controllers, calculation nodes or network switches;
the target route controller announces the container IP route to a target network switch which is a BGP peer with the target route controller according to the outgoing route control strategy, and the target network switch sends the container IP address to a target network pointed by the target network switch according to the BGP community attribute of the container IP route.
In another aspect, an embodiment of the present invention provides a container-based routing data center network management system, including:
a container in a routing data center network, configured to notify a target routing controller of a container IP address carried by a computing node in the container, where the target routing controller is a routing controller that is a BGP peer with the computing node carrying the container IP address; the IP address of the container carries the home service and home machine room of the container; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers;
The target route controller is used for calling an incoming route control strategy defined by the route controller, identifying an attribution service and an attribution machine room carried by the container IP address according to the incoming route control strategy, and adding a corresponding BGP group attribute identifier for the container IP address according to the attribution service and the attribution machine room carried by the container IP address to form the container IP route; advertising the container IP route to a target network switch which is a BGP peer with the target route controller according to the outbound route control strategy, wherein two devices which establish BGP dialogue based on the BGP protocol are BGP peers, and the devices refer to the route controller, the computing node or the network switch;
and the target network switch is used for sending the container IP address to the target network pointed by the container IP address according to the BGP community attribute of the container IP route.
The technical scheme has the following beneficial effects: only one set of route controller is needed to be deployed for a plurality of data center networks, and the centralized management can greatly improve the operation and maintenance efficiency.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method of container-based routing data center network management in accordance with an embodiment of the present invention;
FIG. 2 is a block diagram of a container-based routing data center network management system in accordance with an embodiment of the present invention;
FIG. 3 is a technical principle of data center network route management according to an embodiment of the present invention;
FIG. 4 is a schematic block diagram of data center network route management in accordance with an embodiment of the present invention;
fig. 5 is a flow chart of another method of container-based routing data center network management in accordance with an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, in combination with an embodiment of the present invention, there is provided a container-based routing data center network management method, including:
s101: a container in a routing data center network announces a container IP address borne by a computing node in the container to a target routing controller, wherein the target routing controller is a routing controller which is a BGP peer with the computing node bearing the container IP address; the IP address of the container carries the home service and home machine room of the container; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers;
S102: the target route controller calls an incoming route control strategy defined by the route controller, identifies an attribution service and an attribution machine room carried by the container IP address according to the incoming route control strategy, and adds a corresponding BGP group attribute identifier for the container IP address according to the attribution service and the attribution machine room carried by the container IP address to form the container IP route; wherein two devices establishing a BGP dialogue based on a BGP protocol are BGP peers with each other, the device refers to a routing controller, a computing node or a network switch;
s103: the target route controller announces the container IP route to a target network switch which is a BGP peer with the target route controller according to the outbound route control strategy;
s104: the target network switch sends the container IP address to the target network to which it is directed according to BGP community attributes of the container IP route.
Preferably, the ingress route control policy includes: the IP prefix white list, the preset route quantity upper limit and the BGP group attribute identification are added for the IP address;
before the home service and the home machine room carried by the IP address of the container are identified according to the incoming route control strategy, the method further comprises the following steps:
s105: filtering the IP address of the container according to the IP prefix white list;
S106: if the prefix of the IP address of the container is positioned in the IP prefix white list, further judging whether the IP route number of the target router controller reaches the preset route number upper limit or not;
s107: if the IP route number of the target router controller does not reach the preset route number upper limit, the step of identifying the home service and the home machine room carried by the IP address of the container according to the incoming route control strategy is further executed.
Preferably, before the container in the routing data center network announces the container IP address carried by the computing node in the container to the target routing controller, the method further includes:
s108: BGP peering relationships of BGP dialogs are established between a routing controller and a network switch based on BGP protocol.
Preferably, the method further comprises:
s109: defining an outbound route control strategy in a route controller, and sending the outbound route control strategy to a network switch which is a BGP peer with the route controller; the outbound route control strategy comprises the following steps: identifying a group attribute identifier in the IP address, adding a group attribute no-advertisement and adding downstream network equipment behaviors;
step 103, the target routing controller advertises the container IP route to a target network switch that is a BGP peer with the target routing controller according to an outbound routing control policy, which specifically includes:
S1031: the target route controller invokes an outbound route control strategy defined by the route controller from a network switch which is a BGP peer with the target route controller;
s1032: according to the outgoing route control strategy, the target route controller identifies the BGP community attribute identification of the container IP route, adds community attribute no-advertisement for the container IP route according to the BGP community attribute identification of the container IP route, wherein the community attribute no-advertisement is used for designating a target network switch for the container IP route, and the target network switch and the target route controller are BGP peers;
step 104, the target network switch sends the container IP address to the target network to which the container IP address points according to BGP community attribute of the container IP route, which specifically includes:
s1041: receiving the container IP route advertised by the target route controller through a designated target network switch, and sending the container IP route to a target network pointed by the container IP route;
s1042: and requires the downstream network device to perform the added downstream network device behavior while routing the container IP towards the target network to which it is directed.
Preferably, the method comprises the steps of,
before the container in the routing type data center network announces the container IP address carried by the computing node in the container to the target routing controller, the method further comprises:
S110: judging whether a BGP peer relationship is established between the compute node uplink switch and the target routing controller; wherein, the computing node uplink switch refers to a target network switch;
s111: if the BGP peer relationship is established between the compute node uplink switch and the target route controller, establishing the BGP peer relationship of the BGP dialogue between the compute node and the target route controller based on the BGP protocol;
s112: if no BGP peer relationship is established between the compute node upstream switch and the target route controller, the establishment of the BGP peer relationship between the compute node and the target route controller is refused.
As shown in fig. 2, in connection with an embodiment of the present invention, there is provided a container-based routing data center network management system including:
a container 21 in a routing data center network, configured to notify a target routing controller of a container IP address carried by a computing node in the container, where the target routing controller is a routing controller that is a BGP peer with the computing node carrying the container IP address; the IP address of the container carries the home service and home machine room of the container; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers;
The target route controller 22 is configured to invoke an ingress route control policy defined by the route controller, identify a home service and a home machine room carried by the container IP address according to the ingress route control policy, and add a corresponding BGP group attribute identifier to the container IP address according to the home service and the home machine room carried by the container IP address, so as to form the container IP route; advertising the container IP route to a target network switch which is a BGP peer with the target route controller according to the outbound route control strategy, wherein two devices which establish BGP dialogue based on the BGP protocol are BGP peers, and the devices refer to the route controller, the computing node or the network switch;
the target network switch 23 is configured to send the container IP address to the target network to which it points according to BGP community attribute of the container IP route.
Preferably, the method comprises the steps of, the ingress routing control strategy comprises: the IP prefix white list, the preset route quantity upper limit and the BGP group attribute identification are added for the IP address;
the target routing controller 22 is further configured to filter the container IP address according to an IP prefix white list before identifying the home service and the home machine room carried by the container IP address according to the ingress routing control policy; if the prefix of the IP address of the container is positioned in the IP prefix white list, further judging whether the IP route number of the target router controller reaches the preset route number upper limit or not; if the IP route number of the target router controller does not reach the preset route number upper limit, the step of identifying the home service and the home machine room carried by the IP address of the container according to the incoming route control strategy is further executed.
Preferably, a peer establishment unit 24 is also included, wherein:
the peer establishing unit 24 is configured to establish a BGP peer relationship of a BGP session between a routing controller and a network switch based on a BGP protocol before a container in the routing data center network announces, to a target routing controller, a container IP address carried by a computing node in the container.
Preferably, the method further comprises:
a routing controller 25, configured to define an outbound routing control policy, and send the outbound routing control policy to a network switch that is a BGP peer with the routing controller; the outlet is provided with Directional routing the control strategy comprises the following steps: identifying a group attribute identifier in the IP address, adding a group attribute no-advertisement and adding downstream network equipment behaviors;
the target routing controller 22 is specifically configured to: invoking an outbound route control strategy defined by a route controller from a network switch which is a BGP peer with the network switch; identifying BGP community attribute identification of the container IP route according to the outbound route control strategy, adding community attribute no-advertisement for the container IP route according to the BGP community attribute identification of the container IP route, wherein the community attribute no-advertisement is used for designating a target network switch for the container IP route, and the target network switch and a target route controller are BGP peers;
The target network switch 23 is configured to receive the container IP route advertised by the target route controller, and send the container IP route to the target network to which the container IP route is directed; and requires the downstream network device to perform the added downstream network device behavior while routing the container IP towards the target network to which it is directed.
Preferably, the method comprises the steps of,
the container 21 is further configured to determine, before notifying, to the target routing controller, a container IP address carried by a computing node in the container, whether a BGP peer relationship is established between the computing node tie switch and the target routing controller; wherein, the computing node uplink switch refers to a target network switch;
if the BGP peer relationship is established between the compute node uplink switch and the target route controller, establishing the BGP peer relationship of the BGP dialogue between the compute node and the target route controller based on the BGP protocol; if no BGP peer relationship is established between the compute node upstream switch and the target route controller, the establishment of the BGP peer relationship for the compute node and the target route controller is refused.
The foregoing technical solutions of the embodiments of the present invention will be described in detail with reference to specific application examples, and reference may be made to the foregoing related description for details of the implementation process that are not described.
The key words and technical abbreviations related to the invention are explained as follows:
BGP the Border Gateway Protocol (BGP) is a routing protocol for an autonomous system running on TCP. BGP is the only protocol used to handle networks like the internet and is the only protocol that can handle multipath connections between unrelated routing domains. BGP builds on top of experience with EGP. The primary function of BGP systems is to exchange network reachability information with other BGP systems. The network reachability information includes information of the listed autonomous systems (ases). This information effectively builds a topology of the AS interconnect and thus clears the routing loops, while policy decisions can be implemented at the AS level.
The basic idea of the CLOS network is to connect a plurality of smaller-scale switching units according to a certain connection mode to form a multi-stage switching network.
SDN: the software defined network (Software Defined Network, SDN) is a novel network innovation architecture proposed by the university of stanford clean-slot subject research group of united states, and is one implementation of network virtualization. The core technology OpenFlow separates the control surface from the data surface of the network equipment, so that flexible control of network flow is realized, the network becomes more intelligent as a pipeline, and a good platform is provided for innovation of the core network and application.
The invention relates to a data center centralized container network route management device and a method, which relate to the technical field of network communication, in particular to a device for centralized collection, distribution and guidance of network switches for data packet forwarding of large-scale data center container network routes (container-based routing type data center networks) based on SDN ideas. The invention adopts the SDN thought-based centralized collection and distribution of the container route to the large-scale networking data center, and has the following advantages:
the routing controller can simultaneously serve a plurality of data centers and a plurality of container clusters, and can meet the unified management of the IP routing of the container clusters of different businesses, different departments and the like.
Only one set of control system is needed to be deployed for a plurality of data center networks, and the centralized management can greatly improve the operation and maintenance efficiency. Wherein, the hierarchical relation is: data center > container platform > container cluster.
The service opening efficiency is high, the routing controller develops an API interface and a service party, and adopts the routing controller to unify the API to a container platform manager, so that the service party links the API interface to send configuration to the routing controller when deploying a container, the routing controller can automatically establish BGP connection with a computing node, the service can be automatically opened, and the configuration of a switch does not need manual intervention.
The technical proposal of the invention consists of a route controller, a network switch and a computing node, wherein the route controller is used for collecting and distributing IP route information, the computing node (node) is used for releasing and withdrawing the IP routing information of the container, and the network switch forwards the IP message according to the routing information received from the routing controller.
As shown in fig. 3 and 4, the technical principle of the present invention is as follows:
1. the container platform uses a pure three-layer network scheme (a routing type data center network) to announce the container IP address carried by the computing node to the routing controller; that is, a container in a routing data center network advertises to a target routing controller the container IP address carried by a compute node within the container. The target route controller is a route controller which is a BGP peer with a computing node bearing the IP address of the container; the IP address of the container carries the home service and home machine room of the container; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers.
2. The route controller (especially a target router) judges the attribution service of the received IP route (container IP address) and the attribution machine room (machine room where the container IP address is) according to the BGP peer (the BGP peer with the computing node) and adds the corresponding BGP community attribute identification. Specifically:
the routing controller processes the IP routing information according to the ingress routing control policy, the ingress route control strategy comprises the following steps: the IP prefix white list, the preset route quantity upper limit and the BGP community attribute identification are added for the IP address.
The routing controller then determines the validity of the IP routing information delivered from the computing node (filtering the container IP address according to the IP prefix whitelist), the number of prefixes, etc., and only allows legal routing prefixes within a specified number. Wherein, two devices establishing BGP dialogue based on BGP protocol are BGP peers, and the devices are route controllers, computing nodes or network switches.
How the IP address translates to IP routing: the computing node announces (sends) the container IP address, which is passed to the routing controller via BGP protocol, at which point the routing controller receives the announced IP address as an IP route or IP route entry (at which point the container IP route entry is different from the IP address received by the routing controller because BGP community attribute identification is added).
The purpose of determining the home service and the home machine room is to classify the container IP route by using BGP community attribute identification. The BGP community attribute identifier is an attribute of the BGP protocol, and may add a custom community attribute identifier for a route transmitted by a BGP peer.
Computing node 1, such as BX room ABC service, adds community attributes 102:1, 100:100 at the peers. Then all route entries passed from computing node 1 contain 102:1, 100:100 community attributes.
The group attribute is self-definition, 102:1 is a machine room identifier, and 100:100 is a service identifier. Each business in each machine room is assigned a unique community attribute in advance.
Role of community attributes: according to the representation of the community attributes, the routing entries are sent accurately to the correct machine room (the machine room where the compute node is located, the container is deployed in the compute node, and the container IP is required to be delivered by the compute node to the routing controller via BGP protocol). After the announced IP address is transferred to the routing controller, the IP address transferred from the computing node received by the routing controller is called a routing entry (the meaning of the routing, the routing entry and the routing information is identical). The routing entry contains information: prefix information, next hop information. The different protocols also contain different additional information: such AS BGP protocol contains PrefVal, local _ Pref, AS-Path, community attributes, etc.
The computing node 1, such as BX room ABC service, sends a route carrying the 102:1,100:100 community attributes. The routing controller establishes identity of community attribute representation of BGP peers with the switch of BX machine room, and then needs to identify 102:1 the community attribute, and then can control accurate routing delivery to the target network, so that the container in the computing node can be reached.
The prefix is the prefix of the IP route delivered by the compute node. The IP routes received by the route controller from the compute nodes are passed to the switch to direct the correct direction for traffic arriving at the container on the switch.
3. The route controller announces route information (which refers to route items sent by the computing nodes) to the network switch, and uses BGP community attribute to control a target network or a target IDC (Internet data center) to which the route can be sent.
Wherein the peers include BGP peers between the compute node and the routing controller, and BGP peers between the network switch and the routing controller. The two peers are not necessary. The routing controller is informed of the container IP address carried by the computing node. The peer between the route controller and the network switch is established in advance; the routing controller establishes with the peers of the compute nodes as needed.
As shown in fig. 5, the specific steps are as follows:
1. defining an ingress route control strategy and an egress route control strategy in a route controller; ingress route control policy: 1) IP prefix white list control; 2) Adding BGP group attribute identification; 3) The number of routes is limited. Outgoing route control strategy: 1) Identifying group attribute, and transmitting the control route to a target network; 2) Adding a community attribute no-advertisement and adding downstream network equipment behaviors. The adding of the community attribute no-advertisement is performed by an outbound route control strategy of a route controller and a BGP peer of a network switch. no-advertisement is one of BGP community attributes, defined in RFC1997, which has a fixed role, and switches receiving a route entry with this community attribute will not pass this route entry on to another BGP peer; the purpose of this attribute is to effectively prevent the creation of routing loops and suboptimal paths, protecting the container IP accessibility (devices receiving routes with these several recognized community attributes are automatically implemented in accordance with RFC regulations). A "downstream network device" in downstream network device behavior may be understood as a further BGP peer (which may be understood as a BGP peer device established by a switch and a device external to the routing controller). "behavior" in downstream network device behavior may be understood as forwarding of traffic; because forwarding of traffic requires querying a routing table, i.e. looking up a routing entry, if a downstream network device receives a routing entry for information of a wrong next hop, it may cause traffic to be unable to be forwarded according to a correct path, and may cause a routing loop or a suboptimal path to occur. If no application adds a no-advertisement community attribute, such as that received by the TC switch, the IP route would be passed to another BGP peer of the switch. The additional BGP peer receives the IP route and also receives the IP route from the routing controller, and if the former is selected via BGP routing principles, a sub-optimal path or routing loop is generated.
Wherein a switch that receives a route entry with this community attribute will not pass this route entry on to another BGP peer, i.e., the BGP peer that is designated to receive the IP route. No_advertise (4294967042, OR0 xffffff02): routes containing this attribute are not sent to any BGP neighbors, including EBGP and IBGP. No_advertise (0 xFFFFFF 02) All routes received carrying a communities attribute containing this value MUST NOT be advertised to other BGP peers.
IP routing functions to provide a forwarding path for traffic destined for container IP, and the network device behavior is then "forward traffic destined for container IP".
2. The network switch establishes BGP peers with the control node (routing controller); the establishment of this peer is prior to the establishment of the peer by the computing node and the routing controller.
3. Before a container in a routing data center network announces a container IP address borne by a computing node in the container to a target routing controller, the routing controller calls a routing control strategy with a BGP peer of a switch; the switches in this sentence include an uplink switch; the switch is here all switches.
Invoking outbound route control policies is invoked on BGP peers of the route controller and switch. And according to the outbound route control strategy, the target route controller identifies the BGP community attribute identifier of the container IP route, adds community attribute no-advertisement for the container IP route according to the BGP community attribute identifier of the container IP route, wherein the community attribute no-advertisement is used for designating a target network switch for the container IP route, and the designated target network switch and the target route controller are BGP peers. Without this policy, e.g., compute node container IP of BX machine room: 10.10.10.1/32 is passed to the routing controller, which if no outbound routing policy is on the BGP peer with the switch, will send the IP route to the switches of all the rooms, e.g., the TC room receives the route entry. It is meaningless for the TC machine room, and the routing table resource of the switch is wasted. This is the first role of the outbound routing policy.
If no application adds a no-advertisement community attribute, such as that received by the TC switch, the IP route would be passed to another BGP peer of the switch. The additional BGP peer receives the IP route and also receives the IP route from the routing controller, if the former is selected, via BGP routing principles. Then a sub-optimal path or routing loop may be created.
4. Whether a computing node up switch (i.e., a target network switch) establishes BGP peers with a routing controller, typically after deployment of the routing controller and before establishment of BGP peers between the routing controller and the computing node, establishes BGP peers between the computing node up switch and the routing controller. Only after BGP peers are established by the computing node, the switch, and the routing controller, respectively, the upstream switch can receive the container IP address from the target routing controller and send the container IP address to the target network to which the container IP address is directed. And requires the downstream network device to perform the added downstream network device behavior while routing the container IP towards the target network to which it is directed. If the compute node upper-connected switch does not establish a BGP peer with the routing controller, the compute node upper-connected switch does not receive the container IP address carried by the compute node, and the flow accessing the container IP is discarded when the compute node upper-connected switch arrives, so that the purpose of reaching the container IP cannot be achieved.
5. Judging whether a BGP peer relationship is established between the compute node uplink switch and the target routing controller; wherein, the computing node uplink switch refers to a target network switch; if the BGP peer relationship is established between the compute node uplink switch and the target route controller, establishing a BGP peer of a BGP dialogue between the compute node and the target route controller based on a BGP protocol; if the computing node is connected with the switch and the road the BGP peer is not established by the controller, refusing to establish the computing node and the routing controller to establish the BGP peer; root cause: if a BGP peer is established between a computing node and a routing controller, and no BGP peer is established between the computing node's onboarding switch and the routing controller. The compute node-attached switch cannot receive the IP route from the route controller. The compute node upper-connected switch does not have the IP route is received from the route controller, traffic destined for the compute node container is caused to be unable to forward, resulting in container IP being unable to communicate. The BGP peer is only required to be established between the compute node uplink switch and the routing controller. The function is a detection mechanism and prevents the influence on the new online service caused by the fact that BGP peers are not established between the compute node online switch and the routing controller.
6. If the computing node uplink switch and the routing controller establish a BGP peer, the computing node and the routing controller establish a BGP peer; the target route controller advertises the container IP route to target network switches that are BGP peers to the target route controller according to the outbound route control policy.
7. Calling an incoming route control strategy between a route controller and a computing node BGP peer;
8. the computing node sends a routing entry; i.e., the container in the routing data center network advertises to the target routing controller the container IP address carried by the compute node within the container.
9. The route controller sends a route entry, i.e., the target route controller advertises the container IP route to target network switches that are BGP peers to the target route controller.
The beneficial effects obtained by the embodiment of the invention are as follows:
1. the route marking and receiving control method comprises the following steps: the invention marks the container route (IP route) by using BGP group attribute, the marked route can carry information such as container cluster attribution, machine room attribution and the like, is used for precisely controlling the route diffusion range, and can support cross IDC deployment and support simultaneous nano-tube of a plurality of service clusters.
2. The prior art does not define a mode of route management of a physical network, needs to carry out a large amount of configuration on network switch equipment, and has difficult operation and maintenance management and control in a large-scale data center scene; the invention adopts a centralized route control method, only one set of route controllers is needed in the multi-IDC and multi-cluster deployment scene (a group of controllers can be used for carrying out route receiving and transmitting control on a plurality of IDCs and a plurality of container clusters), the deployment framework is simple, the operation and maintenance are simple, and the reliability is high.
It should be understood that the specific order or hierarchy of steps in the processes disclosed are examples of exemplary approaches. Based on design preferences, it is understood that, the particular order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not meant to be limited to the specific order or hierarchy presented.
In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus the following claims are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate preferred embodiment of this invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. As will be apparent to those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, as used in the specification or claims, the term "comprising" is intended to be inclusive in a manner similar to the term "comprising," as interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean "non-exclusive or".
Those of skill in the art will further appreciate that the various illustrative logical blocks (illustrative logical block), units, and steps described in connection with the embodiments of the invention may be implemented by electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components (illustrative components), elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Those skilled in the art may implement the described functionality in varying ways for each particular application, but such implementation is not to be understood as beyond the scope of the embodiments of the present invention.
The various illustrative logical blocks or units described in the embodiments of the invention may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described. A general purpose processor may be a microprocessor, but in the alternative, the general purpose processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. In an example, a storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may reside in a user terminal. In the alternative, the processor and the storage medium may reside as distinct components in a user terminal.
In one or more exemplary designs, the above-described functions of embodiments of the present invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on a computer-readable medium or transmitted as one or more instructions or code on the computer-readable medium. Computer readable media includes both computer storage media and communication media that facilitate transfer of computer programs from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media may include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that may be used to carry or store program code in the form of instructions or data structures and other data structures that may be read by a general or special purpose computer, or a general or special purpose processor. Further, any connection is properly termed a computer-readable medium, e.g., if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless such as infrared, radio, and microwave, and is also included in the definition of computer-readable medium. The disks (disks) and disks (disks) include compact disks, laser disks, optical disks, DVDs, floppy disks, and blu-ray discs where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included within the computer-readable media.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A container-based routing data center network management method, comprising:
a container in a routing data center network announces a container IP address borne by a computing node in the container to a target routing controller, wherein the target routing controller is a routing controller which is a BGP peer with the computing node bearing the container IP address; the IP address of the container carries the home service of the container belonging to a machine room; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers;
the target route controller calls an incoming route control strategy defined by the route controller, identifies an attribution service and an attribution machine room carried by the container IP address according to the incoming route control strategy, and adds a corresponding BGP group attribute identifier for the container IP address according to the attribution service and the attribution machine room carried by the container IP address to form the container IP route; wherein, two devices that establish a BGP session based on the BGP protocol are BGP peers to each other, the device refers to a routing controller, a computing node or a network switch;
The target route controller announces the container IP route to a target network switch which is a BGP peer with the target route controller according to the outgoing route control strategy, and the target network switch sends the container IP address to a target network pointed by the target network switch according to the BGP community attribute of the container IP route.
2. The container-based routing data center network management method of claim 1, wherein the ingress routing control policy comprises: the IP prefix white list, the preset route quantity upper limit and the BGP group attribute identification are added for the IP address;
before the home service and the home machine room carried by the IP address of the container are identified according to the incoming route control strategy, the method further comprises the following steps:
filtering the IP address of the container according to the IP prefix white list;
if the prefix of the IP address of the container is positioned in the IP prefix white list, further judging whether the IP route number of the target router controller reaches the preset route number upper limit or not;
if the IP route number of the target router controller does not reach the preset route number upper limit, the step of identifying the home service and the home machine room carried by the IP address of the container according to the incoming route control strategy is further executed.
3. The container-based routing data center network management method of claim 1, further comprising, before a container in the routing data center network advertises to a target routing controller a container IP address carried by a compute node within the container:
BGP peering relationships of BGP dialogs are established between a routing controller and a network switch based on BGP protocol.
4. The container-based routing data center network management method of claim 3, further comprising:
defining an outbound route control strategy in a route controller, and sending the outbound route control strategy to a network switch which is a BGP peer with the route controller; the outbound route control strategy comprises the following steps: identifying a group attribute identifier in the IP address, adding a group attribute no-advertisement and adding downstream network equipment behaviors;
the target route controller announces the container IP route to a target network switch which is a BGP peer with the target route controller according to the outbound route control strategy, and the target network switch sends the container IP address to a target network pointed by the container IP address according to the BGP community attribute of the container IP route, which comprises the following steps:
The target route controller invokes an outbound route control strategy defined by the route controller from a network switch which is a BGP peer with the target route controller;
according to the outgoing route control strategy, the target route controller identifies the BGP community attribute identification of the container IP route, adds community attribute no-advertisement for the container IP route according to the BGP community attribute identification of the container IP route, wherein the community attribute no-advertisement is used for designating a target network switch for the container IP route, and the target network switch and the target route controller are BGP peers;
receiving the container IP route advertised by the target route controller through a designated target network switch, and sending the container IP route to a target network pointed by the container IP route;
and requires the downstream network device to perform the added downstream network device behavior while routing the container IP towards the target network to which it is directed.
5. The container-based routing data center network management method of claim 1, further comprising, before a container in the routing data center network advertises to a target routing controller a container IP address carried by a compute node within the container:
Judging whether a BGP peer relationship is established between the compute node uplink switch and the target routing controller; wherein, the computing node uplink switch refers to a target network switch;
if the BGP peer relationship is established between the compute node uplink switch and the target route controller, establishing the BGP peer relationship of the BGP dialogue between the compute node and the target route controller based on the BGP protocol;
if no BGP peer relationship is established between the compute node upstream switch and the target route controller, the establishment of the BGP peer relationship between the compute node and the target route controller is refused.
6. A container-based routing data center network management system, comprising:
a container in a routing data center network, configured to notify a target routing controller of a container IP address carried by a computing node in the container, where the target routing controller is a routing controller that is a BGP peer with the computing node carrying the container IP address; the IP address of the container carries the home service and home machine room of the container; the routing type data center network is used for constructing network connection among a plurality of containers, and the plurality of routing type data center networks share a set of routing controllers which are high-availability clusters formed by the plurality of routing controllers;
The target route controller is used for calling an incoming route control strategy defined by the route controller, identifying an attribution service and an attribution machine room carried by the container IP address according to the incoming route control strategy, and adding a corresponding BGP group attribute identifier for the container IP address according to the attribution service and the attribution machine room carried by the container IP address to form the container IP route; advertising the container IP route to a target network switch which is a BGP peer with the target route controller according to the outbound route control strategy, wherein two devices which establish BGP dialogue based on the BGP protocol are BGP peers, and the devices refer to the route controller, the computing node or the network switch;
and the target network switch is used for sending the container IP address to the target network pointed by the container IP address according to the BGP community attribute of the container IP route.
7. The container-based routing data center network management system of claim 6, wherein the ingress routing control policy comprises: the IP prefix white list, the preset route quantity upper limit and the BGP group attribute identification are added for the IP address;
the target route controller is further configured to filter the container IP address according to an IP prefix white list before identifying the home service and the home machine room carried by the container IP address according to the ingress route control policy; if the prefix of the IP address of the container is positioned in the IP prefix white list, further judging whether the IP route number of the target router controller reaches the preset route number upper limit or not; if the IP route number of the target router controller does not reach the preset route number upper limit, the step of identifying the home service and the home machine room carried by the IP address of the container according to the incoming route control strategy is further executed.
8. The container-based routing data center network management system of claim 6, further comprising a peer establishment unit, wherein:
the peer establishing unit is configured to establish a BGP peer relationship of a BGP session between a routing controller and a network switch based on a BGP protocol before a container in the routing data center network announces, to a target routing controller, a container IP address carried by a computing node in the container.
9. The container-based routing data center network management system of claim 8, further comprising:
the routing controller is used for defining an outbound routing control strategy and sending the outbound routing control strategy to a network switch which is a BGP peer with the routing controller; the outbound route control strategy comprises the following steps: identifying a group attribute identifier in the IP address, adding a group attribute no-advertisement and adding downstream network equipment behaviors;
the target route controller is specifically configured to invoke the outbound route control policy defined by the route controller from the network switch which is the BGP peer with the target route controller; identifying BGP community attribute identification of the container IP route according to the outbound route control strategy, adding community attribute no-advertisement for the container IP route according to the BGP community attribute identification of the container IP route, wherein the community attribute no-advertisement is used for designating a target network switch for the container IP route, and the target network switch and a target route controller are BGP peers;
The target network switch is used for receiving the container IP route advertised by the target route controller and sending the container IP route to the target network pointed by the container IP route; and requires the downstream network device to perform the added downstream network device behavior while routing the container IP towards the target network to which it is directed.
10. The container-based routing data center network management system of claim 6, wherein,
the container may be a container for a liquid, but also for prior to advertising to the target routing controller the container IP address carried by the compute node within the present container, judging whether a BGP peer relationship is established between the compute node uplink switch and the target routing controller; wherein, the computing node uplink switch refers to a target network switch; if the BGP peer relationship is established between the compute node uplink switch and the target route controller, establishing the BGP peer relationship of the BGP dialogue between the compute node and the target route controller based on the BGP protocol; if no BGP peer relationship is established between the compute node upstream switch and the target route controller, the establishment of the BGP peer relationship for the compute node and the target route controller is refused.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210257953.0A CN114629845B (en) | 2022-03-16 | 2022-03-16 | The method comprises the following steps of: container-based is a routing data of (1) Central network management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210257953.0A CN114629845B (en) | 2022-03-16 | 2022-03-16 | The method comprises the following steps of: container-based is a routing data of (1) Central network management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114629845A CN114629845A (en) | 2022-06-14 |
| CN114629845B true CN114629845B (en) | 2024-02-02 |
Family
ID=81902679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210257953.0A Active CN114629845B (en) | 2022-03-16 | 2022-03-16 | The method comprises the following steps of: container-based is a routing data of (1) Central network management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114629845B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107332775A (en) * | 2017-08-14 | 2017-11-07 | 上海新炬网络信息技术股份有限公司 | Across host exchanging visit system and its control method based on docker containers |
| CN107770066A (en) * | 2017-10-20 | 2018-03-06 | 成都精灵云科技有限公司 | It is a kind of across main frame, travelling across VLAN, the Docker container methods of river diversion across cluster |
| WO2020212998A1 (en) * | 2019-04-17 | 2020-10-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Network address allocation in a virtual layer 2 domain spanning across multiple container clusters |
| CN112970230A (en) * | 2018-10-31 | 2021-06-15 | 阿里巴巴集团控股有限公司 | Method and system for accessing cloud services |
| CN113760461A (en) * | 2021-09-07 | 2021-12-07 | 新华智云科技有限公司 | Version upgrading method and computer readable storage medium |
| CN113826363A (en) * | 2019-03-27 | 2021-12-21 | 亚马逊技术有限公司 | Consistent routing advertisements between redundant controllers in a global network access point |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10454821B2 (en) * | 2016-10-14 | 2019-10-22 | Cisco Technology, Inc. | Creating and maintaining segment routed traffic engineering policies via border gateway protocol |
| US11336567B2 (en) * | 2020-04-20 | 2022-05-17 | Cisco Technology, Inc. | Service aware virtual private network for optimized forwarding in cloud native environment |
-
2022
- 2022-03-16 CN CN202210257953.0A patent/CN114629845B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107332775A (en) * | 2017-08-14 | 2017-11-07 | 上海新炬网络信息技术股份有限公司 | Across host exchanging visit system and its control method based on docker containers |
| CN107770066A (en) * | 2017-10-20 | 2018-03-06 | 成都精灵云科技有限公司 | It is a kind of across main frame, travelling across VLAN, the Docker container methods of river diversion across cluster |
| CN112970230A (en) * | 2018-10-31 | 2021-06-15 | 阿里巴巴集团控股有限公司 | Method and system for accessing cloud services |
| CN113826363A (en) * | 2019-03-27 | 2021-12-21 | 亚马逊技术有限公司 | Consistent routing advertisements between redundant controllers in a global network access point |
| WO2020212998A1 (en) * | 2019-04-17 | 2020-10-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Network address allocation in a virtual layer 2 domain spanning across multiple container clusters |
| CN113760461A (en) * | 2021-09-07 | 2021-12-07 | 新华智云科技有限公司 | Version upgrading method and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114629845A (en) | 2022-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103873378B (en) | There is central controlled converging network | |
| EP3681110B1 (en) | A region interconnect control using vrf tables across heterogeneous networks | |
| US9634928B2 (en) | Mesh network of simple nodes with centralized control | |
| RU2651149C2 (en) | Sdn-controller, data processing center system and the routed connection method | |
| US9450817B1 (en) | Software defined network controller | |
| EP3474502B1 (en) | Reduced configuration for multi-stage network fabrics | |
| US8085791B1 (en) | Using layer two control protocol (L2CP) for data plane MPLS within an L2 network access node | |
| WO2020233430A1 (en) | Method, apparatus and system for communication between controllers in tsn | |
| EP3905609A1 (en) | Service data forwarding method, network device, and network system | |
| CN106789637B (en) | Cross-domain service intercommunication path establishment method, controller and system | |
| KR20080066786A (en) | Gmpls control of ethernet | |
| WO2015000386A1 (en) | Virtual network | |
| EP1701516B1 (en) | Method for facilitating application server functionality and access node comprising the same | |
| EP2728797B1 (en) | Message processing method, device and system | |
| EP3297245B1 (en) | Method, apparatus and system for collecting access control list | |
| US8559431B2 (en) | Multiple label based processing of frames | |
| EP2214359A1 (en) | A policy control method and system for layer two device | |
| CN102377645B (en) | Exchange chip and realization method thereof | |
| CN109286563B (en) | Data transmission control method and device | |
| CN105637806A (en) | Method and apparatus for determining network topology, and centralized network state information storage device | |
| CN114629845B (en) | The method comprises the following steps of: container-based is a routing data of (1) Central network management method and system | |
| CN101238683A (en) | Service quality in access network based on VLAN | |
| CN112671650A (en) | End-to-end SR control method, system and readable storage medium under SD-WAN scene | |
| CN107508730B (en) | SDN network-based data center interconnection method and device | |
| JP3794496B2 (en) | Network connection method, network connection system, layer 2 switch and management server constituting the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230413 Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Applicant after: Sina Technology (China) Co.,Ltd. Address before: 100193 7th floor, scientific research building, Sina headquarters, plot n-1, n-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Applicant before: Sina.com Technology (China) Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |