CN105591820B - High-extensible container network management system and method - Google Patents
High-extensible container network management system and method Download PDFInfo
- Publication number
- CN105591820B CN105591820B CN201511021498.0A CN201511021498A CN105591820B CN 105591820 B CN105591820 B CN 105591820B CN 201511021498 A CN201511021498 A CN 201511021498A CN 105591820 B CN105591820 B CN 105591820B
- Authority
- CN
- China
- Prior art keywords
- container
- network
- host
- address
- configuring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000013507 mapping Methods 0.000 claims abstract description 33
- 230000003213 activating effect Effects 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims description 16
- 230000003993 interaction Effects 0.000 claims description 14
- 238000005538 encapsulation Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 230000006854 communication Effects 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 3
- 238000013519 translation Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 230000003416 augmentation Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
A high-extensible container network management system and a method relate to the field of cloud computing, in particular to a network management system and a method required by a high-extensible cloud computing system formed by containers. The high-extensible container network management system comprises a host address distributor, a network configuration manager, a network controller and a container tunnel. The method for managing the high-extensible container network comprises the steps of configuring container network parameters, configuring and activating one-to-one mapping from a host machine address to a container network section, and sending and receiving data packets. The invention can automatically control and manage a highly extensible and highly available cloud computing system formed by containers, and ensure the interoperability and safety between the containers on different hosts.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a highly extensible system network management system and a highly extensible system network management method which are formed by containers.
Background
As a core technology of new generation cloud computing, a container technology has gradually become a development focus of cloud computing enterprises at home and abroad in recent years. For the core technology constituting the cloud computing system, high scalability is a necessary core technical characteristic. With the support of the existing container technology, one host can run dozens or even hundreds of containers, but after the number of containers exceeds hundreds, one host is far from enough. Meanwhile, only one host machine is used for operating the container, which also affects high availability, namely, if one host machine fails, all user containers cannot operate. Therefore, to achieve high scalability and high availability of a cloud computing environment, it is required that containers can be run simultaneously by multiple hosts and connectivity between different host containers is maintained.
The network management system of the existing container can not well meet the requirements, namely, the requirement that a plurality of host machines are used for simultaneously operating the container can not be met, and the connectivity among containers of different host machines can be kept. The existing container network management system is shown in fig. 1: in a host machine for operating the container, a plurality of container instances and a container gateway are operated, and the container gateway and the container instances are interconnected and intercommunicated through a host machine internal network segment. As shown in fig. 1, in a default situation, multiple containers in one host may be interconnected, but containers operated by different hosts cannot be interconnected.
An existing solution for container Network interconnection is illustrated in fig. 1, that is, a container gateway sets a Network Address Translation (NAT) function, and maps services provided by some containers to Network addresses of hosts through ports. If the address of the host machine is 172.16.1.1, the internal network address of a certain container is 192.168.1.1; through network address translation, 80 ports of 192.168.1.1 can be mapped to 8080 ports of 172.16.1.1; thus, if the container of another host wants to access the 80 port of 192.168.1.1 of the container, it only needs to access the 8080 port of 172.16.1.1. The above network address translation method has a disadvantage that it cannot satisfy an extended scenario that multiple containers on the same host want to issue the same port, because of the limitation of the network port of a single host. For example, if two containers 192.168.1.1 and 192.168.1.2 in host 172.16.1.1 both desire 80 ports, they may not both issue 172.16.1.1 8080 ports, which would necessitate port conflicts.
Disclosure of Invention
The invention provides a highly extensible container network management system and a highly extensible highly available cloud computing system method, which can automatically control and manage a highly extensible highly available cloud computing system formed by containers, and ensure interoperability and safety between the containers on different hosts, thereby solving the problems in the prior art.
In order to achieve the above object, the highly scalable container network management system of the present invention includes a host address allocator, a network configuration manager, a network controller, and a container tunnel, where the network configuration manager is configured to configure the host address allocator, configure the network controller, and deploy and configure the container tunnel; the network controller is used for allocating a container network sub-network segment for the container running on each host machine, and allocating and storing a one-to-one mapping relation from the address of the host machine to the container network sub-network segments; the container tunnel is arranged on each host machine and is used for encapsulating the data packets from the host machine, and/or removing the data packets which are used for encapsulating the containers on other host machines and sent to the host machine.
Further, the network configuration manager comprises a user interaction module, a host address configuration module, a container address configuration module and a container tunnel deployment module; the user interaction module is used for providing an interaction interface for a user to autonomously set container network parameters, and the container network parameters comprise a host computer network segment, a container address total segment, the maximum container number of each host computer and a container gateway address; the host address configuration module is used for configuring the host address distributor; the container address configuration module is used for configuring and managing the container network parameters; the container tunnel deployment module is used for deploying and configuring the container tunnel.
Further, the user interaction module is a command line or a graphical user interface.
In order to achieve the above object, the method for managing a highly scalable container network of the present invention comprises the following steps:
s1, configuring container network parameters, and configuring the mapping from the host machine address to the container address field;
s2, deploying container tunnels, configuring and activating one-to-one mapping from the host machine addresses to the container network segments;
s3, according to the one-to-one mapping from the host machine address to the container network segment, sending and receiving the data packet.
Specifically, step S1 is:
s11, configuring the container network parameters;
s12, calculating and configuring the mapping from the host machine address to the container address field.
More specifically, step S11 is:
s111, registering and connecting a host address distributor and configuring a host address section;
s112, registering and connecting a network controller, and configuring a container address total segment, the maximum container number of each host and a container gateway host address;
s113, reading the address field of the host machine;
s114, calculating the mapping from the host machine address to the container address field;
s115, the mapping from the host machine to the container address field is configured.
More specifically, step S114 is:
s1141, configuring the container address total segment;
s1142, calculating a container network address prefix;
s1143, configuring the maximum container number of the host machine;
s1144, calculating the address length of the container instance;
s1145, judging whether the number of the allowed container network address suffixes is larger than or equal to the number of the allowed host addresses,
if the number of the container network address suffixes is larger than or equal to the number of the allowed host addresses, storing and configuring the container network address suffixes to a network controller;
and if the number of the container network address suffixes is less than the number of the allowed host machine addresses, prompting the user that the network section is insufficient.
Specifically, step S2 is:
s21, registering and connecting a host machine;
s22, deploying the container tunnel;
s23, configuring network controller address, the container tunnel connects the network controller, and obtains the container network configuration of the host machine;
s24, configuring the container gateway through the container tunnel, configuring host machine route, and directing the container network total segment route to the container tunnel by the next hop;
s25, registering and activating the one-to-one mapping of the host address to the container network.
Specifically, in step S3, the step of,
s31, the container sends the data packet to the target host machine;
s32, the target host receives and processes the data packet.
More specifically, in step S31, the step of,
s311, the container sends a data packet;
s312, judging whether the target host is the same host or not,
if the target host is a different host, executing step S313;
if the target host is the same host, sending the data packet to another container through internal communication of the host to finish data packet sending;
s313, sending the data to the host routing module through the container gateway;
s314, judging whether the target is the container network total segment,
if the target is the container network segment, go to step S315;
if the target is not the container network segment, the host machine routing module directly sends the target address to complete the data packet sending;
s315, the host machine routing module sends a data packet to the container tunnel for processing;
s316, acquiring a target host mapped by the target container network;
and S317, packaging the container data packet into a data packet which can be sent to a host, and then sending the packaged data packet to a target host to finish sending the data packet.
In particular, step S316 is to read the target host address of the target container network mapping from the cache or from the network controller.
More specifically, step S32 includes,
s321, the host receives the data packet;
s322, judging whether the target is the container tunnel,
if the target is the container tunnel, executing step S323;
if the target is not the container tunnel, the target is transferred to a corresponding port process for processing, and the data packet receiving is completed.
S323, sending the container to the container tunnel for processing;
s324, removing the data package encapsulation, and enabling the target to become a host machine container;
and S325, sending the data packet to the host machine container for processing, and finishing receiving the data packet.
Specifically. In step S24, the configuration container network DHCP (Dynamic Host configuration protocol) is:
it is determined whether the container network gateway contains a DHCP function,
if the container gateway contains the DHCP function, setting the DHCP configuration of the container gateway;
if the container gateway does not contain DHCP functionality, then a container tunnel DHCP configuration is set.
The invention has the beneficial effects that: the cloud computing system can automatically allocate network addresses of the container networks according to the setting of the system administrator, and maintain the connectivity and stability of the whole container network.
Drawings
FIG. 1 is a schematic diagram of: network environment of a general container network in the prior art;
FIG. 2 is a diagram of: the invention is applied to the container network, and the configuration management is carried out on the container network;
FIG. 3 is a diagram of: a component module of a network configuration manager;
FIG. 4 is a diagram of: a schematic of a container network communicating using the present invention;
FIG. 5 is a diagram of: the invention relates to the effect of various configuration parameters on various address fields in a container network;
FIG. 6 is a diagram of: configuring the flow of the container network parameters through a network configuration manager;
FIG. 7 is a diagram of: when a network address field of a host machine is configured, the interaction flow of each module is carried out;
FIG. 8 is a diagram of: configuring an interactive flow of each module when a network controller is registered to a network configuration manager and container network parameters are configured to the network controller;
FIG. 9 is a schematic diagram of: registering a host machine to a network configuration manager, deploying a container tunnel to the network configuration manager, and then configuring the interactive flow of each module when the relevant parameters of the container network are configured to the container tunnel;
FIG. 10 is a schematic diagram of: configuring a DHCP flow of a container network;
FIG. 11 is a graph of: the system processes the flow sent from the host machine container network;
FIG. 12 is a diagram of: the system processes the received flow which aims at the container network of the host machine.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
To facilitate an understanding of the invention, the following basic concepts are first introduced:
cloud computing: is an internet-based augmentation, usage and delivery model for related services, and generally involves providing dynamically scalable and often virtualized resources over the internet. The narrow-sense cloud computing refers to a delivery and use mode of an IT infrastructure, and refers to acquiring required resources in an on-demand and easily-extensible mode through a network; the generalized cloud computing refers to a delivery and use mode of a service, and refers to obtaining a required service in an on-demand and easily-extensible manner through a network. Such services may be IT and software, internet related, or other services.
A container: containers were created with the development of lightweight virtualization. In the conventional virtualization technology, due to the difference of the underlying platforms, developers need to spend a great deal of energy on the detailed configuration of resources, networks and the like, so that the development efficiency is reduced, and the complexity and the migration barrier are increased. The container technology is located between a bare metal or a bottom operating system and an upper-layer application, shields the details of the bottom operating system, and presents a consistent interface for an application developer. Thus, developers do not need to pay attention to call interfacing with the bottom layer and are limited to different operating systems.
Host machine: an instance of a server host may be provided where resources run multiple containers, the host being a physical server or possibly a virtual server.
A container network: an entire network connecting all container instances in the cloud computing system.
A container gateway: a device or module that connects a host internal container network and a host external network.
And (3) container tunnel: the module is deployed in a host and used for processing data packets sent from a container and sent to the container, and the main functions of the module are to encapsulate the data packets sent from the host container and remove the encapsulation of the data packets sent to the container.
A network configuration manager: the service module for providing network configuration management function for container network administrator is mainly composed of user interaction module, host machine address configuration module, container address configuration module and container tunnel deployment module.
A network controller: and maintaining a module for controlling each container network and each container tunnel, wherein the main function is to maintain the mapping relation from the host machine address to the container network address.
Host address allocator: the service of assigning IP addresses to hosts is usually a DHCP service, but may be other types of services. The network configuration manager configures the host address distributor through the host address configuration module.
Host address configuration module: and pushing the configuration of the host machine address related to the user to the functional module according to the configuration interface of the host machine address distributor.
A container address configuration module: the main functions of the module for configuring the parameters of the management container network comprise configuring a container address total segment, the maximum container number of each host and a container gateway address.
Container address total segment: all container networks join together to form an occupied network segment.
Maximum number of containers per host: the maximum number of container instances which can be started on each host can be calculated according to the configuration parameters, and the minimum number of hosts of the internal container network inside a single host can be calculated. The larger the maximum container number is, the larger each internal container network is, the smaller the number of container networks that can be supported is, and the smaller the host that can be supported is.
The container gateway address: setting an address suffix to the gateway of each internal container network, wherein the default value is 1; i.e., for a network segment with network address 10.1.2.0/24, the gateway is set to 10.1.2.1.
As shown in fig. 2, the container network management system proposed by the present invention can be deployed in the container network environment of fig. 2, and after the container network management system of the present invention is deployed, the container network management system is composed of a network configuration manager, a network controller, and a container tunnel, and the container tunnel is deployed on all hosts running containers by the network configuration manager. The network configuration manager is mainly responsible for configuring the address distributor of the host machine, configuring the network controller and deploying and configuring the container tunnel; the network controller is responsible for distributing and storing the mapping relation from the host machine address to the container network segment; the container tunnel is arranged on each host machine and is responsible for encapsulating the data packets from the host machine and removing the data packets sent to the host machine.
As shown in fig. 3, the network configuration manager is composed of a user interaction module, a host address configuration module, a container address configuration module, and a container tunnel deployment module.
As shown in fig. 4, the case of using the container network to communicate according to the present invention is, specifically, a communication process of sending a packet to a container whose Internet IP network segment of host a is subnet a (indicating a container on host a) and whose Internet IP network segment of host B is subnet B (indicating a container on host B). The container tunnel of the host machine A acquires the one-to-one mapping from the IP of the host machine stored in the network controller to the container network segment, encapsulates the data packet from the subnet A in the container tunnel of the host machine A, and sends the data packet to the host machine B according to the acquired one-to-one mapping. And the container tunnel in the host B receives the data packet from the host A, unpacks the data packet and sends the data packet to the subnet B.
As shown in fig. 5, a user may configure a host network segment, and according to the host network segment, the system may calculate the network address of the host and the number of hosts that may exist in the system. The user can configure a container address segment, and all container networks are sub-segments of the address range. The user can configure the maximum number of containers per host at the same time, and the number is also the number of operable container IP addresses in each internal container network. Further, the length of the subnet mask of the container network may be calculated; further, the length of the container network address suffix which can be supported by the system can be calculated according to the length of the container network total segment prefix; one-to-one mapping of the host and the container network, that is, one-to-one mapping of the suffix of the address of the host and the suffix of the address of the container network. Therefore, the present invention proposes that the number of allowed container network address suffixes should be greater than the number of allowed host addresses, so that it is ensured that there is enough independent container network address space for all hosts.
The flow of computing container network configuration parameters according to user configuration according to the present invention is shown in fig. 6; in particular, the invention proposes that the number of allowed container network address suffixes should be greater than the number of allowed host addresses, and if this condition is not met, the user should be alerted that the container network may be insufficient, and this configuration alert is recorded. For the mapping of the host and the container network sub-segment, the present invention indicates that the mapping is a one-to-one mapping, but the specific mapping method is not within the scope of the present patent, wherein one of the most direct mapping relationships is that the host address suffix of the host is equal to the container network address suffix, i.e. 2 in fig. 5.
According to the present invention, as shown in fig. 7, a user configures the configuration of host address allocation to a host address allocator through a user interaction module and a host address allocation module. As shown in fig. 8, the interaction flow of the modules when registering and configuring the network controller. The method specifically comprises the following steps:
s111, registering and connecting a host address distributor and configuring a host address section;
s112, registering and connecting a network controller, and configuring a container address total segment, the maximum container number of each host and a container gateway host address;
s113, reading the address field of the host machine;
s114, calculating the mapping from the host machine address to the container address field;
s115, the mapping from the host machine to the container address field is configured.
FIG. 9 illustrates the interaction flow of modules when registering and configuring a host. The method specifically comprises the following steps:
s21, registering and connecting a host machine;
s22, deploying the container tunnel;
s23, configuring network controller address, the container tunnel connects the network controller, and obtains the container network configuration of the host machine;
s24, configuring the container gateway through the container tunnel, configuring host machine route, and directing the container network total segment route to the container tunnel by the next hop;
s25, registering and activating the one-to-one mapping of the host address to the container network.
Fig. 10 illustrates the flow of configuring container network DHCP. Judging whether the container network gateway contains a DHCP function, if so, setting DHCP configuration of the container network gateway; if the container gateway does not contain DHCP functionality, then a container tunnel DHCP configuration is set.
Fig. 11 illustrates the process flow of the system for sending data packets from the container network.
S311, the container sends a data packet;
s312, judging whether the target host is the same host or not,
if the target host is a different host, executing step S313;
if the target host is the same host, sending the data packet to another container through internal communication of the host to finish data packet sending;
s313, sending the data to the host routing module through the container gateway;
s314, judging whether the target is the container network total segment,
if the target is the container network segment, go to step S315;
if the target is not the container network segment, the host machine routing module directly sends the target address to complete the data packet sending;
s315, the host machine routing module sends the data packet to a container tunnel for processing;
s316, acquiring a target host mapped by the target container network;
and S317, packaging the container data packet into a data packet which can be sent to a host, and then sending the packaged data packet to a target host to finish sending the data packet.
Fig. 12 illustrates the processing flow of the system in the case of receiving a packet to be sent to the container network.
S321, the host receives the data packet;
s322, judging whether the target is a container tunnel,
if the target is a container tunnel, performing step S323;
if the target is not the container tunnel, the target is transferred to a corresponding port process for processing, and the data packet receiving is completed.
S323, sending the data to a container tunnel for processing;
s324, removing the data package encapsulation, and enabling the target to become a host machine container;
and S325, sending the data packet to the host machine container for processing, and finishing receiving the data packet.
In one embodiment of the present invention, a user makes a network configuration as in fig. 5. The user sets the host segment to 192.168.1.0/24, so the system calculates the maximum supportable host number to be 254. The user further configures the container address total segment to be 10.1.0.0/16. The user configures the maximum number of containers per host to be 254, so that the system calculates the length of the container instance address field to be 8, and further calculates the length of the suffix of the maximum allowed container network address to be 32-16-8 ═ 8, that is, the maximum allowed number of container networks is 8 powers of 2, that is, 256 container networks. When checking this configuration, it is verified 254< > 256, that is, the configuration can have enough container networks to satisfy the number of hosts, which is a legal configuration. In this embodiment, the mapping relationship is that the host address suffix of the host is equal to the container network address suffix; that is, for a host with an address of 192.168.1.2, the container network mapped by the host is 10.1.2.0/24, and the gateway address of the container network is 10.1.2.1. Let us assume that the address of another host is 192.168.1.3, its mapped container network is 10.1.3.0/24, and the gateway address of the container network is 10.1.3.1. If a container instance with address 10.1.2.3 sends a packet to a container instance with address 10.1.3.4, the forwarding and processing flow of the packet is as follows:
the first step is as follows: container 10.1.2.3 sends a packet with destination IP address 10.1.3.4, which is sent to container gateway 10.1.2.1 because its destination address is not on local subnet 10.1.2.0/24.
The second step is that: the system finds that the destination address 10.1.3.4 belongs to the container network total segment 10.1.0.0/16 according to the local routing table, and sends the packet to the container tunnel.
The third step: the container tunnel searches for a local cache according to the target address 10.1.3.4, finds that no host address corresponding to the cache exists, and initiates a request to the network controller to search for a host address corresponding to the target network 10.1.3.0/24.
The fourth step: the network controller returns a corresponding host address of 192.168.1.3.
The fifth step: the container tunnel encapsulates the data packet to be sent to the host 192.168.1.3, the Encapsulation method is not within the scope of this patent, and various existing Encapsulation methods can be adopted, including VxLAN (virtual Extensible LAN), GRE (Generic Routing Encapsulation), UDP (user data Protocol), TCP (Transfer Control Protocol transport Control Protocol), and the like.
And a sixth step: the host 192.168.1.3 receives the encapsulated packet, finds it as a VxLAN encapsulated packet, and gives it to the container tunnel for processing.
The seventh step: the container tunnel receives the encapsulation packet, tears down the VxLAN encapsulation, and finds that the inner container IP address is 10.1.3.4.
Eighth step: the container tunnel discovery target address 10.1.3.4 is within range of the local container network and is sent to the container gateway 10.1.3.1.
The ninth step: the container gateway receives the packet and forwards it to the container instance of 10.1.3.4.
The tenth step: the container instance addressed to 10.1.3.4 receives and processes the packet.
By adopting the technical scheme disclosed by the invention, the following beneficial effects are obtained: according to the invention, a highly extensible container network can be established, a cloud computing system administrator can autonomously set a host computer network segment, a container network segment, the maximum supportable container number of each host computer and the gateway address of each container network, and according to the setting of the system administrator, the cloud computing system can automatically allocate the network address of the container network and maintain the connectivity and stability of the whole container network.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements should also be considered within the scope of the present invention.
Claims (5)
1. A method for managing a highly scalable container network is used for a highly scalable container network management system, and is characterized by comprising the following steps:
s1, configuring container network parameters, and configuring the mapping from the host machine address to the container address field;
s2, deploying container tunnels, configuring and activating one-to-one mapping from the host machine addresses to the container network segments;
s3, sending and receiving data packets according to the one-to-one mapping from the host machine address to the container network segment;
the high-extensible container network management system comprises a host address distributor, a network configuration manager, a network controller and a container tunnel,
the network configuration manager is used for configuring the host address distributor, configuring the network controller and deploying and configuring the container tunnel;
the network controller is used for allocating a container network sub-network segment for the container running on each host machine, and allocating and storing a one-to-one mapping relation from the address of the host machine to the container network sub-network segments;
the container tunnel is arranged on each host machine and is used for encapsulating the data packets from the host machine and/or removing the data packets which are used for encapsulating the containers on other host machines and sent to the host machine;
the network configuration manager comprises a user interaction module, a host address configuration module, a container address configuration module and a container tunnel deployment module;
the user interaction module is used for providing an interaction interface for a user to autonomously set container network parameters, and the container network parameters comprise a host computer network segment, a container address total segment, the maximum container number of each host computer and a container gateway address; the user interaction module is a command line or a graphical user interface;
the host address configuration module is used for configuring the host address distributor;
the container address configuration module is used for configuring and managing the container network parameters;
the container tunnel deployment module is used for deploying and configuring the container tunnel;
step S1 specifically includes:
s11, configuring the container network parameters;
s12, calculating and configuring the mapping from the host machine address to the container address field;
step S11 specifically includes:
s111, registering and connecting a host address distributor and configuring a host address section;
s112, registering and connecting a network controller, and configuring a container address total segment, the maximum container number of each host and a container gateway host address;
s113, reading the address field of the host machine;
s114, calculating the mapping from the host machine address to the container address field;
s115, configuring the mapping from the host machine to the container address field;
step S114 specifically includes:
s1141, configuring the container address total segment;
s1142, calculating a container network address prefix;
s1143, configuring the maximum container number of the host machine;
s1144, calculating the address length of the container instance;
s1145, judging whether the number of the allowed container network address suffixes is larger than or equal to the number of the allowed host addresses,
if the number of the container network address suffixes is larger than or equal to the number of the allowed host addresses, storing and configuring the container network address suffixes to a network controller;
if the number of the container network address suffixes is less than the number of the allowed host machine addresses, prompting a user that the network section is not enough;
the step S3 includes the steps of,
s31, the container sends the data packet to the target host machine;
s32, the target host receives and processes the data packet;
the step S31 includes the steps of,
s311, the container sends a data packet;
s312, judging whether the target host is the same host or not,
if the target host is a different host, executing step S313;
if the target host is the same host, sending the data packet to another container through internal communication of the host to finish data packet sending;
s313, sending the data to the host routing module through the container gateway;
s314, judging whether the target is the container network total segment,
if the target is the container network segment, go to step S315;
if the target is not the container network segment, the host machine routing module directly sends the target address to complete the data packet sending;
s315, the host machine routing module sends a data packet to the container tunnel for processing;
s316, acquiring a target host mapped by the target container network;
and S317, packaging the container data packet into a data packet which can be sent to a host, and then sending the packaged data packet to a target host to finish sending the data packet.
2. The method for managing a container network according to claim 1, wherein the step S2 specifically comprises:
s21, registering and connecting a host machine;
s22, deploying the container tunnel;
s23, configuring network controller address, the container tunnel connects the network controller, and obtains the container network configuration of the host machine;
s24, configuring the container gateway through the container tunnel, configuring a container network DHCP, configuring the container tunnel, configuring a host machine route, and directing the container network total segment route to the container tunnel by the next hop;
s25, registering and activating the one-to-one mapping of the host address to the container network.
3. The method for container network management according to claim 1, wherein step S316 is reading a target host address mapped by a target container network from a cache or from the network controller.
4. The method for network management of containers according to claim 1, wherein step S32 includes,
s321, the host receives the data packet;
s322, judging whether the target is the container tunnel,
if the target is the container tunnel, executing step S323;
if the target is not the container tunnel, transferring to a corresponding port process for processing to complete receiving the data packet;
s323, sending the container to the container tunnel for processing;
s324, removing the data package encapsulation, and enabling the target to become a host machine container;
and S325, sending the data packet to the host machine container for processing, and finishing receiving the data packet.
5. The method for managing the container network according to claim 2, wherein in the step S24, configuring the container network DHCP specifically includes:
it is determined whether the container gateway contains DHCP functionality,
if the container gateway contains the DHCP function, setting the DHCP configuration of the container gateway;
if the container gateway does not contain DHCP functionality, then a container tunnel DHCP configuration is set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021498.0A CN105591820B (en) | 2015-12-31 | 2015-12-31 | High-extensible container network management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021498.0A CN105591820B (en) | 2015-12-31 | 2015-12-31 | High-extensible container network management system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105591820A CN105591820A (en) | 2016-05-18 |
| CN105591820B true CN105591820B (en) | 2020-05-08 |
Family
ID=55931079
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511021498.0A Active CN105591820B (en) | 2015-12-31 | 2015-12-31 | High-extensible container network management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105591820B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9733992B1 (en) * | 2016-05-27 | 2017-08-15 | Huawei Technologies Co., Ltd. | Inter-process communication between containers |
| US10305834B2 (en) * | 2016-06-20 | 2019-05-28 | Huawei Technologies Co., Ltd. | System and method for messaging between operating system containers |
| CN106169994B (en) * | 2016-06-29 | 2019-02-26 | 中国联合网络通信集团有限公司 | The method of controlling security and device communicated between container |
| CN105978902B (en) * | 2016-06-29 | 2019-08-06 | 中国联合网络通信集团有限公司 | Access control method and device |
| CN106130990B (en) * | 2016-06-29 | 2019-06-18 | 中国联合网络通信集团有限公司 | The control method and device of container access |
| CN106790483A (en) * | 2016-12-13 | 2017-05-31 | 武汉邮电科学研究院 | Hadoop group systems and fast construction method based on container technique |
| CN107276826A (en) * | 2017-07-24 | 2017-10-20 | 郑州云海信息技术有限公司 | A kind of capacitor network collocation method and device |
| CN107332775B (en) * | 2017-08-14 | 2020-07-31 | 上海新炬网络信息技术股份有限公司 | Cross-host machine inter-visit system based on docker container and control method thereof |
| CN109862127B (en) * | 2017-11-30 | 2021-05-11 | 华为技术有限公司 | Message transmission method and related device |
| CN108228318B (en) * | 2017-12-29 | 2021-08-06 | 优刻得科技股份有限公司 | Method, host, system and storage medium for communication between cloud container and management device |
| CN108234215B (en) * | 2018-01-12 | 2019-12-31 | 平安科技(深圳)有限公司 | Gateway creating method and device, computer equipment and storage medium |
| CN109240799B (en) * | 2018-09-06 | 2022-04-15 | 福建星瑞格软件有限公司 | Disaster tolerance method and system for big data platform cluster and computer readable storage medium |
| US10812374B2 (en) * | 2018-09-21 | 2020-10-20 | Cisco Technology, Inc. | Segment routing with fast reroute for container networking |
| CN110932907B (en) * | 2019-12-03 | 2020-10-16 | 北京大学 | Linux container network configuration method and network system |
| CN110943911B (en) * | 2019-12-19 | 2022-05-31 | 北京轻元科技有限公司 | High-efficiency data transmission method for Internet of things based on protobuf |
| CN112383594B (en) * | 2020-10-30 | 2022-04-22 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594678A (en) * | 2012-02-15 | 2012-07-18 | 杭州华三通信技术有限公司 | Method for large-scale networking of dynamic virtual private network (DVPN) and client |
| CN104899126A (en) * | 2015-06-12 | 2015-09-09 | 北京奇虎科技有限公司 | Method, device and system for performing local real-time monitoring on containers in host |
| CN105099779A (en) * | 2015-07-29 | 2015-11-25 | 北京京东尚科信息技术有限公司 | Multi-tenant cloud platform architecture |
| CN105099706A (en) * | 2015-08-25 | 2015-11-25 | 华为技术有限公司 | Data communication method, user equipment and server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9590901B2 (en) * | 2014-03-14 | 2017-03-07 | Nicira, Inc. | Route advertisement by managed gateways |
-
2015
- 2015-12-31 CN CN201511021498.0A patent/CN105591820B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594678A (en) * | 2012-02-15 | 2012-07-18 | 杭州华三通信技术有限公司 | Method for large-scale networking of dynamic virtual private network (DVPN) and client |
| CN104899126A (en) * | 2015-06-12 | 2015-09-09 | 北京奇虎科技有限公司 | Method, device and system for performing local real-time monitoring on containers in host |
| CN105099779A (en) * | 2015-07-29 | 2015-11-25 | 北京京东尚科信息技术有限公司 | Multi-tenant cloud platform architecture |
| CN105099706A (en) * | 2015-08-25 | 2015-11-25 | 华为技术有限公司 | Data communication method, user equipment and server |
Non-Patent Citations (1)
| Title |
|---|
| 七牛容器SDN技术与微服务架构实践;中关村在线;《http://dealer.zol.com.cn/dealer_article/559/5590307.html》;20151221;第2-4页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105591820A (en) | 2016-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105591820B (en) | High-extensible container network management system and method | |
| US10757072B2 (en) | Packet transmission method, apparatus, and system | |
| CN108347493B (en) | Hybrid cloud management method and device and computing equipment | |
| CN111866064B (en) | Load balancing method, device and system | |
| CN110088732B (en) | Data packet processing method, host and system | |
| US9876717B2 (en) | Distributed virtual network gateways | |
| CN109194502B (en) | Management method of multi-tenant container cloud computing system | |
| CN108111383B (en) | SDN-based cross-domain container virtual network construction method | |
| US8725898B1 (en) | Scalable port address translations | |
| US10594586B2 (en) | Dialing test method, dialing test system, and computing node | |
| WO2018032910A1 (en) | Cross-network communication method and apparatus | |
| US10129096B2 (en) | Commissioning/decommissioning networks in orchestrated or software-defined computing environments | |
| CN104272668A (en) | Layer-3 overlay gateways | |
| JP7413415B2 (en) | Communication method, gateway, and management method and device in a hybrid cloud environment | |
| US20180183754A1 (en) | Address Allocation | |
| CN112333017B (en) | Service configuration method, device, equipment and storage medium | |
| CN105704042A (en) | Message processing method, BNG and BNG cluster system | |
| EP3518499B1 (en) | Nfv system service acceleration methods, systems and apparatus | |
| CN111294268B (en) | Method and device for avoiding IP address conflict | |
| CN104104749A (en) | Method and device for allocating tunnel IP addresses | |
| CN108886475B (en) | Server computer, network management method, and computer-readable memory | |
| EP3629559B1 (en) | Method for configuring forwarding table for user equipment and apparatus | |
| KR102119160B1 (en) | Method for generating of access controllr based of virtualization annd server thereof | |
| WO2017000674A1 (en) | 4in6 tunnel mode selection method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231027 Address after: 5089, 5th Floor, Building 2, China Agricultural University International Entrepreneurship Park, No. 10 Tianxiu Road, Haidian District, Beijing, 100193 Patentee after: Fenomen array (Beijing) Technology Co.,Ltd. Address before: No. 2776, Building 2, No. 7 Chuangxin Road, Science and Technology Park, Changping District, Beijing 102200 Patentee before: BEIJING QINGYUAN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |