Docker containers across host communication method and system
Technical field
The application is related to communication technical field, more particularly to a kind of Docker containers across host communication method and system.
Background technology
Docker containers are the application container an increased income engines, and developer can pack their application and dependence
Wrap into a transplantable container, be then published on any popular Linux machines, virtualization can also be realized.
In correlation technique, Docker containers are primary to be provided with three kinds of network models, respectively bridge, host and
none.Wherein, bridge models and none models can not realize Docker containers across main-machine communication, although host models can
To realize across main-machine communication, but the Network Isolation on same host between Docker containers can not be accomplished simultaneously again.
The content of the invention
In view of this, the application provide a kind of Docker containers across host communication method and system.
Specifically, the application is achieved by the following technical solution:
A kind of Docker containers across host communication method, methods described includes:
Control Docker upon actuation, create OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the net of the application Docker is obtained
Network configuration information;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed association
Being taken after mixing with liquid business is used to safeguard the network configuration information for applying Docker in networking on each host;
The control Docker applies Docker network configuration information more in the distributed coordination service is listened to
When new, according to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
A kind of across main-machine communication system of Docker containers, the system includes:Control Docker, OVS bridge and answer
With Docker, wherein,
The control Docker upon actuation, creates the OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the net of the application Docker is obtained
Network configuration information;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed association
Being taken after mixing with liquid business is used to safeguard the network configuration information for applying Docker in networking on each host;
The control Docker applies Docker network configuration information more in the distributed coordination service is listened to
When new, according to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Can be by applying Docker's in distributed coordination service networking by the application it can be seen from above description
Network configuration information, control Docker can be by the monitoring that services distributed coordination, the application Docker to start in time
Generation forwarding flow table, and be handed down to OVS bridges and instruct forwarding, realize using between Docker across main-machine communication.Meanwhile, use
Distributed coordination service is safeguarded to application Docker network configuration information, more simple compared to Gossip protocol realizations
It is single, reliable.
Brief description of the drawings
Fig. 1 is a kind of Docker Overlay network architecture schematic diagrams in correlation technique.
Fig. 2 is that a kind of flow across host communication method of Docker containers shown in the exemplary embodiment of the application one is shown
It is intended to.
Fig. 3 is a kind of group-network construction across main-machine communication of Docker containers shown in the exemplary embodiment of the application one
Figure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application.
" one kind ", " described " and "the" of singulative used in the application and appended claims are also intended to including majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, not departing from
In the case of the application scope, the first information can also be referred to as the second information, similarly, and the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
, can be by DockerOverlay real-time performances Docker across main-machine communication in correlation technique.It refer to Fig. 1
Shown group-network construction, when creating an Overlay network, can create a network on host simultaneously
Namespace, then creates br0 bridges, and create a Vxlan (Virtual in this network namespace
Extensible LAN, virtual expansible LAN) virtual network device be connected on the br0 bridges, in Docker containers
The Microsoft Loopback Adapter eth0 in portion can also be connected on br0 bridges.
Host can pass through Gossip consultative management collection group relations, when certain host starts, other host masters
Machine can receive new node and add event, by the relevant information of this event, can update the FDB of local br0 bridges
(Forwarding DataBase) list item.Please continue to refer to Fig. 1, if the Docker containers 1 on host A are accessed for the first time
During Docker containers 3 on host B, due to there is no the MAC Address of Docker containers 3 on Docker containers 1, therefore
Linux kernel can send L3miss, and kernel can be converted into an event and notify User space, and subsequent conversion is that an inquiry please
Ask, and other hosts being broadcast in Overlay networks.Docker containers 3 on host B can response its MAC
Location.Based on this process, Docker containers 1 can get the MAC Address of Docker containers 3.Then, with reference to br0FDB list items,
Docker containers 1 and Docker containers 3 can be realized by Vxlan1 to communicate.
However, there is problems with the implementation of above-mentioned Overlay networks:
1) the Overlay network requirements linux kernel version of Docker containers is at least more than 3.8, and at present on the market
Popular lowest version (2.6.32) kernel can not be supported, and the scope of application that this results in Overlay networks is smaller.
2) node of Docker containers Overlay networks finds to pass through Gossip agreements.Gossip agreements are one and moved
State finds agreement, when new node is added, it is necessary to complete synchronizing information with existing node, in addition it is also necessary to update Vxlan equipment
FDB list items, reliability is poor.
3) Docker containers Overlay networks are using broadcast arp (Address Resolution Protocol, address solution
Analysis agreement) mode of request message carries out MAC Address addressing, and ARP broadcasting packet can be transmitted in the cluster, consume certain net
Network bandwidth.In addition it is also necessary to which Docker containers has unique MAC Address in network, the complexity of management is added.
4) there are two Microsoft Loopback Adapters in Docker containers Overlay networks in Docker containers, one is used for Docker and holds
Between device across main-machine communication, another is used for the exchanging visit with external network, adds the complexity using processing.
5) Docker containers Overlay networks do not support the framework of plurality of subnets, it is impossible to carry out subnet planning, flexibility compared with
Difference.
6) Docker containers Overlay networks use Linux primary Vxlan virtual units, and the encapsulation of Vxlan agreements is equal
Need the CPU of host to participate in, add the performance loss of host.
In view of the above-mentioned problems, the application provides a kind of across main-machine communication scheme of Docker containers.
Fig. 2 is that a kind of flow across host communication method of Docker containers shown in the exemplary embodiment of the application one is shown
It is intended to.
It refer to Fig. 2, the Docker containers may comprise steps of across host communication method:
Step 201, control Docker upon actuation, creates OVS bridges.
In the present embodiment, control Docker can be configured in host, flow table is forwarded for business Docker
Issue, the control Docker can be realized by the CPU of host.Specifically, the control Docker upon actuation, can
To create OVS (Open VSwitch) bridge on host.In one example, control Docker can be based on CPU wounds
Build the OVS bridges., can also be in intelligence when being configured with the intelligent network adapter for supporting OVS in host in another example
OVS bridges can be created in network interface card, to save CPU expense.
In the present embodiment, the linux kernel of lowest version can also support OVS technologies, and virtual hand over is realized using OVS technologies
It mutually can effectively solve the problem of Overlay network scope of applications are small.
Step 202, after application Docker of the control Docker on main frame is detected starts, the application Docker is obtained
Network configuration information.
In the present embodiment, control Docker upon actuation, can detect host by the Plugin Mechanism between Docker
Docker startup is applied on main frame.After detecting using Docker startups, this can be obtained and matched somebody with somebody using Docker network
Confidence ceases.Wherein, the network configuration information can include:Using Docker ID, IP address, MAC Address, OVS ports, place
IP address of master host etc..
Step 203, the network configuration information is sent to distributed coordination service and preserved by control Docker, the distribution
Formula coordination service is used to safeguard the network configuration information for applying Docker in networking on each host.
In the present embodiment, control Docker, can be by after the network configuration information of the application Docker is got
The network configuration information sends to distributed coordination service and preserved.Wherein, the distributed coordination service is typically an outside
Service, available for safeguarding in networking network configuration information that Docker is applied on each host.The distributed coordination clothes
Business can be using zookeeper etc., and the application is not particularly limited to this.
In the present embodiment, if based on, across main-machine communication, the network configuration is believed between Vxlan protocol realizations Docker
The Vxlan ID belonging to the application Docker are generally will also include in breath.Accordingly, distributed coordination service can be based on
Vxlan ID realize the isolated storage to application Docker network configuration informations, such as:Can be with distributed coordination service
Vxlan ID are the storage catalogue that title sets up network configuration information, and control Docker can be by application Docker network configuration
Information is stored under its Vxlan ID catalogue, to facilitate the management to application Docker network configuration informations.
Step 204, control Docker believes in the distributed coordination service is listened to using Docker network configuration
When breath updates, according to the network configuration information generation forwarding flow table after renewal.
In the present embodiment, control Docker can start applies in the watcher thread monitoring distributed coordination service
The renewal of Docker network configuration informations, wherein, described update includes newly-increased, modification etc..Such as:If listening to the distribution
Increase application Docker network configuration information in coordination service newly, control Docker can give birth to according to newly-increased network configuration information
Into forwarding flow table.There is modification if listening to the application Docker stored in the distributed coordination service network configuration information
When, control Docker can also be according to amended network configuration information generation forwarding flow table.
In the present embodiment, the forwarding flow table includes correspondence application Docker network configuration information, such as:IP
Location, MAC Address, IP address of place host etc..
Step 205, the forwarding flow table is handed down to OVS bridges by control Docker.
Step 206, OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Based on abovementioned steps 204, forwarding flow table can be handed down to OVS nets by control Docker after generation forwarding flow table
Bridge, follow-up OVS bridges can be instructed according to the forwarding flow table that has issued between application Docker across main-machine communication, such as:Message
Encapsulation, decapsulation etc..
Can be by applying Docker's in distributed coordination service networking by the application it can be seen from above description
Network configuration information, control Docker can be by the monitoring that services distributed coordination, the application Docker to start in time
Generation forwarding flow table, and be handed down to OVS bridges and instruct forwarding, realize using between Docker across main-machine communication.Meanwhile, use
Distributed coordination service is safeguarded to application Docker network configuration information, more simple compared to Gossip protocol realizations
It is single, reliable.
Obtained separately below by MAC Address, service message is forwarded, using three aspects of Docker PERCOM peripheral communication, to this
The technical scheme of application is described in detail.
First, obtained using Docker MAC Address
In the present embodiment, using Docker before being communicated with other application Docker, it can be obtained by ARP request message
Take other application Docker MAC Address.OVS bridges can be based on default MAC after the ARP request message is received
Address architecture arp reply message, and the arp reply message is sent to applies Docker.
It refer to the group-network construction shown in Fig. 3, it is assumed that the application Docker1 on host A sends ARP request message 1
To ask the MAC Address that Docker3 is applied on host B, OVS bridges 1 are received after ARP request message 1, can be according to this
The purpose IP address (i.e. using Docker3 IP address) of ARP request message 1 determines that ARP request message 1 is that cross-network segment ARP please
Ask message or same network segment ARP request message.Specifically, if the purpose IP address of ARP request message 1 (i.e. should with source IP address
With Docker1 IP address) belong to the same network segment, then it is same network segment ARP request message, OVS that can determine ARP request message 1
Bridge 1 and then arp reply message 1 can be constructed according to default pseudo- MAC Address, and the arp reply message 1 is sent to
Docker1.Wherein, the pseudo- MAC Address can be configured by administrative staff, and the application is not particularly limited to this.
Please continue to refer to Fig. 3, it is assumed that the application Docker1 on host A sends ARP request message 2 to ask host
Docker4 MAC Address is applied on host B, OVS bridges 1 are received after ARP request message 2, can be according to the ARP request report
Text 2 purpose IP address (i.e. using Docker4 IP address) determine ARP request message 2 be cross-network segment ARP request message or
Same network segment ARP request message.Specifically, if the purpose IP address of ARP request message 2 and source IP address are (i.e. using Docker1's
IP address) belong to different segment, then it can determine that ARP request message 2 is cross-network segment ARP request message, OVS bridges 1 and then can
To construct arp reply message 2 according to the MAC Address of container gateway, and the arp reply message 2 is sent to Docker1.
Understood based on foregoing description, in this example, for application Docker, other application Docker in same network segment
MAC Address is fixed pseudo- MAC Address, and different segment application Docker MAC Address is the MAC Address of container gateway,
The acquisition of application Docker MAC Address is realized by ARP proxy mechanism, ARP request message can be avoided in the cluster across main frame
Transmission, saves the substantial amounts of network bandwidth.
2nd, service message is forwarded
In the present embodiment, OVS bridges, can be according to the industry after the service message sent using Docker is received
Host address information of the purpose IP address of business message in forwarding flow table where inquiry intended application Docker.Then, OVS nets
Bridge can be packaged according to the host address information inquired to the service message, then by tunnel by the industry after encapsulation
Business message is sent to the main frame where the intended application Docker.Wherein, the intended application Docker is the business report
The application Docker that text is sent to.
Please continue to refer to Fig. 3, it is assumed that OVS bridges 1 receive the service message sent using Docker1, and OVS bridges 1 can
To determine intended application Docker according to the purpose IP address of the service message.It is assumed that the purpose IP address of the service message is
Using Docker3 IP address, then can determine that intended application Docker is Docker3.OVS bridges 1 can be in forwarding flow table
Inquiry application Docker3 network configuration information, such as:Using the IP address of the host B where Docker3, Vxlan ends
The information such as mouth, based on the network configuration information of the host B inquired, OVS bridges 1 can carry out Vxlan to the service message
Tunnel encapsulation, and the service message after encapsulation is sent to host B OVS bridges 2 by Vxlan tunnels.
It should be noted that the application is described using Vxlan agreements as example, in actual applications, it is not restricted to
Vxlan agreements.
In the present embodiment, OVS bridges, can be to institute after the tunnel encapsulation service message from other main frames is received
State tunnel encapsulation service message to be decapsulated, with the service message after being decapsulated.Purpose IP based on the service message
Address, OVS bridges can inquire about intended application Docker real MAC address in forwarding flow table.OVS bridges can be by the industry
The target MAC (Media Access Control) address of business message is revised as the real MAC address, and it is determined that the service message is same network segment service message
When, the source MAC of the service message is revised as pseudo- MAC Address, when it is determined that the service message is cross-network segment service message,
The source MAC of the service message is revised as to the MAC Address of container gateway.OVS bridges can be by after MAC Address modification is completed
Amended service message is sent to intended application Docker.
Please continue to refer to Fig. 3, still by taking above-mentioned example as an example, OVS bridges 2 are after encapsulation is received by Vxlan tunnels
After service message, it can be decapsulated, to reduce the service message.OVS bridges 2 can be according to the purpose of the service message
IP address (application Docker3 IP address) inquiry forwarding flow table, to inquire about the real MAC address using Docker3, and should
The target MAC (Media Access Control) address of service message is revised as the real MAC address using Docker3.For the source MAC of the service message
Location, before modifying, OVS bridges 2 also need to carry out the judgement of subnet, (are answered if the service message is same network segment service message
Belong to the same network segment with Docker1 and application Docker3 IP address), then the source MAC of the service message can be changed
For pseudo- MAC Address.If the service message is that (IP address using Docker1 and application Docker3 belongs to cross-network segment service message
Different segment), then the source MAC of the service message can be revised as to the MAC Address of container gateway.OVS bridges 2 can be by
The amended service message of MAC Address, which is sent to, applies Docker3, to realize using between Docker1 and application Docker3
Across main-machine communication.
Across the main-machine communication scheme for the Docker containers that the application is provided can support subnet it can be seen from above description
Planning, improve the flexibility of business.
It should be noted that the encapsulation of above-mentioned service message, forwarding can by the virtual unit set up on OVS bridges come
Realize.Specifically, control Docker can also create Vxlan equipment and Veth after OVS bridges are created on the OVS bridges
Equipment, wherein, the Vxlan equipment can be used for the encapsulation and decapsulation of service message, and the Veth equipment can be used for realizing and hold
Device gateway function etc..The processing of this part is referred to correlation technique with realization, and this is no longer going to repeat them by the application.
3rd, using Docker PERCOM peripheral communication
In the present embodiment, the minimum forwarding flow table item of a priority can be pre-configured with, the forwarding flow table item can be with
For:Target MAC (Media Access Control) address is forwarded to fictitious host computer gateway for container gateway MAC address.Specifically, OVS bridges receive should
After the service message sent with Docker, however, it is determined that the target MAC (Media Access Control) address of the service message is the MAC Address of container gateway,
And the minimum forwarding flow table item of the above-mentioned priority of matching, then it is to need to be sent to the business report of outer net that can determine the service message
The service message can be sent to fictitious host computer gateway by text, OVS bridges, by the fictitious host computer gateway combination iptable's
Snat or dnat is so that the service message is sent to external network.
Specifically, control Docker, can be by the address configuration of container gateway to fictitious host computer net after OVS bridges are created
The Central Shanxi Plain.Subsequently, if OVS bridges receive the service message for matching the minimum forwarding flow table item of above-mentioned priority, it may be determined that
The service message is destined to the service message of external network, and then the service message can be sent into void by container gateway
Intend host gateway, sent by fictitious host computer gateway to external network.If on the contrary, OVS bridges are received from fictitious host computer gateway
Service message, then the source MAC of the service message can be revised as after the MAC Address of container gateway, be sent to correspondence
Application Docker.
By the application it can be seen from above description can by container gateway simultaneously realize application Docker between across main frame
Communication and the communication of application Docker and external network, without configuring two Microsoft Loopback Adapters, for application, processing is more
Simply.
The embodiment across host communication method with foregoing Docker containers is corresponding, and present invention also provides Docker appearances
The embodiment across main-machine communication system of device.Across the main-machine communication system of the Docker containers can include:Control Docker,
OVS bridges and apply Docker.
Wherein, the control Docker upon actuation, creates the OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the net of the application Docker is obtained
Network configuration information;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed association
Being taken after mixing with liquid business is used to safeguard the network configuration information for applying Docker in networking on each host;
The control Docker applies Docker network configuration information more in the distributed coordination service is listened to
When new, according to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Optionally, the OVS bridges receive the ARP request message sent using Docker;
The OVS bridges are if it is determined that the ARP request message is cross-network segment ARP request message, then based on container gateway
MAC Address constructs arp reply message, and returns to the application Docker;
The OVS bridges are if it is determined that the ARP request message is same network segment ARP request message, then based on default pseudo- MAC
Address architecture arp reply message, and return to the application Docker.
Optionally, after the service message that application Docker of the OVS bridges on main frame is received is sent, according to described
Host address information of the purpose IP address of service message in the forwarding flow table where inquiry intended application Docker;
The OVS bridges are packaged according to the host address information to the service message, and will be sealed by tunnel
Service message after dress is sent to the main frame where the intended application Docker.
Optionally, the OVS bridges are after the tunnel encapsulation service message from other main frames is received, to the tunnel
Encapsulation service message is decapsulated;
The OVS bridges are according to purpose IP address inquiry in the forwarding flow table of the service message after decapsulation
Intended application Docker real MAC address;
The target MAC (Media Access Control) address of service message after decapsulation is revised as the real MAC address by the OVS bridges, and
When it is determined that the service message after decapsulation is same network segment service message, the source MAC of the service message is revised as institute
Pseudo- MAC Address is stated, when it is determined that the service message after decapsulation is cross-network segment service message, by the source MAC of the service message
It is revised as the MAC Address of the container gateway in address;
Amended service message is sent to the intended application Docker by the OVS bridges.
Optionally, after the service message that application Docker of the OVS bridges on main frame is received is sent, however, it is determined that institute
The minimum forwarding flow table item of service message matching priority is stated, then the service message is sent to fictitious host computer gateway, by institute
Fictitious host computer gateway is stated to send the service message to external network;
Wherein, the minimum forwarding flow table item of the priority is the business for container gateway MAC address by target MAC (Media Access Control) address
Message is sent to the fictitious host computer gateway.
Optionally, the control Docker creates OVS bridges in intelligent network adapter.
Optionally, also being created on the OVS bridges has Vxlan equipment, Veth equipment;
Wherein, the Vxlan equipment is used for the encapsulation and decapsulation of service message, and the Veth equipment is used to realize container
Gateway function.
System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity,
Or realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cell phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet PC, wearable device or these equipment
The combination of any several equipment.
The preferred embodiment of the application is the foregoing is only, not to limit the application, all essences in the application
God is with principle, and any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.