CN107070691A - Docker containers across host communication method and system - Google Patents
Docker containers across host communication method and system Download PDFInfo
- Publication number
- CN107070691A CN107070691A CN201710021618.XA CN201710021618A CN107070691A CN 107070691 A CN107070691 A CN 107070691A CN 201710021618 A CN201710021618 A CN 201710021618A CN 107070691 A CN107070691 A CN 107070691A
- Authority
- CN
- China
- Prior art keywords
- docker
- service message
- ovs
- application
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provide a kind of Docker containers across host communication method and system.Methods described includes:Control Docker upon actuation, create OVS bridges;After application Docker of the control Docker on main frame is detected starts, the network configuration information of the application Docker is obtained;The network configuration information is sent to distributed coordination service and preserved by the control Docker, and the distributed coordination service is used to safeguard the network configuration information for applying Docker in networking on each host;The control Docker in listening to the distributed coordination service using Docker network configuration information when updating, according to the network configuration information generation forwarding flow table after renewal;The forwarding flow table is handed down to the OVS bridges by the control Docker;The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Description
Technical field
The application is related to communication technical field, more particularly to a kind of Docker containers across host communication method and system.
Background technology
Docker containers are the application container an increased income engines, and developer can pack their application and dependence
Wrap into a transplantable container, be then published on any popular Linux machines, virtualization can also be realized.
In correlation technique, Docker containers are primary to be provided with three kinds of network models, respectively bridge, host and
none.Wherein, bridge models and none models can not realize Docker containers across main-machine communication, although host models can
To realize across main-machine communication, but the Network Isolation on same host between Docker containers can not be accomplished simultaneously again.
The content of the invention
In view of this, the application provide a kind of Docker containers across host communication method and system.
Specifically, the application is achieved by the following technical solution:
A kind of Docker containers across host communication method, methods described includes:
Control Docker upon actuation, create OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the net of the application Docker is obtained
Network configuration information;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed association
Being taken after mixing with liquid business is used to safeguard the network configuration information for applying Docker in networking on each host;
The control Docker applies Docker network configuration information more in the distributed coordination service is listened to
When new, according to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
A kind of across main-machine communication system of Docker containers, the system includes:Control Docker, OVS bridge and answer
With Docker, wherein,
The control Docker upon actuation, creates the OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the net of the application Docker is obtained
Network configuration information;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed association
Being taken after mixing with liquid business is used to safeguard the network configuration information for applying Docker in networking on each host;
The control Docker applies Docker network configuration information more in the distributed coordination service is listened to
When new, according to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Can be by applying Docker's in distributed coordination service networking by the application it can be seen from above description
Network configuration information, control Docker can be by the monitoring that services distributed coordination, the application Docker to start in time
Generation forwarding flow table, and be handed down to OVS bridges and instruct forwarding, realize using between Docker across main-machine communication.Meanwhile, use
Distributed coordination service is safeguarded to application Docker network configuration information, more simple compared to Gossip protocol realizations
It is single, reliable.
Brief description of the drawings
Fig. 1 is a kind of Docker Overlay network architecture schematic diagrams in correlation technique.
Fig. 2 is that a kind of flow across host communication method of Docker containers shown in the exemplary embodiment of the application one is shown
It is intended to.
Fig. 3 is a kind of group-network construction across main-machine communication of Docker containers shown in the exemplary embodiment of the application one
Figure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, and is not intended to be limiting the application.
" one kind ", " described " and "the" of singulative used in the application and appended claims are also intended to including majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application
A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, not departing from
In the case of the application scope, the first information can also be referred to as the second information, similarly, and the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
, can be by DockerOverlay real-time performances Docker across main-machine communication in correlation technique.It refer to Fig. 1
Shown group-network construction, when creating an Overlay network, can create a network on host simultaneously
Namespace, then creates br0 bridges, and create a Vxlan (Virtual in this network namespace
Extensible LAN, virtual expansible LAN) virtual network device be connected on the br0 bridges, in Docker containers
The Microsoft Loopback Adapter eth0 in portion can also be connected on br0 bridges.
Host can pass through Gossip consultative management collection group relations, when certain host starts, other host masters
Machine can receive new node and add event, by the relevant information of this event, can update the FDB of local br0 bridges
(Forwarding DataBase) list item.Please continue to refer to Fig. 1, if the Docker containers 1 on host A are accessed for the first time
During Docker containers 3 on host B, due to there is no the MAC Address of Docker containers 3 on Docker containers 1, therefore
Linux kernel can send L3miss, and kernel can be converted into an event and notify User space, and subsequent conversion is that an inquiry please
Ask, and other hosts being broadcast in Overlay networks.Docker containers 3 on host B can response its MAC
Location.Based on this process, Docker containers 1 can get the MAC Address of Docker containers 3.Then, with reference to br0FDB list items,
Docker containers 1 and Docker containers 3 can be realized by Vxlan1 to communicate.
However, there is problems with the implementation of above-mentioned Overlay networks:
1) the Overlay network requirements linux kernel version of Docker containers is at least more than 3.8, and at present on the market
Popular lowest version (2.6.32) kernel can not be supported, and the scope of application that this results in Overlay networks is smaller.
2) node of Docker containers Overlay networks finds to pass through Gossip agreements.Gossip agreements are one and moved
State finds agreement, when new node is added, it is necessary to complete synchronizing information with existing node, in addition it is also necessary to update Vxlan equipment
FDB list items, reliability is poor.
3) Docker containers Overlay networks are using broadcast arp (Address Resolution Protocol, address solution
Analysis agreement) mode of request message carries out MAC Address addressing, and ARP broadcasting packet can be transmitted in the cluster, consume certain net
Network bandwidth.In addition it is also necessary to which Docker containers has unique MAC Address in network, the complexity of management is added.
4) there are two Microsoft Loopback Adapters in Docker containers Overlay networks in Docker containers, one is used for Docker and holds
Between device across main-machine communication, another is used for the exchanging visit with external network, adds the complexity using processing.
5) Docker containers Overlay networks do not support the framework of plurality of subnets, it is impossible to carry out subnet planning, flexibility compared with
Difference.
6) Docker containers Overlay networks use Linux primary Vxlan virtual units, and the encapsulation of Vxlan agreements is equal
Need the CPU of host to participate in, add the performance loss of host.
In view of the above-mentioned problems, the application provides a kind of across main-machine communication scheme of Docker containers.
Fig. 2 is that a kind of flow across host communication method of Docker containers shown in the exemplary embodiment of the application one is shown
It is intended to.
It refer to Fig. 2, the Docker containers may comprise steps of across host communication method:
Step 201, control Docker upon actuation, creates OVS bridges.
In the present embodiment, control Docker can be configured in host, flow table is forwarded for business Docker
Issue, the control Docker can be realized by the CPU of host.Specifically, the control Docker upon actuation, can
To create OVS (Open VSwitch) bridge on host.In one example, control Docker can be based on CPU wounds
Build the OVS bridges., can also be in intelligence when being configured with the intelligent network adapter for supporting OVS in host in another example
OVS bridges can be created in network interface card, to save CPU expense.
In the present embodiment, the linux kernel of lowest version can also support OVS technologies, and virtual hand over is realized using OVS technologies
It mutually can effectively solve the problem of Overlay network scope of applications are small.
Step 202, after application Docker of the control Docker on main frame is detected starts, the application Docker is obtained
Network configuration information.
In the present embodiment, control Docker upon actuation, can detect host by the Plugin Mechanism between Docker
Docker startup is applied on main frame.After detecting using Docker startups, this can be obtained and matched somebody with somebody using Docker network
Confidence ceases.Wherein, the network configuration information can include:Using Docker ID, IP address, MAC Address, OVS ports, place
IP address of master host etc..
Step 203, the network configuration information is sent to distributed coordination service and preserved by control Docker, the distribution
Formula coordination service is used to safeguard the network configuration information for applying Docker in networking on each host.
In the present embodiment, control Docker, can be by after the network configuration information of the application Docker is got
The network configuration information sends to distributed coordination service and preserved.Wherein, the distributed coordination service is typically an outside
Service, available for safeguarding in networking network configuration information that Docker is applied on each host.The distributed coordination clothes
Business can be using zookeeper etc., and the application is not particularly limited to this.
In the present embodiment, if based on, across main-machine communication, the network configuration is believed between Vxlan protocol realizations Docker
The Vxlan ID belonging to the application Docker are generally will also include in breath.Accordingly, distributed coordination service can be based on
Vxlan ID realize the isolated storage to application Docker network configuration informations, such as:Can be with distributed coordination service
Vxlan ID are the storage catalogue that title sets up network configuration information, and control Docker can be by application Docker network configuration
Information is stored under its Vxlan ID catalogue, to facilitate the management to application Docker network configuration informations.
Step 204, control Docker believes in the distributed coordination service is listened to using Docker network configuration
When breath updates, according to the network configuration information generation forwarding flow table after renewal.
In the present embodiment, control Docker can start applies in the watcher thread monitoring distributed coordination service
The renewal of Docker network configuration informations, wherein, described update includes newly-increased, modification etc..Such as:If listening to the distribution
Increase application Docker network configuration information in coordination service newly, control Docker can give birth to according to newly-increased network configuration information
Into forwarding flow table.There is modification if listening to the application Docker stored in the distributed coordination service network configuration information
When, control Docker can also be according to amended network configuration information generation forwarding flow table.
In the present embodiment, the forwarding flow table includes correspondence application Docker network configuration information, such as:IP
Location, MAC Address, IP address of place host etc..
Step 205, the forwarding flow table is handed down to OVS bridges by control Docker.
Step 206, OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Based on abovementioned steps 204, forwarding flow table can be handed down to OVS nets by control Docker after generation forwarding flow table
Bridge, follow-up OVS bridges can be instructed according to the forwarding flow table that has issued between application Docker across main-machine communication, such as:Message
Encapsulation, decapsulation etc..
Can be by applying Docker's in distributed coordination service networking by the application it can be seen from above description
Network configuration information, control Docker can be by the monitoring that services distributed coordination, the application Docker to start in time
Generation forwarding flow table, and be handed down to OVS bridges and instruct forwarding, realize using between Docker across main-machine communication.Meanwhile, use
Distributed coordination service is safeguarded to application Docker network configuration information, more simple compared to Gossip protocol realizations
It is single, reliable.
Obtained separately below by MAC Address, service message is forwarded, using three aspects of Docker PERCOM peripheral communication, to this
The technical scheme of application is described in detail.
First, obtained using Docker MAC Address
In the present embodiment, using Docker before being communicated with other application Docker, it can be obtained by ARP request message
Take other application Docker MAC Address.OVS bridges can be based on default MAC after the ARP request message is received
Address architecture arp reply message, and the arp reply message is sent to applies Docker.
It refer to the group-network construction shown in Fig. 3, it is assumed that the application Docker1 on host A sends ARP request message 1
To ask the MAC Address that Docker3 is applied on host B, OVS bridges 1 are received after ARP request message 1, can be according to this
The purpose IP address (i.e. using Docker3 IP address) of ARP request message 1 determines that ARP request message 1 is that cross-network segment ARP please
Ask message or same network segment ARP request message.Specifically, if the purpose IP address of ARP request message 1 (i.e. should with source IP address
With Docker1 IP address) belong to the same network segment, then it is same network segment ARP request message, OVS that can determine ARP request message 1
Bridge 1 and then arp reply message 1 can be constructed according to default pseudo- MAC Address, and the arp reply message 1 is sent to
Docker1.Wherein, the pseudo- MAC Address can be configured by administrative staff, and the application is not particularly limited to this.
Please continue to refer to Fig. 3, it is assumed that the application Docker1 on host A sends ARP request message 2 to ask host
Docker4 MAC Address is applied on host B, OVS bridges 1 are received after ARP request message 2, can be according to the ARP request report
Text 2 purpose IP address (i.e. using Docker4 IP address) determine ARP request message 2 be cross-network segment ARP request message or
Same network segment ARP request message.Specifically, if the purpose IP address of ARP request message 2 and source IP address are (i.e. using Docker1's
IP address) belong to different segment, then it can determine that ARP request message 2 is cross-network segment ARP request message, OVS bridges 1 and then can
To construct arp reply message 2 according to the MAC Address of container gateway, and the arp reply message 2 is sent to Docker1.
Understood based on foregoing description, in this example, for application Docker, other application Docker in same network segment
MAC Address is fixed pseudo- MAC Address, and different segment application Docker MAC Address is the MAC Address of container gateway,
The acquisition of application Docker MAC Address is realized by ARP proxy mechanism, ARP request message can be avoided in the cluster across main frame
Transmission, saves the substantial amounts of network bandwidth.
2nd, service message is forwarded
In the present embodiment, OVS bridges, can be according to the industry after the service message sent using Docker is received
Host address information of the purpose IP address of business message in forwarding flow table where inquiry intended application Docker.Then, OVS nets
Bridge can be packaged according to the host address information inquired to the service message, then by tunnel by the industry after encapsulation
Business message is sent to the main frame where the intended application Docker.Wherein, the intended application Docker is the business report
The application Docker that text is sent to.
Please continue to refer to Fig. 3, it is assumed that OVS bridges 1 receive the service message sent using Docker1, and OVS bridges 1 can
To determine intended application Docker according to the purpose IP address of the service message.It is assumed that the purpose IP address of the service message is
Using Docker3 IP address, then can determine that intended application Docker is Docker3.OVS bridges 1 can be in forwarding flow table
Inquiry application Docker3 network configuration information, such as:Using the IP address of the host B where Docker3, Vxlan ends
The information such as mouth, based on the network configuration information of the host B inquired, OVS bridges 1 can carry out Vxlan to the service message
Tunnel encapsulation, and the service message after encapsulation is sent to host B OVS bridges 2 by Vxlan tunnels.
It should be noted that the application is described using Vxlan agreements as example, in actual applications, it is not restricted to
Vxlan agreements.
In the present embodiment, OVS bridges, can be to institute after the tunnel encapsulation service message from other main frames is received
State tunnel encapsulation service message to be decapsulated, with the service message after being decapsulated.Purpose IP based on the service message
Address, OVS bridges can inquire about intended application Docker real MAC address in forwarding flow table.OVS bridges can be by the industry
The target MAC (Media Access Control) address of business message is revised as the real MAC address, and it is determined that the service message is same network segment service message
When, the source MAC of the service message is revised as pseudo- MAC Address, when it is determined that the service message is cross-network segment service message,
The source MAC of the service message is revised as to the MAC Address of container gateway.OVS bridges can be by after MAC Address modification is completed
Amended service message is sent to intended application Docker.
Please continue to refer to Fig. 3, still by taking above-mentioned example as an example, OVS bridges 2 are after encapsulation is received by Vxlan tunnels
After service message, it can be decapsulated, to reduce the service message.OVS bridges 2 can be according to the purpose of the service message
IP address (application Docker3 IP address) inquiry forwarding flow table, to inquire about the real MAC address using Docker3, and should
The target MAC (Media Access Control) address of service message is revised as the real MAC address using Docker3.For the source MAC of the service message
Location, before modifying, OVS bridges 2 also need to carry out the judgement of subnet, (are answered if the service message is same network segment service message
Belong to the same network segment with Docker1 and application Docker3 IP address), then the source MAC of the service message can be changed
For pseudo- MAC Address.If the service message is that (IP address using Docker1 and application Docker3 belongs to cross-network segment service message
Different segment), then the source MAC of the service message can be revised as to the MAC Address of container gateway.OVS bridges 2 can be by
The amended service message of MAC Address, which is sent to, applies Docker3, to realize using between Docker1 and application Docker3
Across main-machine communication.
Across the main-machine communication scheme for the Docker containers that the application is provided can support subnet it can be seen from above description
Planning, improve the flexibility of business.
It should be noted that the encapsulation of above-mentioned service message, forwarding can by the virtual unit set up on OVS bridges come
Realize.Specifically, control Docker can also create Vxlan equipment and Veth after OVS bridges are created on the OVS bridges
Equipment, wherein, the Vxlan equipment can be used for the encapsulation and decapsulation of service message, and the Veth equipment can be used for realizing and hold
Device gateway function etc..The processing of this part is referred to correlation technique with realization, and this is no longer going to repeat them by the application.
3rd, using Docker PERCOM peripheral communication
In the present embodiment, the minimum forwarding flow table item of a priority can be pre-configured with, the forwarding flow table item can be with
For:Target MAC (Media Access Control) address is forwarded to fictitious host computer gateway for container gateway MAC address.Specifically, OVS bridges receive should
After the service message sent with Docker, however, it is determined that the target MAC (Media Access Control) address of the service message is the MAC Address of container gateway,
And the minimum forwarding flow table item of the above-mentioned priority of matching, then it is to need to be sent to the business report of outer net that can determine the service message
The service message can be sent to fictitious host computer gateway by text, OVS bridges, by the fictitious host computer gateway combination iptable's
Snat or dnat is so that the service message is sent to external network.
Specifically, control Docker, can be by the address configuration of container gateway to fictitious host computer net after OVS bridges are created
The Central Shanxi Plain.Subsequently, if OVS bridges receive the service message for matching the minimum forwarding flow table item of above-mentioned priority, it may be determined that
The service message is destined to the service message of external network, and then the service message can be sent into void by container gateway
Intend host gateway, sent by fictitious host computer gateway to external network.If on the contrary, OVS bridges are received from fictitious host computer gateway
Service message, then the source MAC of the service message can be revised as after the MAC Address of container gateway, be sent to correspondence
Application Docker.
By the application it can be seen from above description can by container gateway simultaneously realize application Docker between across main frame
Communication and the communication of application Docker and external network, without configuring two Microsoft Loopback Adapters, for application, processing is more
Simply.
The embodiment across host communication method with foregoing Docker containers is corresponding, and present invention also provides Docker appearances
The embodiment across main-machine communication system of device.Across the main-machine communication system of the Docker containers can include:Control Docker,
OVS bridges and apply Docker.
Wherein, the control Docker upon actuation, creates the OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the net of the application Docker is obtained
Network configuration information;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed association
Being taken after mixing with liquid business is used to safeguard the network configuration information for applying Docker in networking on each host;
The control Docker applies Docker network configuration information more in the distributed coordination service is listened to
When new, according to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
Optionally, the OVS bridges receive the ARP request message sent using Docker;
The OVS bridges are if it is determined that the ARP request message is cross-network segment ARP request message, then based on container gateway
MAC Address constructs arp reply message, and returns to the application Docker;
The OVS bridges are if it is determined that the ARP request message is same network segment ARP request message, then based on default pseudo- MAC
Address architecture arp reply message, and return to the application Docker.
Optionally, after the service message that application Docker of the OVS bridges on main frame is received is sent, according to described
Host address information of the purpose IP address of service message in the forwarding flow table where inquiry intended application Docker;
The OVS bridges are packaged according to the host address information to the service message, and will be sealed by tunnel
Service message after dress is sent to the main frame where the intended application Docker.
Optionally, the OVS bridges are after the tunnel encapsulation service message from other main frames is received, to the tunnel
Encapsulation service message is decapsulated;
The OVS bridges are according to purpose IP address inquiry in the forwarding flow table of the service message after decapsulation
Intended application Docker real MAC address;
The target MAC (Media Access Control) address of service message after decapsulation is revised as the real MAC address by the OVS bridges, and
When it is determined that the service message after decapsulation is same network segment service message, the source MAC of the service message is revised as institute
Pseudo- MAC Address is stated, when it is determined that the service message after decapsulation is cross-network segment service message, by the source MAC of the service message
It is revised as the MAC Address of the container gateway in address;
Amended service message is sent to the intended application Docker by the OVS bridges.
Optionally, after the service message that application Docker of the OVS bridges on main frame is received is sent, however, it is determined that institute
The minimum forwarding flow table item of service message matching priority is stated, then the service message is sent to fictitious host computer gateway, by institute
Fictitious host computer gateway is stated to send the service message to external network;
Wherein, the minimum forwarding flow table item of the priority is the business for container gateway MAC address by target MAC (Media Access Control) address
Message is sent to the fictitious host computer gateway.
Optionally, the control Docker creates OVS bridges in intelligent network adapter.
Optionally, also being created on the OVS bridges has Vxlan equipment, Veth equipment;
Wherein, the Vxlan equipment is used for the encapsulation and decapsulation of service message, and the Veth equipment is used to realize container
Gateway function.
System, device, module or unit that above-described embodiment is illustrated, can specifically be realized by computer chip or entity,
Or realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cell phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet PC, wearable device or these equipment
The combination of any several equipment.
The preferred embodiment of the application is the foregoing is only, not to limit the application, all essences in the application
God is with principle, and any modification, equivalent substitution and improvements done etc. should be included within the scope of the application protection.
Claims (14)
1. a kind of Docker containers across host communication method, it is characterised in that methods described includes:
Control Docker upon actuation, create OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the network for obtaining the application Docker is matched somebody with somebody
Confidence ceases;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed coordination clothes
It is engaged in for safeguarding the network configuration information in networking on each host using Docker;
The control Docker when the network configuration information in listening to distributed coordination service using Docker updates,
According to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
2. according to the method described in claim 1, it is characterised in that methods described also includes:
The OVS bridges receive the ARP request message sent using Docker;
The OVS bridges are if it is determined that the ARP request message is cross-network segment ARP request message, then the MAC based on container gateway
Location constructs arp reply message, and returns to the application Docker;
The OVS bridges are if it is determined that the ARP request message is same network segment ARP request message, then based on default pseudo- MAC Address
Arp reply message is constructed, and returns to the application Docker.
3. method according to claim 2, it is characterised in that methods described also includes:
After the service message that application Docker of the OVS bridges on main frame is received is sent, according to the service message
Host address information of the purpose IP address in the forwarding flow table where inquiry intended application Docker;
The OVS bridges are packaged according to the host address information to the service message, and by tunnel by after encapsulation
Service message be sent to main frame where the intended application Docker.
4. method according to claim 3, it is characterised in that methods described also includes:
The OVS bridges are after the tunnel encapsulation service message from other main frames is received, to the tunnel encapsulation business report
Text is decapsulated;
The OVS bridges inquire about the target according to the purpose IP address of the service message after decapsulation in the forwarding flow table
Using Docker real MAC address;
The target MAC (Media Access Control) address of service message after decapsulation is revised as the real MAC address by the OVS bridges, and true
When service message after fixed decapsulation is same network segment service message, the source MAC of the service message is revised as the puppet
MAC Address, when it is determined that the service message after decapsulation is cross-network segment service message, by the source MAC of the service message
It is revised as the MAC Address of the container gateway;
Amended service message is sent to the intended application Docker by the OVS bridges.
5. according to the method described in claim 1, it is characterised in that methods described also includes:
After the service message that application Docker of the OVS bridges on main frame is received is sent, however, it is determined that the service message
The minimum forwarding flow table item of priority is matched, then the service message is sent to fictitious host computer gateway, by the fictitious host computer
Gateway sends the service message to external network;
Wherein, the minimum forwarding flow table item of the priority is the service message for container gateway MAC address by target MAC (Media Access Control) address
Send to the fictitious host computer gateway.
6. according to the method described in claim 1, it is characterised in that the establishment OVS bridges, including:
OVS bridges are created in intelligent network adapter.
7. according to the method described in claim 1, it is characterised in that
Also being created on the OVS bridges has Vxlan equipment, Veth equipment;
Wherein, the Vxlan equipment is used for the encapsulation and decapsulation of service message, and the Veth equipment is used to realize container gateway
Function.
8. a kind of across main-machine communication system of Docker containers, it is characterised in that the system includes:Control Docker, OVS net
Bridge and Docker is applied, wherein,
The control Docker upon actuation, creates the OVS bridges;
After application Docker of the control Docker on main frame is detected starts, the network for obtaining the application Docker is matched somebody with somebody
Confidence ceases;
The network configuration information is sent to distributed coordination service and preserved by the control Docker, the distributed coordination clothes
It is engaged in for safeguarding the network configuration information in networking on each host using Docker;
The control Docker when the network configuration information in listening to distributed coordination service using Docker updates,
According to the network configuration information generation forwarding flow table after renewal;
The forwarding flow table is handed down to the OVS bridges by the control Docker;
The OVS bridges according to it is described forwarding flow table instruct application Docker between across main-machine communication.
9. system according to claim 8, it is characterised in that
The OVS bridges receive the ARP request message sent using Docker;
The OVS bridges are if it is determined that the ARP request message is cross-network segment ARP request message, then the MAC based on container gateway
Location constructs arp reply message, and returns to the application Docker;
The OVS bridges are if it is determined that the ARP request message is same network segment ARP request message, then based on default pseudo- MAC Address
Arp reply message is constructed, and returns to the application Docker.
10. system according to claim 9, it is characterised in that
After the service message that application Docker of the OVS bridges on main frame is received is sent, according to the service message
Host address information of the purpose IP address in the forwarding flow table where inquiry intended application Docker;
The OVS bridges are packaged according to the host address information to the service message, and by tunnel by after encapsulation
Service message be sent to main frame where the intended application Docker.
11. system according to claim 10, it is characterised in that
The OVS bridges are after the tunnel encapsulation service message from other main frames is received, to the tunnel encapsulation business report
Text is decapsulated;
The OVS bridges inquire about the target according to the purpose IP address of the service message after decapsulation in the forwarding flow table
Using Docker real MAC address;
The target MAC (Media Access Control) address of service message after decapsulation is revised as the real MAC address by the OVS bridges, and true
When service message after fixed decapsulation is same network segment service message, the source MAC of the service message is revised as the puppet
MAC Address, when it is determined that the service message after decapsulation is cross-network segment service message, by the source MAC of the service message
It is revised as the MAC Address of the container gateway;
Amended service message is sent to the intended application Docker by the OVS bridges.
12. system according to claim 8, it is characterised in that
After the service message that application Docker of the OVS bridges on main frame is received is sent, however, it is determined that the service message
The minimum forwarding flow table item of priority is matched, then the service message is sent to fictitious host computer gateway, by the fictitious host computer
Gateway sends the service message to external network;
Wherein, the minimum forwarding flow table item of the priority is the service message for container gateway MAC address by target MAC (Media Access Control) address
Send to the fictitious host computer gateway.
13. system according to claim 8, it is characterised in that
The control Docker creates OVS bridges in intelligent network adapter.
14. system according to claim 8, it is characterised in that
Also being created on the OVS bridges has Vxlan equipment, Veth equipment;
Wherein, the Vxlan equipment is used for the encapsulation and decapsulation of service message, and the Veth equipment is used to realize container gateway
Function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710021618.XA CN107070691B (en) | 2017-01-12 | 2017-01-12 | Cross-host communication method and system of Docker container |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710021618.XA CN107070691B (en) | 2017-01-12 | 2017-01-12 | Cross-host communication method and system of Docker container |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107070691A true CN107070691A (en) | 2017-08-18 |
| CN107070691B CN107070691B (en) | 2020-01-21 |
Family
ID=59598500
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710021618.XA Active CN107070691B (en) | 2017-01-12 | 2017-01-12 | Cross-host communication method and system of Docker container |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107070691B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395762A (en) * | 2017-08-30 | 2017-11-24 | 四川长虹电器股份有限公司 | A kind of application service based on Docker containers accesses system and method |
| CN107579898A (en) * | 2017-09-14 | 2018-01-12 | 快云信息科技有限公司 | The method and its device of interconnected communication between one kind of multiple containers |
| CN107770066A (en) * | 2017-10-20 | 2018-03-06 | 成都精灵云科技有限公司 | It is a kind of across main frame, travelling across VLAN, the Docker container methods of river diversion across cluster |
| CN107948041A (en) * | 2017-11-22 | 2018-04-20 | 锐捷网络股份有限公司 | The method and apparatus for building the more gateways living of VXLAN centralizations |
| CN109379269A (en) * | 2018-11-29 | 2019-02-22 | 南京中孚信息技术有限公司 | Virtual swap device data forwarding method, device and computer equipment |
| CN109871258A (en) * | 2019-01-17 | 2019-06-11 | 珠海金山网络游戏科技有限公司 | The method and device of modification host configuration based on distributed container |
| CN110430234A (en) * | 2019-06-28 | 2019-11-08 | 苏州浪潮智能科技有限公司 | A kind of method and apparatus for building parallel information passing interface cluster for container |
| CN110445709A (en) * | 2019-09-11 | 2019-11-12 | 成都千立网络科技有限公司 | Carry the intelligent gateway of docker application |
| CN110601949A (en) * | 2019-09-10 | 2019-12-20 | 中国人民解放军国防科技大学 | Multi-virtual equipment container networking method |
| CN110932907A (en) * | 2019-12-03 | 2020-03-27 | 北京大学 | Linux container network configuration method and network system |
| CN111262784A (en) * | 2020-01-13 | 2020-06-09 | 杭州朗和科技有限公司 | Message forwarding method, message forwarding device, storage medium and electronic equipment |
| CN111294268A (en) * | 2018-12-07 | 2020-06-16 | 华为技术有限公司 | Method and device for avoiding IP address conflict |
| CN111541651A (en) * | 2020-03-31 | 2020-08-14 | 新华三技术有限公司 | Communication method and device |
| CN112383594A (en) * | 2020-10-30 | 2021-02-19 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
| CN113132218A (en) * | 2019-12-31 | 2021-07-16 | 中兴通讯股份有限公司 | Home gateway access method, device, system processor and storage medium |
| CN113452806A (en) * | 2021-06-24 | 2021-09-28 | 上海道客网络科技有限公司 | Container adaptation SDN network management method and system based on Kubernetes system |
| CN113630300A (en) * | 2020-05-09 | 2021-11-09 | 华为技术有限公司 | Method and node for message transmission |
| CN113676471A (en) * | 2021-08-17 | 2021-11-19 | 上海道客网络科技有限公司 | Cross-node communication method, system, medium and electronic device based on container cloud platform |
| CN114629844A (en) * | 2022-02-28 | 2022-06-14 | 浙江大华技术股份有限公司 | Message forwarding method and device and electronic equipment |
| CN115208888A (en) * | 2022-09-13 | 2022-10-18 | 杭州优云科技有限公司 | Communication method and device for cloud instance to cross available areas and electronic equipment |
| CN115412512A (en) * | 2022-10-31 | 2022-11-29 | 浙江九州云信息科技有限公司 | IPv 6-based multi-cloud cross-network intercommunication method and device |
| WO2024011627A1 (en) * | 2022-07-15 | 2024-01-18 | 京东方科技集团股份有限公司 | Method for deploying big data cluster and data processing method based on big data cluster |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105607954A (en) * | 2015-12-21 | 2016-05-25 | 华南师范大学 | Stateful container online migration method and apparatus |
| CN105630574A (en) * | 2015-12-21 | 2016-06-01 | 中国电子科技网络信息安全有限公司 | Container based message queue bus management system and method |
| CN105847157A (en) * | 2016-03-21 | 2016-08-10 | 中国人民解放军国防科学技术大学 | End-to-end communication method between identification networks based on SDN |
| CN106027643A (en) * | 2016-05-18 | 2016-10-12 | 无锡华云数据技术服务有限公司 | Resource scheduling method based on Kubernetes container cluster management system |
| US20160335107A1 (en) * | 2015-05-17 | 2016-11-17 | Nicira, Inc. | Logical processing for containers |
-
2017
- 2017-01-12 CN CN201710021618.XA patent/CN107070691B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160335107A1 (en) * | 2015-05-17 | 2016-11-17 | Nicira, Inc. | Logical processing for containers |
| CN105607954A (en) * | 2015-12-21 | 2016-05-25 | 华南师范大学 | Stateful container online migration method and apparatus |
| CN105630574A (en) * | 2015-12-21 | 2016-06-01 | 中国电子科技网络信息安全有限公司 | Container based message queue bus management system and method |
| CN105847157A (en) * | 2016-03-21 | 2016-08-10 | 中国人民解放军国防科学技术大学 | End-to-end communication method between identification networks based on SDN |
| CN106027643A (en) * | 2016-05-18 | 2016-10-12 | 无锡华云数据技术服务有限公司 | Resource scheduling method based on Kubernetes container cluster management system |
Non-Patent Citations (1)
| Title |
|---|
| 红黑联盟: "OpenvSwitch实现Docker容器跨宿主机互联", 《HTTPS://WWW.2CTO.COM/NET/201602/489233.HTML》 * |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395762A (en) * | 2017-08-30 | 2017-11-24 | 四川长虹电器股份有限公司 | A kind of application service based on Docker containers accesses system and method |
| CN107579898A (en) * | 2017-09-14 | 2018-01-12 | 快云信息科技有限公司 | The method and its device of interconnected communication between one kind of multiple containers |
| CN107579898B (en) * | 2017-09-14 | 2020-08-14 | 快云信息科技有限公司 | Method and device for interconnection communication among multiple containers |
| CN107770066B (en) * | 2017-10-20 | 2020-06-02 | 成都精灵云科技有限公司 | Cross-host, cross-VLAN and cross-cluster Docker container diversion method |
| CN107770066A (en) * | 2017-10-20 | 2018-03-06 | 成都精灵云科技有限公司 | It is a kind of across main frame, travelling across VLAN, the Docker container methods of river diversion across cluster |
| CN107948041A (en) * | 2017-11-22 | 2018-04-20 | 锐捷网络股份有限公司 | The method and apparatus for building the more gateways living of VXLAN centralizations |
| CN107948041B (en) * | 2017-11-22 | 2020-12-18 | 锐捷网络股份有限公司 | Method and equipment for constructing VXLAN centralized multi-active gateway |
| CN109379269A (en) * | 2018-11-29 | 2019-02-22 | 南京中孚信息技术有限公司 | Virtual swap device data forwarding method, device and computer equipment |
| CN111294268A (en) * | 2018-12-07 | 2020-06-16 | 华为技术有限公司 | Method and device for avoiding IP address conflict |
| CN111294268B (en) * | 2018-12-07 | 2021-06-08 | 华为技术有限公司 | Method and device for avoiding IP address conflict |
| CN109871258A (en) * | 2019-01-17 | 2019-06-11 | 珠海金山网络游戏科技有限公司 | The method and device of modification host configuration based on distributed container |
| CN110430234A (en) * | 2019-06-28 | 2019-11-08 | 苏州浪潮智能科技有限公司 | A kind of method and apparatus for building parallel information passing interface cluster for container |
| CN110601949A (en) * | 2019-09-10 | 2019-12-20 | 中国人民解放军国防科技大学 | Multi-virtual equipment container networking method |
| CN110445709A (en) * | 2019-09-11 | 2019-11-12 | 成都千立网络科技有限公司 | Carry the intelligent gateway of docker application |
| CN110932907A (en) * | 2019-12-03 | 2020-03-27 | 北京大学 | Linux container network configuration method and network system |
| CN113132218B (en) * | 2019-12-31 | 2023-10-20 | 中兴通讯股份有限公司 | Home gateway access method, device, system processor and storage medium |
| CN113132218A (en) * | 2019-12-31 | 2021-07-16 | 中兴通讯股份有限公司 | Home gateway access method, device, system processor and storage medium |
| CN111262784B (en) * | 2020-01-13 | 2022-05-17 | 杭州朗和科技有限公司 | Message forwarding method, message forwarding device, storage medium and electronic equipment |
| CN111262784A (en) * | 2020-01-13 | 2020-06-09 | 杭州朗和科技有限公司 | Message forwarding method, message forwarding device, storage medium and electronic equipment |
| CN111541651B (en) * | 2020-03-31 | 2022-10-21 | 新华三技术有限公司 | Communication method and device |
| CN111541651A (en) * | 2020-03-31 | 2020-08-14 | 新华三技术有限公司 | Communication method and device |
| CN113630300A (en) * | 2020-05-09 | 2021-11-09 | 华为技术有限公司 | Method and node for message transmission |
| WO2021227873A1 (en) * | 2020-05-09 | 2021-11-18 | 华为技术有限公司 | Method and node for message transmission |
| CN113630300B (en) * | 2020-05-09 | 2023-08-08 | 华为技术有限公司 | Method and node for message transmission |
| CN112383594A (en) * | 2020-10-30 | 2021-02-19 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
| CN112383594B (en) * | 2020-10-30 | 2022-04-22 | 新华三技术有限公司 | Cross-host communication method and device based on hyper-directory Fabric network |
| CN113452806A (en) * | 2021-06-24 | 2021-09-28 | 上海道客网络科技有限公司 | Container adaptation SDN network management method and system based on Kubernetes system |
| CN113452806B (en) * | 2021-06-24 | 2022-10-04 | 上海道客网络科技有限公司 | Container adaptation SDN network management method and system based on Kubernets system |
| CN113676471A (en) * | 2021-08-17 | 2021-11-19 | 上海道客网络科技有限公司 | Cross-node communication method, system, medium and electronic device based on container cloud platform |
| CN114629844A (en) * | 2022-02-28 | 2022-06-14 | 浙江大华技术股份有限公司 | Message forwarding method and device and electronic equipment |
| CN114629844B (en) * | 2022-02-28 | 2024-04-05 | 浙江大华技术股份有限公司 | Message forwarding method and device and electronic equipment |
| WO2024011627A1 (en) * | 2022-07-15 | 2024-01-18 | 京东方科技集团股份有限公司 | Method for deploying big data cluster and data processing method based on big data cluster |
| CN115208888B (en) * | 2022-09-13 | 2022-12-27 | 杭州优云科技有限公司 | Communication method and device for cloud instance to cross available areas and electronic equipment |
| CN115208888A (en) * | 2022-09-13 | 2022-10-18 | 杭州优云科技有限公司 | Communication method and device for cloud instance to cross available areas and electronic equipment |
| CN115412512A (en) * | 2022-10-31 | 2022-11-29 | 浙江九州云信息科技有限公司 | IPv 6-based multi-cloud cross-network intercommunication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107070691B (en) | 2020-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107070691A (en) | Docker containers across host communication method and system | |
| US11502950B2 (en) | Universal customer premise equipment | |
| US11909586B2 (en) | Managing communications in a virtual network of virtual machines using telecommunications infrastructure systems | |
| CN104935516B (en) | Communication system and method based on software defined network | |
| JP5855630B2 (en) | Management server and management method for managing cloud appliance of virtual local area network | |
| EP2351315B1 (en) | A virtualization platform | |
| CN106101023B (en) | A kind of VPLS message processing method and equipment | |
| CN105453492A (en) | Switch clusters having layer-3 distributed router functionality | |
| EP2843906B1 (en) | Method, apparatus, and system for data transmission | |
| CN104221331B (en) | The 2nd without look-up table layer packet switch for Ethernet switch | |
| Li et al. | Mobile edge computing platform deployment in 4G {LTE} networks: A middlebox approach | |
| US20100290391A1 (en) | Apparatus and method for accessing multiple wireless networks | |
| JP2005167435A (en) | Vrrp technology sustaining confidentiality of vr | |
| CN107547665A (en) | A kind of method, equipment and the system of dhcp address distribution | |
| CN107454132B (en) | Method and device for supporting multi-tenant network transmission | |
| JP2002354006A (en) | Network system for duplicate address | |
| CN110224942A (en) | A kind of message processing method, device and storage medium | |
| CN105871676A (en) | Network connection method and system of far-end virtual machine in desktop cloud | |
| CN113163276A (en) | Method, device and system for issuing routing information | |
| CN110417573A (en) | A kind of method and system of data transmission | |
| US20050044271A1 (en) | Method for allocating a non-data device to a voice vlan object of the invention | |
| KR20030083864A (en) | A Processing Method of the Distributed Forwarding Table in the High Speed Router | |
| Cisco | Introduction to Cisco Router Configuration Cisco Internetwork Operating System Release 10.3 | |
| CN108737347A (en) | Data communications method, device and its equipment | |
| CN115766687B (en) | Home gateway ipv6 file system and interaction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200923 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200923 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |
|
| TR01 | Transfer of patent right |