CN116094870A - Routing method, device, equipment and storage medium of operating system in container - Google Patents

Routing method, device, equipment and storage medium of operating system in container Download PDF

Info

Publication number
CN116094870A
CN116094870A CN202310090686.7A CN202310090686A CN116094870A CN 116094870 A CN116094870 A CN 116094870A CN 202310090686 A CN202310090686 A CN 202310090686A CN 116094870 A CN116094870 A CN 116094870A
Authority
CN
China
Prior art keywords
network
bridge
operating system
access request
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310090686.7A
Other languages
Chinese (zh)
Inventor
黄超
杜杨浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Original Assignee
Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd filed Critical Shenzhen Qianhai Huanrong Lianyi Information Technology Service Co Ltd
Priority to CN202310090686.7A priority Critical patent/CN116094870A/en
Publication of CN116094870A publication Critical patent/CN116094870A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/60Router architectures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a routing method, a device, equipment and a storage medium of an operating system in a container. The method is applied to the host equipment, wherein the host equipment is provided with a virtual container, a first network bridge, a second network bridge and a first operating system, the first operating system and the second network bridge are arranged in the virtual container, and the method comprises the following steps: when the first operating system generates an external network access request, the first operating system sends the external network access request to the second network bridge through the first network port; then the second network bridge sends the external network access request to the virtual container according to a preset iptables rule; after receiving the external network access request, the virtual container sends the external network access request to the first network bridge through the second network port according to a preset routing rule; finally, the first network bridge sends the external network access request to the host device, and sends the external network access request to the external network through a third network port of the host device. By the scheme, the operating system in the container can normally access the external network.

Description

Routing method, device, equipment and storage medium of operating system in container
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a method, an apparatus, a device, and a storage medium for routing an operating system in a container.
Background
Currently, various fields of the economic society of China are accelerating to digital transformation, and mass data processing requirements are continuously generated on the edge side.
The conventional routing of the edge computing container only implements a two-tier network, and the data in the container is transferred to the hosting device by means of a veth pair (a pair of virtual device interfaces) and cni (collectively Container Network Interface, a standard universal interface) gateway, so as to access the external network.
However, if the operating system is disposed in the container, for example, a windows system is disposed, the windows system has no routing mechanism, which results in blocking the windows system from the external network, so that the operating system in the container cannot normally access the external network.
Disclosure of Invention
The embodiment of the application provides a routing method, a device, equipment and a storage medium of an operating system in a container, which can enable the operating system in the container to normally access an external network.
In a first aspect, an embodiment of the present application provides a routing method of an operating system in a container, where the method is applied to a host device, where a virtual container, a first bridge, a second bridge, and a first operating system are deployed in the host device, where the first operating system and the second bridge are deployed in the virtual container, and a first portal of the first operating system is mounted under the second bridge, where the method includes:
when the first operating system generates an external network access request, the first operating system sends the external network access request to the second network bridge through the first network port;
the second network bridge sends the external network access request to the virtual container according to a preset iptables rule;
the virtual container sends the external network access request to the first network bridge through a second network port, wherein the second network port is a network port of the virtual container and is mounted under the first network bridge;
the first network bridge sends the external network access request to a third network port in the host device according to a preset routing rule, and sends the external network access request to an external network through the third network port.
In a second aspect, an embodiment of the present application further provides a routing device of an operating system in a container, where the routing device of the operating system in a container is disposed in a host device, where a virtual container, a first bridge, a second bridge, and a first operating system are disposed in the host device, where the first operating system and the second bridge are disposed in the virtual container, a first port of the first operating system is mounted under the second bridge, and the routing device of the operating system in the container includes a transceiver unit and a processing unit, where the processing unit is configured to control a transceiver operation of the transceiver unit, and the transceiver unit is configured to:
when the first operating system generates an external network access request, the external network access request is sent to the second network bridge through the first network port;
sending the external network access request to the virtual container through the second network bridge according to a preset iptables rule;
the external network access request is sent to the first network bridge through a second network port, wherein the second network port is the network port of the virtual container and is mounted under the first network bridge;
and sending the external network access request to a third network port in the host equipment through the first network bridge according to a preset routing rule, and sending the external network access request to an external network through the third network port.
In some embodiments, the transceiver unit is specifically configured to, when executing the step of sending, by the second bridge, the external network access request to the virtual container according to a preset iptables rule:
determining, by the processing unit, an IP value of the second portal according to the iptables rule by using the second bridge;
and sending the external network access request to the second network port by using the second network bridge according to the IP value, so that the virtual container receives the external network access request.
In some embodiments, the transceiver unit is further configured to:
receiving a system access request of a first operating system through the third network port by using the host equipment, and sending the system access request to the first network bridge according to the routing rule;
sending the system access request to the virtual container through the second network port according to the routing rule;
transmitting the system access request to the second network bridge by utilizing the virtual container according to the iptables rule;
and sending the system access request to the first operating system through the first network port by utilizing the second network bridge.
In some embodiments, the host device is pre-configured with a k8s flannel plug-in and a virsh tool; wherein:
the gateway comprises a gateway module, a gateway module and a gateway module, wherein the gateway module is used for acquiring a first configuration file of a first network bridge and creating the first network bridge and the routing rule according to the first configuration file;
the virsh tool is configured to obtain a second configuration file of the second bridge, and create the second bridge and the iptables rule according to the second configuration file.
In some embodiments, the hosting device is a second operating system server, the virtual container is a second operating system container, the second operating system server is a server installed with a second operating system, and the second operating system container is a container installed with the second operating system.
In some embodiments, the first operating system is a windows system and the second operating system is a centos7 system.
In a third aspect, embodiments of the present application further provide a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the method when executing the computer program.
In a fourth aspect, embodiments of the present application also provide a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, implement the above-described method.
The embodiment of the application provides a routing method, a device, equipment and a storage medium of an operating system in a container. The method is applied to host equipment, a virtual container, a first network bridge, a second network bridge and a first operating system are deployed in the host equipment, the first operating system and the second network bridge are deployed in the virtual container, and a first network port of the first operating system is mounted under the second network bridge, and the method comprises the following steps: when the first operating system generates an external network access request, the first operating system sends the external network access request to the second network bridge through the first network port; then the second network bridge sends the external network access request to the virtual container according to a preset iptables rule; after the virtual container receives the external network access request, the external network access request is sent to the first network bridge through a second network port according to a preset routing rule, wherein the second network port is a network port of the virtual container; and finally, the first network bridge sends the external network access request to the host equipment, and sends the external network access request to an external network through a third network port of the host equipment. In this embodiment of the present application, the first operating system in the virtual container may route the external network access request to the virtual container through the second bridge disposed in the virtual container, then the virtual container routes the external network access request to the host device through the first bridge, and finally routes the external network access request to the external network through the host device, so that the operating system in the container normally accesses the external network.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1a is a schematic diagram of an application scenario of a routing method of an operating system in a container according to an embodiment of the present application;
fig. 1b is a schematic diagram of a specific application scenario of a routing method of an operating system in a container according to an embodiment of the present application;
FIG. 2a is a schematic diagram of data transmission of a routing method for an operating system in a container according to an embodiment of the present application;
FIG. 2b is another data transfer schematic diagram of a routing method for an operating system in a container according to an embodiment of the present application;
FIG. 2c is another data transfer schematic diagram of a routing method for an operating system in a container according to an embodiment of the present application;
FIG. 3 is a flow chart of a method for routing an operating system in a container according to an embodiment of the present disclosure;
FIG. 4 is a schematic block diagram of a routing device for an operating system within a container provided in an embodiment of the present application;
fig. 5 is a schematic block diagram of a computer device provided in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
The embodiment of the application provides a routing method, a device, equipment and a storage medium of an operating system in a container.
The execution body of the routing method of the operating system in the container may be a routing device of the operating system in the container provided by the embodiment of the present application, or a computer device integrated with the routing device of the operating system in the container, where the routing device of the operating system in the container may be implemented in a hardware or software manner, and the computer device may be a terminal or a server, and other computer devices that may be used as host devices.
Referring to fig. 1a, fig. 1a is a schematic application scenario diagram of a routing method of an operating system in a container according to an embodiment of the present application. The routing method of the operating system in the container is applied to host equipment in fig. 1a, wherein a virtual container, a first network bridge, a second network bridge and a first operating system are deployed in the host equipment, the first operating system and the second network bridge are deployed in the virtual container, a first network port of the first operating system is mounted under the second network bridge, and in particular, the first network port is communicated with a virtual network port of the second network bridge, so that the first operating system can receive and transmit data in the second network bridge; the virtual container is provided with a second network port, the second network port is mounted under the first network bridge, in particular, the second network port is communicated with the virtual network port of the first network bridge, the first network bridge is located in the environment of host equipment, so that data receiving and transmitting between the virtual container and the host equipment are realized, and the host equipment is provided with a third network port, so that data receiving and transmitting between the host equipment and an external network are realized.
Specifically, in some embodiments, the host device is a second operating system server, the virtual container is a second operating system container, the second operating system server is a server in which a second operating system is installed, and the second operating system container is a container in which the second operating system is installed.
More specifically, referring to fig. 1b, fig. 1b is a schematic diagram of a specific application scenario of a method for routing an operating system in a container according to an embodiment of the present application, where in some embodiments, the first operating system is a windows system and the second operating system is a centos7 system; i.e. the virtual container is a centos7 container and the hosting device is a centos7 server;
further, the first bridge is a cni0 bridge (ip: 192.168.2.1), and the corresponding virtual port is veth0; the second network bridge is a virbr1 network bridge (ip: 192.168.121.1), and the corresponding virtual network port is vnet0; the first port is an Ethernet0 port (ip: 192.168.121.129), the second port is an Eth0 port (ip: 192.168.2.3), and the third port is an Eth0 port (ip: 172.16.158.223).
In this embodiment, if the windows system needs to access the external network, the external network access request needs to be routed into the cents 7 container, and then routed from the cents 7 container to the cents 7 server, so as to finally realize the access of the external network.
It can be seen that, before the first operating system in the container accesses the external network, a first bridge and a second bridge need to be created, a k8s (kubernetes) flannel plug-in and a virsh tool are preset in the host device, before the first bridge and the second bridge are created, the flannel plug-in obtains a first configuration file of the first bridge, and creates the first bridge and the routing rule according to the first configuration file; and the virsh tool acquires a second configuration file of the second network bridge, and creates the second network bridge and the iptables rule according to the second configuration file. The specific steps of creating the first network bridge and the second network bridge are as follows:
creating a first bridge:
the first bridge is used to enable the virtual container to normally access the external network, and in some embodiments, the first bridge is implemented in k8s through cni using a flannel plug-in, where cni (first) is:
{
"name":"cbr0",
"cniVersion":"0.3.1",
"plugins":[
{
"type":"flannel",
"delegate":{
"hairpinMode":true,
"isDefaultGateway":true
}
},
{
"type":"portmap",
"capabilities":{
"portMappings":true
}
}
]
}
after the configuration is completed, the flannel plug-in operates normally, and a cni bridge is created according to the cni configuration file, for example, the cents 7 container accesses the cents 7 server through the cni bridge, and the data flow is transmitted as shown in fig. 2 a.
Creating a second bridge:
the second bridge is used to route the data of the first operating system in the virtual container to the virtual container, i.e. build a nat (Network Address Translation ) network in the virtual container, and the virbr1 bridge is created first, specifically, by the virsh tool of libvirt, and its configuration file (second configuration file) is as follows:
<network ipv6='yes'>
<name>vagrant-libvirt</name>
<uuid>424403ff-450f-4143-9129-28bbb6288784</uuid>
<forward mode='nat'/>
<bridge name='virbr1'stp='on'delay='0'/>
<mac address='52:54:00:f5:5b:43'/>
<ip address='192.168.121.1'netmask='255.255.255.0'>
<dhcp>
<range start='192.168.121.1'end='192.168.121.254'/>
</dhcp>
</ip>
</network>
after the creation is completed, the iptables rule is reconfigured, so that the data passing through the first network port is forwarded to the second network bridge, and the data of the second network bridge is also forwarded to the first network port.
And finally, starting the first operating system, mounting a first network port of the first operating system under the second network bridge, so that the first operating system can receive and transmit data in the second network bridge, for example, a windows system accesses the centos7 container through the virbr1 network bridge, and finally, the realized data flow is shown in fig. 2 b.
To this end, the first operating system may normally access the external network through the first bridge and the second bridge, for example, the windows system may access the cents 7 container through the virbr1 bridge, the cents 7 container may access the cents 7 container through the cni0 bridge, and finally the external network through the cents 7 container, and the entire network data flow may be as shown in fig. 2 c.
Fig. 3 is a flow chart of a routing method of an operating system in a container according to an embodiment of the present application. As shown in fig. 3, the method includes the following steps S110 to S140.
The method is applied to host equipment, wherein a virtual container, a first network bridge, a second network bridge and a first operating system are deployed in the host equipment, the first operating system and the second network bridge are deployed in the virtual container, and a first network port of the first operating system is mounted under the second network bridge.
And S110, when the first operating system generates an external network access request, the first operating system sends the external network access request to the second network bridge through the first network port.
For example, when the first operating system needs to access the external network, first, the first operating system generates an external network access request based on user operation or other system instructions, and since the first network port of the first operating system is mounted under the second network bridge, the first operating system can send the external network access request to the second network bridge through the first network port.
And S120, the second network bridge sends the external network access request to the virtual container according to a preset iptables rule.
Specifically, the second network bridge determines an IP value of the second network port according to the iptables rule; and then the second network bridge sends the external network access request to the second network port according to the IP value, so that the virtual container receives the external network access request.
For example, the second bridge determines, according to the iptables rule, that the IP value of the second portal is: 192.168.2.3, the second bridge determines the portal with the ip value of 192.168.2.3 as the target portal (second portal), and sends the external network access request to the target portal, and because the second portal is the network interface of the virtual container, sends the external network access request to the second portal, that is, sends the external network access request to the virtual container.
S130, the virtual container sends the external network access request to the first network bridge through a second network port.
The second network port is a network port of the virtual container, and the second network port is mounted under the first network bridge.
Specifically, in this embodiment, after the virtual container obtains the external network access request, the external network access request is sent to the first bridge, and since the second network port is mounted under the first bridge, the virtual container may send the external network access request to the first bridge directly through the second network port.
And S140, the first network bridge sends the external network access request to a third network port in the host equipment according to a preset routing rule, and sends the external network access request to an external network through the third network port.
In this embodiment, after the first bridge receives the external network access request of the first operating system, the external network access request is sent to a third network port in the host device according to a preset routing rule, so that the external network access request is routed to the host device, and then the external network access request is sent to the external network in the host device through the third network port.
In some embodiments, the first operating system in the container may receive a system access request from an external network in addition to accessing the external network, where the method further includes:
the host equipment receives a system access request of a first operating system through the third network port and sends the system access request to the first network bridge according to the routing rule; the first network bridge sends the system access request to the virtual container through the second network port; the virtual container sends the system access request to the second network bridge according to the iptables rule; and the second network bridge sends the system access request to the first operating system through the first network port.
In summary, the method is applied to a host device, in which a virtual container, a first bridge, a second bridge, and a first operating system are deployed, the first operating system and the second bridge are deployed in the virtual container, and a first portal of the first operating system is mounted under the second bridge, where the method includes: when the first operating system generates an external network access request, the first operating system sends the external network access request to the second network bridge through the first network port; then the second network bridge sends the external network access request to the virtual container according to a preset iptables rule; after the virtual container receives the external network access request, the external network access request is sent to the first network bridge through a second network port according to a preset routing rule, wherein the second network port is a network port of the virtual container; and finally, the first network bridge sends the external network access request to the host equipment, and sends the external network access request to an external network through a third network port of the host equipment. In this embodiment of the present application, the first operating system in the virtual container may route the external network access request to the virtual container through the second bridge disposed in the virtual container, then the virtual container routes the external network access request to the host device through the first bridge, and finally routes the external network access request to the external network through the host device, so that the operating system in the container normally accesses the external network.
Fig. 4 is a schematic block diagram of a routing device for an operating system in a container provided in an embodiment of the present application. As shown in fig. 4, the present application further provides a routing device of the operating system in the container, corresponding to the above routing method of the operating system in the container. The routing device of the operating system in the container is arranged in host equipment, a virtual container, a first network bridge, a second network bridge and a first operating system are deployed in the host equipment, the first operating system and the second network bridge are deployed in the virtual container, a first network port of the first operating system is mounted under the second network bridge, the routing device of the operating system in the container comprises a unit for executing the routing method of the operating system in the container, the host equipment can be a terminal or a server, and the terminal can be a desktop computer, a tablet computer, a portable computer and the like. Specifically, referring to fig. 4, the routing device 400 of the operating system in the container includes a transceiver unit 401 and a processing unit 402, where the processing unit 402 is configured to control the transceiver operation of the transceiver unit 401, and the transceiver unit 401 is configured to:
when the first operating system generates an external network access request, the external network access request is sent to the second network bridge through the first network port;
sending the external network access request to the virtual container through the second network bridge according to a preset iptables rule;
the external network access request is sent to the first network bridge through a second network port, wherein the second network port is the network port of the virtual container and is mounted under the first network bridge;
and sending the external network access request to a third network port in the host equipment through the first network bridge according to a preset routing rule, and sending the external network access request to an external network through the third network port.
In some embodiments, when executing the step of sending, by the second bridge, the external network access request to the virtual container according to a preset iptables rule, the transceiving unit 401 is specifically configured to:
determining, by the processing unit 402, an IP value of the second portal according to the iptables rule using the second bridge;
and sending the external network access request to the second network port by using the second network bridge according to the IP value, so that the virtual container receives the external network access request.
In some embodiments, the transceiver unit 401 is further configured to:
receiving a system access request of a first operating system through the third network port by using the host equipment, and sending the system access request to the first network bridge according to the routing rule;
sending the system access request to the virtual container through the second network port according to the routing rule;
transmitting the system access request to the second network bridge by utilizing the virtual container according to the iptables rule;
and sending the system access request to the first operating system through the first network port by utilizing the second network bridge.
In some embodiments, the host device is pre-configured with a k8s flannel plug-in and a virsh tool; wherein:
the gateway comprises a gateway module, a gateway module and a gateway module, wherein the gateway module is used for acquiring a first configuration file of a first network bridge and creating the first network bridge and the routing rule according to the first configuration file;
the virsh tool is configured to obtain a second configuration file of the second bridge, and create the second bridge and the iptables rule according to the second configuration file.
In some embodiments, the hosting device is a second operating system server, the virtual container is a second operating system container, the second operating system server is a server installed with a second operating system, and the second operating system container is a container installed with the second operating system.
In some embodiments, the first operating system is a windows system and the second operating system is a centos7 system.
In summary, the routing device of the operating system in the container provided by the present application may control the first operating system to route the external network access request to the virtual container through the second bridge disposed in the virtual container, then the virtual container routes the external network access request to the host device through the first bridge, and finally routes the external network access request to the external network through the host device, so that the operating system in the container normally accesses the external network.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the routing device and each unit of the operating system in the container may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, the description is omitted here.
The routing means of the operating system in the container described above may be implemented in the form of a computer program which is executable on a computer device as shown in fig. 5.
Referring to fig. 5, fig. 5 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 is a host device, which may be a terminal or a server, where a virtual container, a first network bridge, a second network bridge, and a first operating system are deployed in the host device, the first operating system and the second network bridge are deployed in the virtual container, and a first port of the first operating system is mounted under the second network bridge.
With reference to FIG. 5, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store a system 5031 and a computer program 5032. The computer program 5032 includes program instructions that, when executed, cause the processor 502 to perform a method of routing an operating system within a container.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the non-volatile storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform a method of routing an operating system within a container.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of a portion of the architecture in connection with the present application and is not intended to limit the computer device 500 to which the present application is applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to execute a computer program 5032 stored in a memory to implement the steps of:
when the first operating system generates an external network access request, the external network access request is sent to the second network bridge through the first network port;
sending the external network access request to the virtual container through the second network bridge according to a preset iptables rule;
the external network access request is sent to the first network bridge through a second network port, wherein the second network port is the network port of the virtual container and is mounted under the first network bridge;
and sending the external network access request to a third network port in the host equipment through the first network bridge according to a preset routing rule, and sending the external network access request to an external network through the third network port.
In some embodiments, when implementing the step of sending the external network access request to the virtual container by the second bridge according to a preset iptables rule, the processor 502 specifically implements the following steps:
determining an IP value of the second network port by using the second network bridge according to the iptables rule;
and sending the external network access request to the second network port by using the second network bridge according to the IP value, so that the virtual container receives the external network access request.
In some embodiments, the processor 502 further implements the steps of:
receiving a system access request of a first operating system through the third network port by using the host equipment, and sending the system access request to the first network bridge according to the routing rule;
sending the system access request to the virtual container through the second network port;
transmitting the system access request to the second network bridge by utilizing the virtual container according to the iptables rule;
and sending the system access request to the first operating system through the first network port by utilizing the second network bridge.
In some embodiments, the host device is pre-configured with a k8s flannel plug-in and a virsh tool; before implementing the step of the first operating system sending the external network access request to the second bridge through the first portal, the processor 502 further implements the following steps:
the gateway module acquires a first configuration file of the first network bridge, and creates the first network bridge and the routing rule according to the first configuration file;
and the virsh tool acquires a second configuration file of the second network bridge, and creates the second network bridge and the iptables rule according to the second configuration file.
In some embodiments, the hosting device is a second operating system server, the virtual container is a second operating system container, the second operating system server is a server installed with a second operating system, and the second operating system container is a container installed with the second operating system.
In some embodiments, the first operating system is a windows system and the second operating system is a centos7 system.
In some embodiments, the first bridge is a cni0 bridge and the second bridge is a virbr1 bridge.
It should be appreciated that in embodiments of the present application, the processor 502 may be a central processing unit (Central Processing Unit, CPU), the processor 502 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that all or part of the flow in a method embodying the above described embodiments may be accomplished by computer programs instructing the relevant hardware. The computer program comprises program instructions, and the computer program can be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present application also provides a storage medium. The storage medium may be a computer readable storage medium. The storage medium stores a computer program, wherein the computer program includes program instructions. The program instructions, when executed by the processor, cause the processor to perform the steps of:
when the first operating system generates an external network access request, the external network access request is sent to the second network bridge through the first network port;
sending the external network access request to the virtual container through the second network bridge according to a preset iptables rule;
the external network access request is sent to the first network bridge through a second network port, wherein the second network port is the network port of the virtual container and is mounted under the first network bridge;
and sending the external network access request to a third network port in the host equipment through the first network bridge according to a preset routing rule, and sending the external network access request to an external network through the third network port.
The storage medium may be a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, or other various computer-readable storage media that can store program codes.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the application can be combined, divided and deleted according to actual needs. In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a terminal, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method for routing an operating system in a container, the method being applied to a host device, wherein a virtual container, a first bridge, a second bridge, and a first operating system are deployed in the host device, the first operating system and the second bridge are deployed in the virtual container, and a first portal of the first operating system is mounted under the second bridge, the method comprising:
when the first operating system generates an external network access request, the first operating system sends the external network access request to the second network bridge through the first network port;
the second network bridge sends the external network access request to the virtual container according to a preset iptables rule;
the virtual container sends the external network access request to the first network bridge through a second network port, wherein the second network port is a network port of the virtual container and is mounted under the first network bridge;
the first network bridge sends the external network access request to a third network port in the host device according to a preset routing rule, and sends the external network access request to an external network through the third network port.
2. The method of claim 1, wherein the second bridge sends the external network access request to the virtual container according to a preset iptables rule, comprising:
the second network bridge determines the IP value of the second network port according to the iptables rule;
and the second network bridge sends the external network access request to the second network port according to the IP value, so that the virtual container receives the external network access request.
3. The method according to claim 1, wherein the method further comprises:
the host equipment receives a system access request of a first operating system through the third network port and sends the system access request to the first network bridge according to the routing rule;
the first network bridge sends the system access request to the virtual container through the second network port;
the virtual container sends the system access request to the second network bridge according to the iptables rule;
and the second network bridge sends the system access request to the first operating system through the first network port.
4. The method according to claim 1, wherein the host device is pre-configured with a k8s flannel plug-in and a virsh tool; before the first operating system sends the external network access request to the second network bridge through the first network port, the method further includes:
the gateway module acquires a first configuration file of the first network bridge, and creates the first network bridge and the routing rule according to the first configuration file;
and the virsh tool acquires a second configuration file of the second network bridge, and creates the second network bridge and the iptables rule according to the second configuration file.
5. The method according to any one of claims 1 to 4, wherein the host device is a second operating system server, the virtual container is a second operating system container, the second operating system server is a server on which a second operating system is installed, and the second operating system container is a container on which the second operating system is installed.
6. The method of claim 5, wherein the first operating system is a windows system and the second operating system is a centos7 system.
7. The method of any one of claims 1 to 4, wherein the first bridge is a cni0 bridge and the second bridge is a virbr1 bridge.
8. The routing device of the operating system in the container is characterized in that the routing device of the operating system in the container is arranged in host equipment, a virtual container, a first network bridge, a second network bridge and a first operating system are deployed in the host equipment, the first operating system and the second network bridge are deployed in the virtual container, a first network port of the first operating system is mounted under the second network bridge, and the routing device of the operating system in the container comprises a transceiver unit and a processing unit, the processing unit is used for controlling the transceiver operation of the transceiver unit, and the transceiver unit is used for:
when the first operating system generates an external network access request, the external network access request is sent to the second network bridge through the first network port;
sending the external network access request to the virtual container through the second network bridge according to a preset iptables rule;
the external network access request is sent to the first network bridge through a second network port, wherein the second network port is the network port of the virtual container and is mounted under the first network bridge;
and sending the external network access request to a third network port in the host equipment through the first network bridge according to a preset routing rule, and sending the external network access request to an external network through the third network port.
9. A computer device, characterized in that it comprises a memory on which a computer program is stored and a processor which, when executing the computer program, implements the method according to any of claims 1-7.
10. A computer readable storage medium, characterized in that the storage medium stores a computer program comprising program instructions which, when executed by a processor, can implement the method of any of claims 1-7.
CN202310090686.7A 2023-01-29 2023-01-29 Routing method, device, equipment and storage medium of operating system in container Pending CN116094870A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310090686.7A CN116094870A (en) 2023-01-29 2023-01-29 Routing method, device, equipment and storage medium of operating system in container

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310090686.7A CN116094870A (en) 2023-01-29 2023-01-29 Routing method, device, equipment and storage medium of operating system in container

Publications (1)

Publication Number Publication Date
CN116094870A true CN116094870A (en) 2023-05-09

Family

ID=86211808

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310090686.7A Pending CN116094870A (en) 2023-01-29 2023-01-29 Routing method, device, equipment and storage medium of operating system in container

Country Status (1)

Country Link
CN (1) CN116094870A (en)

Similar Documents

Publication Publication Date Title
US7532619B2 (en) Packet transfer apparatus with multiple general-purpose processors
EP3143714B1 (en) Method to enable deep packet inspection (dpi) in openflow-based software defined network (sdn)
US7996894B1 (en) MAC address modification of otherwise locally bridged client devices to provide security
US9515988B2 (en) Device and method for split DNS communications
US7509435B2 (en) Network Address Translation and Port Mapping
US20060047821A1 (en) System, method, and medium for relaying data using socket application program
KR101029457B1 (en) Network address translation based mobility management
JP2023530190A (en) IPv6 network communication method, device and system
CN114095415B (en) Route determination method, device, gateway equipment and storage medium
US20220046118A1 (en) Transparent Proxy Conversion of Transmission Control Protocol (TCP) Fast Open Connection
US11349934B2 (en) Opportunistic transmission control protocol (TCP) connection establishment
US8509235B2 (en) Layer-2 packet return in proxy-router communication protocol environments
US7408934B2 (en) Broadcast between subnetworks connected via router
US20180041433A1 (en) Method for relaying packets with aid of network address translation in network system, and associated apparatus
CN116094870A (en) Routing method, device, equipment and storage medium of operating system in container
WO2017166038A1 (en) Communication method and terminal
CN111800340B (en) Data packet forwarding method and device
US9497088B2 (en) Method and system for end-to-end classification of level 7 application flows in networking endpoints and devices
US20150261707A1 (en) Dynamic universal port mode assignment
US20050111454A1 (en) Method, apparatus and system for intelligently and dynamically routing mobile internet protocol packets
US11750516B2 (en) Programmatically determining next-hop mac address
WO2023162146A1 (en) Communication device, communication method, and program
CN116074309B (en) Access method of operating system in cross-platform container and related equipment
CN115361443B (en) Message processing method and system
JP7472919B2 (en) COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination