CN117255089A - Container network system and method of using the same - Google Patents

Container network system and method of using the same Download PDF

Info

Publication number
CN117255089A
CN117255089A CN202311254217.0A CN202311254217A CN117255089A CN 117255089 A CN117255089 A CN 117255089A CN 202311254217 A CN202311254217 A CN 202311254217A CN 117255089 A CN117255089 A CN 117255089A
Authority
CN
China
Prior art keywords
network
module
vpc
address
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311254217.0A
Other languages
Chinese (zh)
Inventor
孙选勇
向超胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Unicom Cloud Data Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Unicom Cloud Data Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, Unicom Digital Technology Co Ltd, Unicom Cloud Data Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202311254217.0A priority Critical patent/CN117255089A/en
Publication of CN117255089A publication Critical patent/CN117255089A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a container network system and a method for using the same. The system includes a plurality of distributed availability zones, each distributed availability zone including: the NAT gateway provides a network outlet channel to access the customer intranet and/or the Internet to acquire service requirements; receiving service demands based on at least one network access interface provided by the CLB, and calling a scheduling strategy to perform load balancing processing on cloud resource instances; the VPC network module comprises a virtual router and a plurality of sub-network units, and each sub-network unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment so as to realize management of multiple tenants, subnet units, subnet unit internal addresses, virtual routers and Internet protocols based on service requirements and control the connection mode of the VPC network module and a black-and-white list. Therefore, NAT gateway and CLB are constructed based on the distributed framework, massive north-south business access requirements are met based on the network outlet channel and the network inlet interface, and business processing performance is improved.

Description

Container network system and method of using the same
Technical Field
The present disclosure relates to the field of container network technologies, and in particular, to a container network system and a method for using the same.
Background
Along with the great development of digital economy, the diversity and complexity of the demands on the container network are continuously increased, and through the research on the computing service products facing the container network in the industry, the work in the aspects of network resource model design, resource domain isolation, security management and control, load balancing, elastic expansion and the like is found to be imperfect, so that the computing service demands on the container network by the digital infrastructure of a telecom operator can not be completely met.
In the prior art, because each container is not directly connected through a virtual network device, a container network is created, managed and arranged based on a Docker, namely, a virtual interface is respectively created in a local host and the container by using a network naming space and the virtual network device on Linux, and the virtual interfaces are communicated to realize communication between different containers.
However, the above manner of implementing communication between containers based on Docker needs to control the virtual interface of the host (host), which results in poor performance due to high control difficulty.
Disclosure of Invention
The application provides a container network system and a use method thereof, which are used for solving the problems that the management and control difficulty is high and the performance is poor because the virtual interface of a host end (host) is managed and controlled in a mode of realizing communication between containers based on a Docker.
In a first aspect, the present application provides a container network system, the system comprising a plurality of distributed availability zones, each distributed availability zone comprising: a network address translation NAT gateway, a cloud load balancer CLB and a virtual private cloud VPC network module;
the NAT gateway provides a network channel for the VPC network module; the network outlet channel is used for accessing a customer intranet and/or the Internet to acquire service requirements based on a target Internet protocol; the network outlet channel supports access to various Internet protocols;
the CLB is used for providing at least one network access interface for the VPC network module, receiving the service requirement based on the at least one network access interface, and calling a scheduling strategy to perform load balancing processing on a cloud resource instance based on the service requirement; the at least one network access interface supports access to a plurality of internet protocols; the cloud resource instance is stored in the VPC network module;
the VPC network module comprises a virtual router and a plurality of subnet units, and each subnet unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment; the virtual network environment is used for realizing management of multiple tenants, management of the plurality of subnet units, management of an internal address of each subnet unit, management of the virtual router, management of internet protocol access, control of the VPC network module connection mode and black and white lists based on the service requirements.
Optionally, the NAT gateway includes an address translation module as described above; the address conversion module is used for realizing intercommunication with a customer intranet and/or the Internet;
the NAT gateway further includes: the system comprises a first address management module, a cluster management module, a first area management module and a virtual local area network VLAN management module; the first address management module is used for adding or deleting a customer intranet address and/or an internet address corresponding to the VPC network module; the cluster management module is used for adding or deleting clusters deployed by the NAT gateway; the first area management module is used for adding or deleting an area corresponding to the network outlet channel; and the VLAN management module is used for adding or deleting the VLAN loaded by the outbound channel.
Optionally, the CLB is further configured to provide a plurality of scheduling policies, as described above; the plurality of scheduling strategies comprise a polling scheduling strategy, a priority scheduling strategy and a session maintaining strategy; the polling scheduling strategy is used for sequentially carrying out cloud resource instance processing according to a time sequence; the priority scheduling strategy is used for processing based on the priority order of cloud resource instances; the session maintaining strategy is used for establishing a connection relation among a plurality of cloud resource instances and sequentially processing the cloud resource instances.
Optionally, in the system as described above, the CLB is further configured to perform anomaly monitoring on the at least one network access interface, and generate a prompt message after detecting the abnormal network access interface.
Optionally, in the system as described above, the CLB is further configured to control the black-and-white list of the at least one network access interface.
Optionally, the CLB comprises a hardware load module as described above; the hardware load module is used for providing at least one network access interface for the VPC network module; the CLB further comprises: the second address management module, the second area management module and the service discovery module; the second address management module is used for adding or deleting the address of the VPC network module; the second area management module is used for adding or deleting the area corresponding to the network access interface; the service discovery module is used for discovering the newly added network access interface.
Optionally, in the system as described above, the CLB further comprises: the system comprises a four-layer load balancing module, a seven-layer load balancing module, an inner load module and an outer load module; the four-layer load balancing module is used for uniformly distributing User Datagram Protocol (UDP) traffic to a plurality of cloud resource instances based on the address of the VPC network module and the at least one network access interface to realize network load balancing, and the seven-layer load balancing module is used for uniformly distributing the plurality of cloud resource instances to a plurality of subnet units based on a resource locator (URL) and a hypertext transfer security (HTTPS) to realize application load balancing; the internal load module is used for realizing the mutual access of the plurality of subnet units; the external load module is used for realizing the access of the customer intranet and/or the Internet to the plurality of subnet units.
Optionally, in the system as described above, the VPC network module further includes an elastic network card, where the elastic network card is used to bind with an internal address of the subnet unit, so as to implement network interworking.
Optionally, the system as described above, further comprising a driver; the driver is used for controlling the access and configuration of the NAT gateway, the CLB and the VPC network module.
In a second aspect, the present application provides a method of using a container network system, the system comprising a plurality of distributed availability zones, each distributed availability zone comprising: a network address translation NAT gateway, a cloud load balancer CLB and a virtual private cloud VPC network module; the NAT gateway provides a network channel for the VPC network module; the CLB is used for providing at least one network access interface for the VPC network module; the VPC network module comprises a virtual router and a plurality of subnet units, and each subnet unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment; the method comprises the following steps:
accessing a customer intranet and/or the Internet based on the network outlet channel, and acquiring service requirements from the customer intranet and/or the Internet based on a target Internet protocol;
Receiving the service demands based on the at least one network access interface, and calling a scheduling strategy to perform load balancing processing on cloud resource instances based on the service demands; the at least one network access interface supports access to a plurality of internet protocols; the cloud resource instance is stored in the VPC network module;
and managing the service demands based on the virtual network environment, managing the plurality of subnet units, managing the internal address of each subnet unit, managing the virtual router, managing Internet protocol access, controlling the VPC network module connection mode and the black-and-white list.
Optionally, the method as described above, the method further comprises:
obtaining a processing result of the service requirement, and visually displaying the processing result; the processing result comprises: the system comprises an assigned tenant, an accessed subnet unit, an internal address corresponding to the accessed subnet unit, an accessed virtual router, an accessed internet protocol, a VPC network module with a connection relationship and an accessed VPC network module.
The container network system and the application method thereof construct the container network system by adopting open source and autonomous research and development, and the container network system comprises a plurality of distributed available areas, wherein each distributed available area comprises a virtual network three-sisal, namely a Virtual Private Cloud (VPC) network module, a Network Address Translation (NAT) gateway and a Cloud Load Balancer (CLB); the VPC network module can be used for quickly constructing an isolated and autonomously managed virtual network environment on the container platform by different project applications, so that the safety of resources on the cloud is improved, and the application deployment is simplified; furthermore, by combining the NAT gateway and the CLB, a high-speed exchange channel is constructed between the VPC network and the classical network, the external service capacity of the application system is expanded, the fault tolerance of the application at a higher level is realized, the massive north-south service access requirements can be met, and the service processing performance is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a container network system according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of a specific container network system according to an embodiment of the present disclosure;
fig. 4 is a network function panorama of a container network system according to an embodiment of the present disclosure;
fig. 5 is a flow chart of a method for using a container network system according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
In order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the first device and the second device are merely for distinguishing between different devices, and are not limited in their order of precedence. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
In this application, the terms "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The following is a description of the terminology involved in the present application.
Cloud primordial: may refer to a set of cloud technology product systems established based on technologies such as containers, micro services, devOps (combination of Development and Operations) and the like based on distributed cloud of distributed deployment and unified transport.
"Dongxil" strategy: the method can be used for orderly guiding the eastern computing power demand to the west by constructing a novel computing power network system integrating a data center, cloud computing and big data, optimizing the construction layout of the data center and promoting the cooperative linkage of the eastern and the west.
Open virtual switching standard, (Open vSwitch, OVS): may refer to a "virtual switch" that is open source for automating (configuring, managing, maintaining) a vast network through programming extensions while also supporting standard management interfaces and protocols.
Open virtual network (Open Virtual Network, OVN): it may refer to a native virtualized network scheme provided by OVS, OVN natively supporting virtual network abstractions, such as virtual L2, L3 overlay networks and complete groups, based on the existing functionality of OVS.
With the tremendous development of digital economy, digital transformation of thousands of industries has entered deep water areas, leading to ever increasing diversity and complexity of container network requirements. Because network and service communication play a vital role in the performance of an application in a distributed system, through the research on the computing service products facing the container network in the industry, the existing product solutions are found to be imperfect in terms of network resource model design, resource domain isolation, security management and control, load balancing, elastic expansion and the like, and cannot completely meet the computing service requirements of a telecom operator digital infrastructure on the container network.
In one possible implementation, since each container is not directly connected through a virtual network device, a container network is created, managed and arranged based on Docker, that is, a virtual interface is created in a local host and a container respectively by using a network naming space on Linux and the virtual network device, and the virtual interfaces are communicated to realize communication between different containers.
However, the above manner of implementing communication between containers based on Docker needs to control the virtual interface of the host (host), which results in poor performance due to high control difficulty.
It should be noted that, more and more projects are managed by application of a container, the diversity and complexity of computing power requirements of the container network are continuously increased, but the existing container network scheme still has a plurality of problems, and most applications face a plurality of problems and challenges such as functions, performance, capacity, stability, expansibility, long fault recovery time, etc., for example, the container network prominence problem is: the granularity of the container is small and the dispersion degree is high; the container size is limited by the network specification; the containers are frequently scheduled for migration; the container migration scope is limited and the number of network isolates is limited.
The container network system provided by the application aims to solve the technical problems. Specifically, the application constructs a new generation cloud primary digital network base based on OVN +OVS+intelligent network card, and constructs a container network system by adopting open source+autonomous research and development, wherein the container network system comprises a plurality of distributed available areas, and each distributed available area comprises a virtual network three-sisal, namely a virtual private cloud (Virtual Private Cloud, VPC) network module, a network address translation (Network Address Translation, NAT) gateway and a cloud load equalizer (Classic Load Balancer, CLB); the VPC network module can be used for quickly constructing an isolated and autonomously managed virtual network environment on the container platform by different project applications, so that the safety of resources on the cloud is improved, and the application deployment is simplified; furthermore, by combining the NAT gateway and the CLB, a high-speed exchange channel is constructed between the VPC network and the classical network, the external service capacity of the application system is expanded, the fault tolerance of the application at a higher level is realized, the massive north-south service access requirements can be met, and the service processing performance is improved.
Exemplary, fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application, as shown in fig. 1, where the application scenario includes: customer intranet, internet and container network system, the container network system multiple network nodes and computing nodes; each network node comprises a distributed NAT gateway and a distributed CLB load; taking a first network node and a second network node as examples, wherein the first network node corresponds to an enterprise intranet access partition, and the second network node corresponds to an internet access partition; the computing node is a VPC network module and comprises a distributed virtual router and a plurality of subnets; the computing node corresponds to the comprehensive service data exchange partition; each subnetwork is made up of distributed virtual switches and cloud servers (Elastic Compute Service, ECS), elastic container instances (Elastic Container Instance, ECI) and building information model (Building Information Modeling, BIM) cloud platforms.
It should be noted that, in the embodiment of the present application, the number of network nodes, the number of computing nodes, and the number of corresponding subnets in each computing node included in the container network system are not specifically limited, and may be determined based on a service scenario.
Specifically, since the distributed NAT gateway provides a network channel for the container network system to access the customer intranet, further, the service requirement sent by the enterprise is received based on the distributed CLB load; the service requirement is sent based on the customer intranet, and the container network system sends the service requirement to the VPC network module for processing after receiving the service requirement.
Further, the service requirement is sent to the distributed virtual router, so that the distributed virtual router determines subnets such as subnets 1 and 2 required for processing the service requirement; wherein the process of determining the subnetwork 1 and subnetwork 2 comprises determination of multiple tenants, determination of addresses inside the subnetwork 1 and subnetwork 2, determination of distributed virtual switches, determination of internet protocol access, such as determination as internet protocol version 6 (Internet Protocol Version, ipv 6), etc.; furthermore, based on the service requirement, it can be further determined that the connection mode with other VPC network modules is not needed in the current service processing, and that both the subnet 1 and the subnet 2 are located in the white list.
It should be noted that, by determining the internal address of the subnet, the corresponding subnet can be determined, and the subnet located in the blacklist can not be used when performing service processing, and a certain subnet can be added or deleted based on the service requirement.
Correspondingly, the container network system can also access the Internet, if the network corresponding to the service requirement is the Internet, the service requirement can be acquired based on the Internet by using the distributed NAT gateway and the distributed CLB load, and the service data is processed in the computing node; in the process of processing service data, the data in the ECI may be accessed through the ECS, or may be accessed based on the Internet, which is not limited in this embodiment of the present application.
It should be noted that, in the embodiment of the present application, the number and types of ECSs, ECIs, and BIMs included in each subnet are not specifically limited, for example, one subnet includes only 2 ECSs and 1 ECI.
It can be understood that the method can be used for large-scale commercial landing in the communication field so as to accelerate the integration of calculation power and a network, and the strategy of assisting 'Dongxil' is better to land.
The following describes the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a schematic structural diagram of a container network system provided in an embodiment of the present application, where, as shown in fig. 2, the container network system includes a plurality of distributed available areas, and in this application, taking 2 distributed available areas as an example, the container network system includes a distributed available area 1 and a distributed available area 2; each of the distributed availability zones includes: a network address translation NAT gateway, a cloud load balancer CLB and a virtual private cloud VPC network module;
the NAT gateway provides a network channel for the VPC network module; the network outlet channel is used for accessing a customer intranet and/or the Internet to acquire service requirements based on a target Internet protocol; the network outlet channel supports access to various Internet protocols;
the CLB is used for providing at least one network access interface for the VPC network module, receiving the service requirement based on the at least one network access interface, and calling a scheduling strategy to perform load balancing processing on a cloud resource instance based on the service requirement; the at least one network access interface supports access to a plurality of internet protocols; the cloud resource instance is stored in the VPC network module;
the VPC network module comprises a virtual router and a plurality of subnet units, and each subnet unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment; the virtual network environment is used for realizing management of multiple tenants, management of the plurality of subnet units, management of an internal address of each subnet unit, management of the virtual router, management of internet protocol access, control of the VPC network module connection mode and black and white lists based on the service requirements.
In the distributed available area 1, the subnet unit 2 and the subnet unit 3 are connected in a distributed mode based on a virtual router; in the distributed availability zone 2, the subnet unit 4 and the subnet unit 5 are distributed based on virtual routers.
In the embodiment of the application, the NAT gateway can construct a high-speed network-out channel with the speed of up to 20Gbit/s for cloud resources in the VPC network module so as to meet the large-scale application scene of users.
Specifically, for different service demands, multiple NAT gateways can be deployed for the VPC network module to access the customer intranet or the internet, so as to meet the diversity of the application network outlet demands.
The target internet protocol may be determined based on the traffic demand, as different traffic demands may correspond to different internet protocols, which may include internet protocol version 4 (Internet Protocol version, IPV 4), IPV6, etc.
Correspondingly, the NAT gateway supports the conversion and management of the client intranet address and/or the Internet address corresponding to the VPC network module, and also supports the NAT gateway to deploy different clusters and manage the clusters, so that the NAT gateway can be deployed in a cluster mode, can be used after being opened, is simple in configuration, and is stable and reliable in operation.
Further, the required NAT gateway and cluster can be determined based on traffic demand; since the NAT gateway also supports loading different virtual local area networks (Virtual Local Area Network, VLANs), the different NAT gateways are segregated and may access at least one NAT gateway in multiple areas based on traffic demand.
In this embodiment of the present application, the CLB may deploy a plurality of network access interfaces for the VPC network module so as to access from a customer intranet or the internet, and the CLB may provide a multi-cloud network access based on service requirements.
The CLB can also support functions of an L4& L7 layer protocol, a plurality of main stream scheduling algorithms, a plurality of health inspection modes, sticky session maintenance and the like, so that the effect of being ready to use is achieved, and the plurality of main stream scheduling algorithms are used for realizing load balancing of cloud resource examples; the multi-type health examination mode is used for detecting whether an access interface is abnormal or not; the sticky session is used for establishing a connection relationship between a plurality of VPC network modules, for example, when performing service data processing, the VPC network module 2 needs to access data in the VPC network module 1, so that a connection relationship between the VPC network module 1 and the VPC network module 2 needs to be established, and when performing service data processing, only the data in the VPC network module 1 needs to be accessed, no connection manner of the VPC network module needs to be established, which is determined based on service requirements.
Specifically, the CLB may provide load balancing service for the VPC network module and cloud resource instances in the classical network, so as to satisfy increasingly complex application scenarios.
It will be appreciated that the CLB may also support internet protocols such as IPv4 and IPv6, corresponding to the NAT gateway.
In this embodiment of the present application, the functions corresponding to the VPC network module are: tenant management, subnet management, address management, routing management, fixed internet protocol (Internet Protocol, IP) addresses, distributed gateways, unified drivers, elastic network cards, business security groups, IPv4/IPv6 support, VPC interconnection, etc.; the tenant management is used for managing tenants corresponding to business requirements, and different tenants can be allocated for different projects; therefore, aiming at private virtual networks on the cloud, tenants can be 100% isolated, and security of application is guaranteed.
The subnet manager is used for managing the subnet units, namely, based on service requirements, the required subnet units can be determined; correspondingly, the address management is to manage the internal addresses of the subnet units corresponding to the subnet management, and the corresponding subnet units can be determined based on the internal addresses of the subnet units.
The route management is used for determining the virtual router corresponding to the sub-network unit; the fixed IP address is used to set an IP address for a specific subnet unit, so that the specific IP address can be directly invoked when the service is processed, and the specific service requirement corresponds to the specific IP address. The distributed gateway may be a distributed virtual reality (Distributed Virtual Reality, DVR) gateway, which is used to implement line-speed forwarding of east-west traffic, i.e. each ECS, ECI and/or BIM is connected in a distributed manner through a virtual switch, for example, the traffic of the ECS may be forwarded to the ECI.
The unified driver is used for realizing unified management of the NAT gateway, the CLB and the VPC network module; the elastic network card is used for providing an elastic straight-through network (IPVLAN) and managing a passage; the service security group is used for controlling a black-and-white list, namely the subnet unit positioned in the black list can be accessed and used, and the subnet unit positioned in the black list is forbidden to be accessed and used, so that the access security is improved; the subnet units in the black-and-white list may be set in advance, or may be modified manually, which is not particularly limited in the embodiment of the present application, and may be set based on a service scenario.
Correspondingly, the VPC network module also supports internet protocols such as IPv4/IPV6 and the like; the VPC interconnection may refer to that a plurality of the VPC network modules are connected, and since the plurality of VPC network modules are isolated from each other, if the plurality of VPC network modules need to communicate data, the VPC interconnection needs to be established.
It should be noted that, in the embodiment of the present application, the type of the outbound channel, the number and the type of the inbound interfaces, and the number of the virtual routers and the subnet units determined based on the service scenario are not specifically limited, and may correspond to different outbound channels, inbound interfaces, virtual routers and subnet units based on different service requirements.
Therefore, the embodiment of the application can realize the effects of high performance, multi-outlet and strong stable operation based on the NAT gateway, can realize multi-inlet and call corresponding scheduling strategies at any time based on the CLB, and fully cover the application scene, achieves the effects of simplicity and easiness in use, and realizes safe and reliable data processing and exchange based on the VPC network module, so that most application scenes can be met in the aspects of functions, performance, stability and the like, and a high-performance network is further constructed for users.
In combination with the above embodiments, fig. 3 is a schematic structural diagram of a specific container network system provided in the embodiments of the present application, as shown in fig. 3, where the container network system may be applied to different regions, such as region 1 to region N; the container network system of each region may include a plurality of distributed available areas, for example, the container network system corresponding to region 1 may include an available area a and an available area B; in the available area A, the available area A comprises 2 VPC network modules, 4 NAT gateways and 4 CLBs, each VPC network module corresponds to 2 NAT gateways and 2 CLBs, and client intranet or Internet access is performed based on the 2 NAT gateways and 2 CLBs; wherein 2 VPC network modules in the available area a are connected in a peer-to-peer manner, namely VPC interconnection; the available area B comprises 1 VPC network module, 2 NAT gateways and 2 CLBs, wherein the VPC network module corresponds to the 2 NAT gateways and the 2 CLBs, and accesses the customer intranet or the Internet based on the 2 NAT gateways and the 2 CLBs; each VPC network module comprises a virtual router, at least one virtual switch, a plurality of ECSs, a plurality of ECIs and a plurality of BIMs; the number of ECSs, ECIs, and BIMs included in each subnet is not particularly limited in the embodiment of the present application.
It should be noted that the number of NAT gateways, CLBs, VPC network modules and subnet elements in the VPC network modules required may be determined based on the traffic demand.
Optionally, the NAT gateway includes an address translation module as described above; the address conversion module is used for realizing intercommunication with a customer intranet and/or the Internet;
the NAT gateway further includes: the system comprises a first address management module, a cluster management module, a first area management module and a virtual local area network VLAN management module; the first address management module is used for adding or deleting a customer intranet address and/or an internet address corresponding to the VPC network module; the cluster management module is used for adding or deleting clusters deployed by the NAT gateway; the first area management module is used for adding or deleting an area corresponding to the network outlet channel; and the VLAN management module is used for adding or deleting the VLAN loaded by the outbound channel.
In this embodiment of the present application, the client intranet address and/or the internet address corresponding to the VPC network module are added or deleted, the cluster deployed by the NAT gateway is added or deleted, the area corresponding to the outbound channel is added or deleted, and the VLAN loaded by the outbound channel is added or deleted, which may be respectively added or deleted as described above in response to the operation of the user on the terminal device.
The container network system can also automatically add the customer intranet address and/or the internet address corresponding to the related VPC network module or delete the customer intranet address and/or the internet address corresponding to the non-related VPC network module based on different service demands; newly adding the NAT gateway deployed cluster required by the service requirement or deleting the NAT gateway deployed cluster not related to the service requirement; newly adding a region corresponding to the network outlet channel related to the service requirement or deleting a region corresponding to the network outlet channel not related to the service requirement; and adding a VLAN loaded on an outbound channel related to a service requirement, or deleting a VLAN loaded on an outbound channel not related to a service requirement, which is not specifically limited in the embodiment of the present application.
The cluster deployed by the NAT gateway corresponds to a cluster of the VPC network module; because the single cluster capacity in the container network system can support bearing more than 10W+ containers, the deep fusion calculation can start 2000+ hot containers in seconds, so that the cluster management module can manage a very large-scale container network; furthermore, the cluster is deeply optimized by combining production, and the flow table cutting is realized through cluster parameter tuning, network element integration, architecture grouping and the like, so that the stability and the expandability of the cluster can be greatly improved under the condition of not influencing the functions; the cluster parameter tuning, namely, the parameter adjustment and optimization between ECS and ECI can be performed, and ECI can be accessed based on ECS of different clusters.
Therefore, the embodiment of the application can carry out scratch management on the client intranet address and/or the internet address corresponding to the VPC network module, the cluster deployed by the NAT gateway, the area corresponding to the network outlet channel and the VLAN loaded by the network channel, thereby improving the flexibility of the container network system for accessing the network.
Optionally, the CLB is further configured to provide a plurality of scheduling policies, as described above; the plurality of scheduling strategies comprise a polling scheduling strategy, a priority scheduling strategy and a session maintaining strategy; the polling scheduling strategy is used for sequentially carrying out cloud resource instance processing according to a time sequence; the priority scheduling strategy is used for processing based on the priority order of cloud resource instances; the session maintaining strategy is used for establishing a connection relation among a plurality of cloud resource instances and sequentially processing the cloud resource instances.
For example, different scheduling policies may be determined for different traffic demands; if the scheduling policy determined based on the service requirements is a polling scheduling policy, the cloud resource instances can be sequentially processed based on the time sequence of receiving the service requirements or the time sequence of accessing the customer intranet and/or the internet so as to achieve load balancing; if the scheduling policy determined based on the service requirements is a priority scheduling policy, the priority corresponding to the service requirements can be obtained, and cloud resource instances are processed based on the priority sequence of the received service requirements so as to achieve load balancing; or sequencing the connection quantity of the VPC network modules corresponding to the service demands, and preferentially processing cloud resource instances corresponding to the service demands with the minimum quantity of connection; if the scheduling policy determined based on the service requirement is a session maintaining policy, determining a corresponding connection relationship of the VPC network module based on the received service requirement, and establishing a connection relationship of a plurality of cloud resource instances based on the connection relationship, and sequentially processing the connection relationship.
The load balancing comprises four/seven layers of load balancing, inner/outer load balancing and the like, wherein the four layers of load balancing are used for realizing network load balancing; the seven-layer load balancing is used for realizing application load balancing; the internal load balancing is used for realizing the balancing of the internal access of the VPC network module; the external load balancing is used for realizing the balancing of the internal of the client intranet and/or the internal of the Internet access VPC network module; the embodiment of the application does not limit the specific content corresponding to the load balancing.
Therefore, the embodiment of the application can support various scheduling strategies to realize load balancing, different service scenes are met, and the flexibility of service application is improved.
Optionally, in the system as described above, the CLB is further configured to perform anomaly monitoring on the at least one network access interface, and generate a prompt message after detecting the abnormal network access interface.
In this embodiment of the present application, the CLB includes a health check module, where the health check module is configured to perform anomaly monitoring on the at least one network access interface, and generate prompt information after monitoring the abnormal network access interface, and further, may visually display the prompt information for a user to view.
It should be noted that, in the embodiment of the present application, the display content and the display form of the prompt information are not limited in particular, and the display may be in the form of a message box, where the "network access interface 1 is abnormal, please overhaul or replace the network access interface".
Optionally, when the health checking module provided in the present application performs health detection, an abnormal problem may be determined and a solution may be determined based on the abnormal problem.
Therefore, the embodiment of the application can perform abnormal monitoring of the network access interface, and ensures stable operation of the application on the cloud.
Optionally, in the system as described above, the CLB is further configured to control the black-and-white list of the at least one network access interface.
In this embodiment of the present application, the CLB includes an access control module, where the access control module is configured to control access to a network access interface of the VPC network module, that is, a network access interface allowed to be used is stored in a white list, and a network access interface not allowed to be used is stored in a black list; the black and white list may store addresses of the network access interfaces.
Specifically, when receiving the service demand, searching the address of at least one network access interface which can be used in the black-and-white list, and determining the corresponding network access interface based on the address of the at least one network access interface so as to receive the service demand, thereby realizing the safe receiving of the service demand.
It should be noted that, the addresses of the network interfaces stored in the black-and-white list may be stored in advance, or may be modified manually, which is not limited in the embodiment of the present application.
Therefore, the embodiment of the application can determine the network access interface which is allowed to be used based on the black-and-white list, and realize the safe transmission of the service requirement.
Optionally, the CLB comprises a hardware load module as described above; the hardware load module is used for providing at least one network access interface for the VPC network module; the CLB further comprises: the second address management module, the second area management module and the service discovery module; the second address management module is used for adding or deleting the address of the VPC network module; the second area management module is used for adding or deleting the area corresponding to the network access interface; the service discovery module is used for discovering the newly added network access interface.
In this embodiment of the present application, the hardware load module implements a combination of software and hardware, and provides at least one network access interface for the VPC network module by exchanging with a physical machine, so as to improve the performance of CLB.
Specifically, the address of the VPC network module is added or deleted, the area corresponding to the network access interface is added or deleted, the above new addition or deletion can be performed respectively in response to the operation of the user on the terminal device, or the container network system can be automatically added or deleted based on different service requirements, the description of which can refer to the description of the first address management module and the first area management module in the above embodiment, and the second address management module and the second area management module are similar to the first address management module and the second area management module, which are not repeated herein, but only the corresponding address and area are different.
It should be noted that, the service discovery module is configured to discover a newly added network access interface, for example, 3 network access interfaces, that is, network access interface 1, network access interface 2 and network access interface 3 are required for a certain service requirement, but network access interface 1 is switched to network access interface 4, at this time, 3 network access interfaces are still available, and accordingly, the service discovery module is configured to discover network access interface 4, so that accuracy of determining the network access interfaces is improved.
Therefore, the embodiment of the application can manage the address of the VPC network module and the area corresponding to the network access interface and find the newly added network access interface, thereby improving the flexibility of the container network system for accessing the network.
Optionally, in the system as described above, the CLB further comprises: the system comprises a four-layer load balancing module, a seven-layer load balancing module, an inner load module and an outer load module; the four-layer load balancing module is used for uniformly distributing User Datagram Protocol (UDP) traffic to a plurality of cloud resource instances based on the address of the VPC network module and the at least one network access interface to realize network load balancing, and the seven-layer load balancing module is used for uniformly distributing the plurality of cloud resource instances to a plurality of subnet units based on a resource locator (URL) and a hypertext transfer security (HTTPS) to realize application load balancing; the internal load module is used for realizing the mutual access of the plurality of subnet units; the external load module is used for realizing the access of the customer intranet and/or the Internet to the plurality of subnet units.
In this embodiment of the present application, the four-layer load balancing module is only configured to process traffic of a transmission control protocol (Transmission Control Protocol, TCP) and a user datagram protocol (User Datagram Protocol, UDP); specifically, in the forwarding, the four-layer load balancing distributes the UDP traffic to a plurality of cloud resource instances based on the information such as the address of the VPC network module and at least one network access interface, that is, on the basis of three-layer load balancing, the address of the VPC network module and at least one network access interface are used to determine which traffic needs to be load balanced, NAT processing is performed on the traffic needing to be processed, and the traffic is forwarded to a background server, and the server from which the TCP or UDP traffic is processed is recorded.
The seven-layer load balancing module supports the processing of protocols such as hypertext transfer security protocol (Hypertext Transfer Protocol Secure, HTTPS), secure socket layer (Secure Socket Layer, SSL), secure transport layer protocol (Transport Layer Security, TLS) and the like; the seven-layer load balancing module can uniformly distribute a plurality of cloud resource instances to a plurality of subnet units by utilizing information of an application layer, such as a request header of HTTPS and a uniform resource positioning system (uniform resource locator, URL), in forwarding, namely load balancing is realized based on virtual URL or host IP; the host IP corresponds to the URL.
Because the subnet units are isolated from each other, the internal load module is used for realizing the internal access balance of the VPC network module, namely the balance of ECS access ECI; the external load module is used for realizing the access balance of the customer intranet and/or the Internet to the VPC network module, namely the balance of the customer intranet and/or the Internet to the ECS.
In combination with the above description, it can be understood that the functions corresponding to the four-layer load balancing module have UDP loads; the seven-layer load balancing module has the corresponding functions of HTTPS load and URL load.
It should be noted that, because of the load balancing module in the CLB, the minimum cluster unit can support 1000w+ concurrent connection, and can also perform linear expansion to meet the requirement of mass service access.
Therefore, the CLB cloud load equalizer constructed based on the distributed framework can support tens of thousands of concurrency, further meet massive north-south business access requirements, bring linear expansion of performance and improve running stability.
Optionally, in the system as described above, the VPC network module further includes an elastic network card, where the elastic network card is used to bind with an internal address of the subnet unit, so as to implement network interworking.
In this embodiment of the present application, the elastic network cards are virtual network interfaces in the VPC network module, and are used to connect the cloud server ECS with the private network, where each elastic network card has a private IPV4 address or IPV6 address within an address range of the switch, and one or more elastic public network IPs are bound for the elastic network card, so that the elastic network cards may be used for public network communications.
Optionally, a main private network address can be designated when the elastic network card is created, and if not, the main private network address can be randomly allocated; one or more auxiliary private IPv4 addresses or IPV6 addresses can be allocated to the elastic network card, then the auxiliary private IP addresses are recovered and redistributed to other elastic network cards, and further the network performance is improved; the number of IP addresses of the elastic network card may be determined by the specification of the cloud resource instance, which is not specifically limited in the embodiment of the present application.
Therefore, the embodiment of the application can support the allocation of a plurality of intranet IP addresses by providing the elastic straight-through network, so that the multiplexing flexibility is improved, and different elastic network cards can respectively bear the service traffic of the public network, the intranet and the management network, so that the stability and the safety of the application are improved.
Optionally, the system as described above, further comprising a driver; the driver is used for controlling the access and configuration of the NAT gateway, the CLB and the VPC network module.
Specifically, the driver may control the number of accesses, access areas, and access types of the NAT gateway, CLB, and VPC network module, and may perform configuration, such as deletion, etc., of the NAT gateway, CLB, and VPC network module that are accessed.
Therefore, the embodiment of the application realizes unified management of the NAT gateway, the CLB and the VPC network module through the driver, and is convenient for promoting and realizing management of the multifunction, performance, capacity and fault monitoring of the container.
In combination with the above embodiments, fig. 4 is a network function panorama of a container network system provided in the embodiments of the present application, where, as shown in fig. 4, the container network system includes a NAT gateway, CLB, VPC network module, network security module, and base network module; the functions corresponding to the VPC network module comprise tenant management, subnet management, address management, route management, fixed IP, distributed gateway, unified driver, elastic network card, service security group, IPV6 support, VPC interconnection and the like; the functions corresponding to the NAT gateway comprise address translation, address management, cluster management, area management, VLAN management, IPV6 support and the like; the functions corresponding to the CLB comprise hardware load, scheduling policy, health check, service discovery, access control, address management, area management, four/seven loads, internal/external load, URL load, UDP load, HTTPS load, IPV6 support and the like; the NAT gateway, CLB, and VPC network module all support IPV4 by default, and the specific description of each function may refer to the corresponding description in the foregoing embodiments, which is not described herein again.
The corresponding functions of the network security module are a Web application protection system (Web Application Firewall, WAF) fire wall and a network honey pot; the WAF firewall may refer to a security software or hardware component that filters HTTPS traffic from a client to protect a server from malicious traffic; the network honeypot can refer to a technology for cheating an attacker, and the attacker is induced to implement the attack by arranging a host computer, network service or information serving as a bait, so that the attack behavior can be captured and analyzed, tools and methods used by the attacker are known, attack intention and motivation are presumed, and the safety protection capability of an actual system is enhanced by technical and management means.
Optionally, the CLB further corresponds to functions such as classical network load, HTTPS certificate encryption, HTTP URL forwarding, and the like; the HTTPS certificate encryption is used for encrypting HTTPS based on an encryption algorithm, and specific contents corresponding to a classical network load and the encryption algorithm are not limited in the embodiment of the present application, and may refer to the prior art.
The functions corresponding to the base network module include subnet management, address management, egress management, ingress management, internal/external load, management network, IPV6 support, etc., and correspond to the functions in the NAT gateway, the CLB, and the VPC network module.
The container network system also comprises an OVN, an OVS and an intelligent network card, and is used for providing operation basic capability; based on OVN +OVS+intelligent network card, a new generation cloud primary digital network base can be constructed; the container network system further comprises a resource manager (Custom Resource Definition, CRD); the container network system can support chips of high-level simplified instruction sets (Advanced RISC Machine, ARM), POWER (Performance Optimization With Enhanced RISC), SW64 and other instruction sets and various operating systems, and provides a solid foundation for autonomous control of the system; and also supports common container, secure container, virtual machine mainstream workload.
It should be noted that, the container network system may be applied to a bare metal server, where the bare metal server may refer to a hardware device having the characteristics of a traditional physical server, and has a virtualized service function of a cloud computing technology, which is a product of combining advantages of hardware and software. The cloud physical server can provide exclusive cloud physical servers for enterprises, and provide excellent computing performance and data security for core databases, key application systems, high-performance computing, big data and other services.
Further, the container network system may be application-centric around orchestration engine + microservice + elastic container, pushing the implementation of multi-tenant, rich-function, high-performance, scalable, easy-to-maintain, telecommunication data center-scale container network OVN commercial practice to land.
Therefore, the container network system provided by the application is based on the hot spot functions of DVR distributed gateway, VPC peer-to-peer connection, elastic straight-through network, policy routing, network multi-output/input, IPV4/IPV6 dual stack, four/seven layer load separation, classical network load, HTTP URL forwarding, HTTPS certificate encryption and the like, so that a service scene can further tend to be perfect, the granularity of containers is improved, each container is isolated from each other, a connection relation can be established based on service requirements, a cloud gateway NAT+cloud load equalizer CLB is combined, a high-speed exchange channel is established between the VPC network and the classical network, the size and the number of the isolated containers are not limited by network specifications, the flexibility of the container migration range is improved, and the management and control force to a host port is reduced.
Exemplary, based on the above description of the container network system, the application further provides a method for using the container network system, and fig. 5 is a schematic flow chart of a method for using the container network system, as shown in fig. 5, where the system includes a plurality of distributed availability areas, and each of the distributed availability areas includes: a network address translation NAT gateway, a cloud load balancer CLB and a virtual private cloud VPC network module; the NAT gateway provides a network channel for the VPC network module; the CLB is used for providing at least one network access interface for the VPC network module; the VPC network module comprises a virtual router and a plurality of subnet units, and each subnet unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment; the method comprises the following steps:
S501, accessing a customer intranet and/or the Internet based on the outbound channel, and acquiring service requirements from the customer intranet and/or the Internet based on a target Internet protocol.
S502, receiving the service demand based on the at least one network access interface, and calling a scheduling strategy to perform load balancing processing on a cloud resource instance based on the service demand; the at least one network access interface supports access to a plurality of internet protocols; and the cloud resource instance is stored in the VPC network module.
S503, managing the service demands based on the virtual network environment, managing the plurality of subnet units, managing the internal address of each subnet unit, managing the virtual router, managing Internet protocol access, controlling the VPC network module connection mode and the black-and-white list.
It should be noted that, the implementation principle and the beneficial effect of the use method of the container network system may refer to the embodiment shown in fig. 2, and are not described herein again.
Optionally, the method as described above, the method further comprises:
obtaining a processing result of the service requirement, and visually displaying the processing result; the processing result comprises: the system comprises an assigned tenant, an accessed subnet unit, an internal address corresponding to the accessed subnet unit, an accessed virtual router, an accessed internet protocol, a VPC network module with a connection relationship and an accessed VPC network module.
In the embodiment of the application, under the production drive, the container network system can be subjected to multi-round product optimization based on the processing result, so that the container network system can meet most application scenes in the aspects of functions, performances, stability and the like, and a high-performance network is built for a user, therefore, a monitoring system and an automatic visual operation and maintenance platform can be added for the container network system, and the user can monitor in real time and view the processing result of service requirements.
Therefore, the cloud network management system based on the fortune pipe platform realizes light weight, high efficiency and visual operation, maintenance and monitoring of the cloud network, and further ensures the high-efficiency and stable operation of the application on the cloud.
The foregoing is merely a specific implementation of the embodiments of the present application, but the protection scope of the embodiments of the present application is not limited thereto, and any changes or substitutions within the technical scope disclosed in the embodiments of the present application should be covered by the protection scope of the embodiments of the present application. Therefore, the protection scope of the embodiments of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. A container network system, the system comprising a plurality of distributed availability zones, each distributed availability zone comprising: a network address translation NAT gateway, a cloud load balancer CLB and a virtual private cloud VPC network module;
The NAT gateway provides a network channel for the VPC network module; the network outlet channel is used for accessing a customer intranet and/or the Internet to acquire service requirements based on a target Internet protocol; the network outlet channel supports access to various Internet protocols;
the CLB is used for providing at least one network access interface for the VPC network module, receiving the service requirement based on the at least one network access interface, and calling a scheduling strategy to perform load balancing processing on a cloud resource instance based on the service requirement; the at least one network access interface supports access to a plurality of internet protocols; the cloud resource instance is stored in the VPC network module;
the VPC network module comprises a virtual router and a plurality of subnet units, and each subnet unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment; the virtual network environment is used for realizing management of multiple tenants, management of the plurality of subnet units, management of an internal address of each subnet unit, management of the virtual router, management of internet protocol access, control of the VPC network module connection mode and black and white lists based on the service requirements.
2. The system of claim 1, wherein the NAT gateway comprises an address translation module; the address conversion module is used for realizing intercommunication with a customer intranet and/or the Internet;
the NAT gateway further includes: the system comprises a first address management module, a cluster management module, a first area management module and a virtual local area network VLAN management module; the first address management module is used for adding or deleting a customer intranet address and/or an internet address corresponding to the VPC network module; the cluster management module is used for adding or deleting clusters deployed by the NAT gateway; the first area management module is used for adding or deleting an area corresponding to the network outlet channel; and the VLAN management module is used for adding or deleting the VLAN loaded by the outbound channel.
3. The system of claim 1, wherein the CLBs are further configured to provide a plurality of scheduling policies; the plurality of scheduling strategies comprise a polling scheduling strategy, a priority scheduling strategy and a session maintaining strategy; the polling scheduling strategy is used for sequentially carrying out cloud resource instance processing according to a time sequence; the priority scheduling strategy is used for processing based on the priority order of cloud resource instances; the session maintaining strategy is used for establishing a connection relation among a plurality of cloud resource instances and sequentially processing the cloud resource instances.
4. The system of claim 1, wherein the CLB is further configured to monitor the at least one network access interface for anomalies and generate a hint message upon monitoring for anomalies.
5. The system of claim 1, wherein the CLB is further configured to control the black-and-white list of the at least one networking interface.
6. The system of claim 1, wherein the CLB comprises a hardware load module; the hardware load module is used for providing at least one network access interface for the VPC network module; the CLB further comprises: the second address management module, the second area management module and the service discovery module; the second address management module is used for adding or deleting the address of the VPC network module; the second area management module is used for adding or deleting the area corresponding to the network access interface; the service discovery module is used for discovering the newly added network access interface.
7. The system of claim 6, wherein the CLB further comprises: the system comprises a four-layer load balancing module, a seven-layer load balancing module, an inner load module and an outer load module; the four-layer load balancing module is used for uniformly distributing User Datagram Protocol (UDP) traffic to a plurality of cloud resource instances based on the address of the VPC network module and the at least one network access interface to realize network load balancing, and the seven-layer load balancing module is used for uniformly distributing the plurality of cloud resource instances to a plurality of subnet units based on a resource locator (URL) and a hypertext transfer security (HTTPS) to realize application load balancing; the internal load module is used for realizing the mutual access of the plurality of subnet units; the external load module is used for realizing the access of the customer intranet and/or the Internet to the plurality of subnet units.
8. The system of claim 1, wherein the VPC network module further comprises an elastic network card for binding with an internal address of the subnet unit to implement network interworking.
9. The system of any one of claims 1-8, wherein the system further comprises a driver; the driver is used for controlling the access and configuration of the NAT gateway, the CLB and the VPC network module.
10. A method of using a container network system, the system comprising a plurality of distributed availability zones, each distributed availability zone comprising: a network address translation NAT gateway, a cloud load balancer CLB and a virtual private cloud VPC network module; the NAT gateway provides a network channel for the VPC network module; the CLB is used for providing at least one network access interface for the VPC network module; the VPC network module comprises a virtual router and a plurality of subnet units, and each subnet unit is connected in a distributed mode through the virtual router; the VPC network module is used for constructing a virtual network environment; the method comprises the following steps:
accessing a customer intranet and/or the Internet based on the network outlet channel, and acquiring service requirements from the customer intranet and/or the Internet based on a target Internet protocol;
Receiving the service demands based on the at least one network access interface, and calling a scheduling strategy to perform load balancing processing on cloud resource instances based on the service demands; the at least one network access interface supports access to a plurality of internet protocols; the cloud resource instance is stored in the VPC network module;
and managing the service demands based on the virtual network environment, managing the plurality of subnet units, managing the internal address of each subnet unit, managing the virtual router, managing Internet protocol access, controlling the VPC network module connection mode and the black-and-white list.
11. The method according to claim 10, wherein the method further comprises:
obtaining a processing result of the service requirement, and visually displaying the processing result; the processing result comprises: the system comprises an assigned tenant, an accessed subnet unit, an internal address corresponding to the accessed subnet unit, an accessed virtual router, an accessed internet protocol, a VPC network module with a connection relationship and an accessed VPC network module.
CN202311254217.0A 2023-09-26 2023-09-26 Container network system and method of using the same Pending CN117255089A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311254217.0A CN117255089A (en) 2023-09-26 2023-09-26 Container network system and method of using the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311254217.0A CN117255089A (en) 2023-09-26 2023-09-26 Container network system and method of using the same

Publications (1)

Publication Number Publication Date
CN117255089A true CN117255089A (en) 2023-12-19

Family

ID=89132708

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311254217.0A Pending CN117255089A (en) 2023-09-26 2023-09-26 Container network system and method of using the same

Country Status (1)

Country Link
CN (1) CN117255089A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117544424A (en) * 2024-01-09 2024-02-09 万洲嘉智信息科技有限公司 Multi-protocol intelligent park management and control platform based on ubiquitous connection
CN117938552A (en) * 2024-03-25 2024-04-26 道普信息技术有限公司 VPC access control and VLAN network penetration method based on network packet filtering mechanism

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117544424A (en) * 2024-01-09 2024-02-09 万洲嘉智信息科技有限公司 Multi-protocol intelligent park management and control platform based on ubiquitous connection
CN117544424B (en) * 2024-01-09 2024-03-15 万洲嘉智信息科技有限公司 Multi-protocol intelligent park management and control platform based on ubiquitous connection
CN117938552A (en) * 2024-03-25 2024-04-26 道普信息技术有限公司 VPC access control and VLAN network penetration method based on network packet filtering mechanism

Similar Documents

Publication Publication Date Title
US11063819B2 (en) Managing use of alternative intermediate destination computing nodes for provided computer networks
CN111614605B (en) Method for configuring firewall, security management system and computer readable medium
US20210067376A1 (en) Data center networks
EP2457159B1 (en) Dynamically migrating computer networks
US20200278892A1 (en) Remote smart nic-based service acceleration
CN103930882B (en) The network architecture with middleboxes
US9800496B2 (en) Data center networks
US9864727B1 (en) Providing dynamically scaling computing load balancing
CN117255089A (en) Container network system and method of using the same
CN107637037A (en) The system and method being route for the virtual interface in global virtual network and high-grade intelligent
CN103595772A (en) Cloud data center network deployment scheme based on virtual router
US11824897B2 (en) Dynamic security scaling
US9584340B2 (en) Data center networks
Neumann et al. Community-lab: Architecture of a community networking testbed for the future internet
Lee et al. High-performance software load balancer for cloud-native architecture
CN103067531A (en) Public network Internet protocol (IP) address resource management allocation method
WO2024099200A1 (en) Cloud service access method, and platform, device and storage medium
CN115865601A (en) SDN network communication system of cross-cloud data center
CN114598698B (en) Data transmission method and device, electronic equipment and computer storage medium
CN115134141A (en) Micro-service container cluster cross-network communication system and communication method thereof
Surianarayanan et al. Cloud Networking
Sharma et al. Switchboard: A Middleware for Wide-Area Service Chaining
EP4283943A1 (en) Full mesh proxyless connectivity between networks
Malik et al. Peer-to-Peer Approach for Edge Computing Services
Figueiredo et al. Software-defined Virtual Networking Across Multiple Edge and Cloud Providers with EdgeVPN. io

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination