CN109587281A - Container configuration method and calculate node - Google Patents

Container configuration method and calculate node Download PDF

Info

Publication number
CN109587281A
CN109587281A CN201710911984.2A CN201710911984A CN109587281A CN 109587281 A CN109587281 A CN 109587281A CN 201710911984 A CN201710911984 A CN 201710911984A CN 109587281 A CN109587281 A CN 109587281A
Authority
CN
China
Prior art keywords
target
container
network
virtual machine
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710911984.2A
Other languages
Chinese (zh)
Other versions
CN109587281B (en
Inventor
李涛
胡斐然
贾应波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201710911984.2A priority Critical patent/CN109587281B/en
Publication of CN109587281A publication Critical patent/CN109587281A/en
Application granted granted Critical
Publication of CN109587281B publication Critical patent/CN109587281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application discloses a kind of container configuration method and calculate nodes, belong to network technique field.The method is applied to any calculate node in multiple calculate nodes, is equipped with virtual machine and bridge configuration module in the calculate node, which comprises virtual machine receives the container configuration-direct for configuring target container;Virtual machine generates the Internet resources request to create for carrying target network identity, and Internet resources request to create is sent to control node;When virtual machine and bridge configuration module receive the network resource information of control node transmission, the target container created in virtual machine is configured according to network resource information.Each container in the application in multiple calculate node will respectively possess individual Internet resources, thus when the container in some calculate node moves in other calculate nodes, the container can be carried out communication without changing used Internet resources, to realize the persistence and migration of Internet resources used in container.

Description

Container configuration method and calculate node
Technical field
This application involves network technique field, in particular to a kind of container configuration method and calculate node.
Background technique
Container is born along with the development that lightweight virtualizes, between underlying operating system and upper layer application, The details of underlying operating system can be shielded, to show accordant interface to application developer.Host, can after creating container It is configured with address Internet protocol (Internet Protocol, IP) etc. to the container, aft engine is completed in configuration To the container carry out using.
Currently, be managed based on IP address of the single host to container, i.e., each host can be the container that is created Configure implicit IP address.As shown in Figure 1, IP address can be the container c1 and c2 created by the host 1 of 10.10.10.1, point It Pei Zhi not implicit IP address 172.28.0.2 and 172.28.0.3.Equally, the host 2 that IP address is 10.10.10.2 can be institute The container c3 and c4 of creation, are respectively configured implicit IP address 172.28.0.2 and 172.28.0.3.
In this case, network address translation (Network can be used in the communication between the container in different hosts Address Translation, NAT) technology realization.For example, the container c1 and container c3 in host 2 in host 1 is led to When letter, container c1 can be by the data-message transmission of generation to the gateway of host 1, and the gateway of host 1 can be by the data message Source address the IP address 10.10.10.1 of host 1 is converted to by the implicit IP address 172.28.0.2 of container c1, then should Data message forwarding is to the container c3 in host 2.
Carry out indirect communication using the IP address of its host due to being when the container in different hosts is in communication with each other, namely Be the access of some container is realized indeed through the access of the host to the container, so, led when by some When container in machine is moved in other hosts, the access address of the container will be changed to other masters by the IP address of the host The IP address of machine, thus the persistence and migration of the IP address of container cannot be supported in the related technology.
Summary of the invention
This application provides a kind of container configuration method and calculate nodes, and can solve cannot support container in the related technology IP address persistence and migration the problem of.The technical solution is as follows:
In a first aspect, a kind of container configuration method is provided, applied to any calculate node in multiple calculate nodes, institute It states and virtual machine and bridge configuration module is installed in calculate node, which comprises
The virtual machine receives the container configuration-direct for configuring target container, carries mesh in the container configuration-direct Network identity is marked, the target container is carried on the virtual machine, and target network is the net that the target container needs to access Network;
The virtual machine generates the Internet resources request to create for carrying the target network identity, and the network is provided Source request to create is sent to control node, is the network money that the target container distributes the target network by the control node Source, and the corresponding network resource information of the Internet resources is sent to the virtual machine and the bridge configuration module, it is described Network resource information includes the destination address of the target container, target network type and target network transmission label;
When the virtual machine and the bridge configuration module receive the Internet resources letter that the control node is sent When breath, the target container created in the virtual machine is configured according to the network resource information.
It should be noted that container can have been created in the virtual machine;The bridge configuration module can be to the calculate node In bridge configured, the data message which can forward the container in the virtual machine to generate;Target network identity is used In unique identification target network.
In addition, can not only carry target network identity in the Internet resources request to create, the virtual machine can also be carried Address, consequently facilitating the network resource information can be accurately sent to this according to the address of the virtual machine by subsequent control node The virtual machine and the bridge configuration module in calculate node.
In embodiments of the present invention, the container in multiple calculate nodes distributes Internet resources by control node for it, It is that Internet resources used in the container in multiple calculate node are managed by control node, at this point, multiple calculating Each container in node will respectively possess individual Internet resources, thus between the every two container in multiple calculate node It can be directly in communication with each other by respective Internet resources.In the case, some in multiple calculate node calculates section When container in point is moved in other calculate nodes, which can be carried out communication without changing used Internet resources, To realize the persistence and migration of Internet resources used in container.
In addition, control node can be accessed according to each container in multiple calculate node in the embodiment of the present invention Network come for its distribute Internet resources so that in multiple calculate node access heterogeneous networks container be isolated, And the container for accessing identical network is able to direct communication, and in the case where each container respectively possesses individual Internet resources, Access identical network container between double layer intercommunication, each container medium access control (Media Access Control, MAC) address is mutually visible.
Wherein, described that the net that the control node is sent is received when the virtual machine and the bridge configuration module When network resource information, the target container created in the virtual machine is configured according to the network resource information, is wrapped It includes:
It is the target container when the virtual machine receives the network resource information that the control node is sent Configure the corresponding Internet resources of the network resource information;
When the bridge configuration module receives the network resource information that the control node is sent, by the net Network resource information is stored into bridge, the data message that the bridge is used to that the target container to be forwarded to generate.
In embodiments of the present invention, which is that target container configures the corresponding Internet resources of the network resource information, It is to be configured to the network attribute of target container, so that the Internet resources can be used to transmit datagram in target container Text, and the bridge configuration module stores the network resource information into the bridge, be to the transmission property of target container into Row configuration, so that the bridge can be forwarded according to the data message that the network resource information generates target container.
Wherein, the virtual machine is that the target container configures the corresponding Internet resources of the network resource information, comprising:
When the target network interface for being connected to the target network is not present in the virtual machine, according to the target network Network type creates the target network interface in the virtual machine;
The virtual machine is that father's interface creates sub-interface as the container of the target container using the target network interface Interface;
The address of the container joint of the target container is set the destination address by the virtual machine.
In embodiments of the present invention, target network interface is the network interface for being connected to target network, be that is to say, container can To access target network by target network interface.At this point, each network has a respective individual network interface, and identical network Container can access identical network interface, to be achieved the isolation between the container of heterogeneous networks, realize identical network Container between double layer intercommunication.
It is by mesh in addition, being that father's interface creates sub-interface as the container joint of target container using target network interface The container joint of mark network interface and target container is attached, at this point, target container is sent out by the container joint of target container The data message sent will be transferred to target network interface.
Furthermore destination address is set by the address of the container joint of target container, is to set the address of target container It is set to destination address, to be achieved the configuration to the network attribute of target container.
Wherein, the target network type is virtual LAN (Virtual Local Area Network, vlan) class Type, the target network transmission are labeled as target vlan-label;It is described according to the target network identity and the target network Type creates target network interface in the virtual machine, comprising:
The network interface for connecting vlan is created in the virtual machine;
The vlan-label that corresponding subnet is arranged in the network interface is the target vlan-label, obtains target network Interface.
In embodiments of the present invention, the network interface for connecting vlan is created in the virtual machine, is virtual at this Creation can encapsulate the network interface of vlan-label in machine for the data message from container.And the setting pair in the network interface The vlan-label for answering subnet is target vlan-label, is to set target for the vlan-label that the network interface can encapsulate Vlan-label, to obtain the target network interface for being connectable to target network.
Wherein, the target network type is virtual expansible local area network (Virtual eXtensible Local Area Network, vxlan) type, the target network transmission is labeled as target vxlan mark;The bridge configuration module will be described Network resource information is stored into bridge, comprising:
Destination address storage corresponding with the target vxlan mark is arrived the bridge by the bridge configuration module In.
It should be noted that destination address storage corresponding with target vxlan mark is arrived the bridge by the bridge configuration module In, can make the bridge according to target xlan identify, to address be destination address target container generate data message into Row forwarding, to be achieved the configuration to the transmission property of target container.
In practical application, the bridge is in the data message for receiving other calculate nodes transmission except the calculate node When, it can also need to be stored with destination address and mesh in the bridge by the data-message transmission to target container, in the case The corresponding relationship between vlan-label is marked, so that destination address can be destination address according to target xlan label by the bridge Data-message transmission into target container.Thus, which stores the network resource information into the bridge When, it can also be vlan type when target network type, when target network transmission is labeled as target vlan-label, by destination address Storage corresponding with target vlan-label is into the bridge.
Further, described that the target container created in the virtual machine is carried out according to the network resource information After configuration, further includes:
When the target container receives the first transmission instruction, the first data message of generation is held by the target The container joint of device is transferred to the target network interface;
When the target network interface receives first data message, generation carries first data message With the first encapsulated message of the target vlan-label, and first encapsulated message is transferred to the bridge;
When the bridge receives first encapsulated message, first encapsulated message is forwarded.
It should be noted that being distinguished for the ease of bridge to the data message from vlan or vxlan, target network Interface can be used target vlan-label and be packaged to the first data message, be transferred to the net to obtain the first encapsulated message Bridge.After the bridge receives the first encapsulated message, it can first judge whether carry vlan-label in the first encapsulated message, if Vlan-label is carried, then can determine the first encapsulated message from vlan, at this point, the bridge can not be to the first encapsulated message It is operated, directly the first encapsulated message is forwarded.
In addition, other calculate nodes can be to the first encapsulated message after the bridge is forwarded the first encapsulated message It is received, it specifically, can when the bridge in other calculate nodes receives the first encapsulated message of calculate node transmission With the vlan-label carried according to the first encapsulated message, the first encapsulated message is transferred to the first encapsulated message net to be sent to Network interface;When the network interface receives the first encapsulated message, the first data message can be obtained from the first encapsulated message, And according to the destination address of the first data message by the first data-message transmission to corresponding container.
Further, described that the target container created in the virtual machine is carried out according to the network resource information After configuration, further includes:
When the target container receives the second transmission instruction, the second data message of generation is held by the target The container joint of device is transferred to the target network interface;
When the target network interface receives second data message, by second data-message transmission to institute State bridge;
When the bridge receives second data message, generation carries second data message and the mesh The second encapsulated message of vxlan mark is marked, and second encapsulated message is forwarded.
It should be noted that can first judge whether the second data message is taken after the bridge receives the second data message With vlan-label, if not carrying vlan-label, the second data message can be determined from vxlan, at this point, the bridge Can source address (i.e. destination address) based on the second data message obtain target vxlan mark, and generate and carry the second number According to the second encapsulated message that message and target vxlan are identified, the second encapsulated message is forwarded.
In addition, other calculate nodes can be to the second encapsulated message after the bridge is forwarded the second encapsulated message It is received, it specifically, can when the bridge in other calculate nodes receives the second encapsulated message of calculate node transmission It to obtain the second data message from the second encapsulated message, and is identified according to the vxlan that the second encapsulated message carries, by the second number According to message transmissions to the second encapsulated message network interface to be sent to;It, can when the network interface receives the data message With according to the destination address of the data message by the data-message transmission to corresponding container.
Further, the method also includes:
When the encapsulated message that other calculate nodes except the bridge receives the calculate node are sent, if institute It states and carries vlan-label in encapsulated message, then according to the vlan-label, the encapsulated message is transferred to the encapsulated message The purpose network interface to be sent to;When the purpose network interface receives the encapsulated message, from the encapsulated message Middle acquisition data message, according to the destination address of the data message by the data-message transmission to corresponding container;
If carrying vxlan mark in the encapsulated message, data message is obtained from the encapsulated message, and according to The vxlan mark, the purpose network interface that the data-message transmission to the encapsulated message to be sent to;When the mesh Network interface when receiving the data message, the data-message transmission is arrived according to the destination address of the data message Corresponding container.
Second aspect provides a kind of calculate node, and the calculate node, which has, realizes that container is matched in above-mentioned first aspect Set the function of method behavior.The calculate node includes at least one functional module, at least one described functional module is for real Container configuration method provided by existing above-mentioned first aspect.
The third aspect provides a kind of calculate node, includes processor and memory, institute in the structure of the calculate node Memory is stated for storing the program for supporting calculate node to execute container configuration method provided by above-mentioned first aspect, Yi Jicun Storage is for realizing data involved in container configuration method described in above-mentioned first aspect.The processor is configured to for holding The program stored in the row memory.The calculate node can also include communication bus, and the communication bus is used in institute It states and establishes connection between processor and the memory.
Fourth aspect provides a kind of computer readable storage medium, is stored in the computer readable storage medium Instruction, when run on a computer, so that computer executes container configuration method described in above-mentioned first aspect.
5th aspect, provides a kind of computer program product comprising instruction, when run on a computer, so that Computer executes container configuration method described in above-mentioned first aspect.
Above-mentioned second aspect, the third aspect, fourth aspect and the 5th aspect technical effect obtained and above-mentioned first party The technical effect that corresponding technological means obtains in face is approximate, repeats no more herein.
Technical solution provided by the present application has the benefit that in any calculate node in multiple calculate nodes Network resource allocation request can be generated when receiving container configuration-direct in virtual machine, and the Network resource allocation is requested It is sent to control node.After control node receives Network resource allocation request, target container can be distributed for target container The Internet resources for the target network to be accessed, and the corresponding network resource information of the Internet resources is sent to the calculate node In the virtual machine and bridge configuration module, by the virtual machine and the bridge configuration module according to the network resource information to the void The target container created in quasi- machine is configured.The Internet resources as used in the container in multiple calculate node are by control Node processed manages, so each container in multiple calculate node will respectively possess individual Internet resources, thus this is more It can be directly in communication with each other by respective Internet resources between every two container in a calculate node.In the case, When the container in some calculate node in multiple calculate node is moved in other calculate nodes, the container is without changing institute The Internet resources used can be carried out communication, to realize the persistence and migration of Internet resources used in container.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram for container configuration mode that the relevant technologies provide;
Fig. 2A is a kind of schematic diagram of implementation environment provided in an embodiment of the present invention;
Fig. 2 B is the schematic diagram of another implementation environment provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of calculate node provided in an embodiment of the present invention;
Fig. 4 is a kind of flow chart of container configuration method provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of another calculate node provided in an embodiment of the present invention.
Specific embodiment
Implementation to keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application Mode is described in further detail.
Before to the embodiment of the present invention carrying out that explanation is explained in detail, to the present embodiments relate to application scenarios and Implementation environment is explained.
Firstly, to the present embodiments relate to application scenarios be illustrated.
The embodiment of the present invention can be applied to container configuration scene, after specifically can be applied to creation container, to container The scene that network attribute (such as IP address, MAC Address), transmission property (such as data transfer mode) etc. are configured.For example, Virtual machine can configure the container created, or can create one after the configuration-direct for receiving user's triggering A container simultaneously configures the container.
Then, to the present embodiments relate to implementation environment be illustrated.
Fig. 2A be the present embodiments relate to a kind of implementation environment schematic diagram.A referring to fig. 2, the implementation environment include: Multiple calculate nodes 21 and control node 22, each calculate node 21 in multiple calculate nodes 21 can pass through wired connection Or it is wirelessly connected and is communicated with control node 22.
Wherein, for any calculate node 21 in multiple calculate nodes 21, which can receive use When configuring the container configuration-direct of target container, Internet resources request to create is sent to control node 22;When control node 22 When receiving the Internet resources request to create of the calculate node 21 transmission, Internet resources can be distributed for target container, and should The corresponding network resource information of Internet resources is sent to the calculate node 21;It is sent out when the calculate node 21 receives control node 22 When the network resource information sent, target container can be configured according to the network resource information.
The structure of calculate node 21 is illustrated below.
B referring to fig. 2, calculate node 21 may include: virtual machine 211 and bridge configuration module 212.It can in virtual machine 211 There is container C with creation, and virtual machine 211 can receive the container configuration-direct for configuring target container, and according to the container Configuration-direct generates Internet resources request to create, which is sent to control node 22.Later, virtual machine 211 and bridge configuration module 212 can receive the network resource information of the transmission of control node 22 respectively, and according to the Internet resources Information configures the target container created in virtual machine 211.
It further, can also include bridge B and physical network card eth in calculate node 21, bridge B can will come from container The data message of C transfers calculate node 21 by physical network card eth.It correspondingly, can also include container tube in virtual machine 211 Module 2111, management plug-in unit 2112, network interface 2113 and Microsoft Loopback Adapter eth' are managed, the container C in virtual machine 211 can be by life At data message bridge B is transferred to by corresponding network interface 2113 and Microsoft Loopback Adapter eth'.
Wherein, Container Management module 2111 can receive the container configuration-direct for configuring target container, and according to this Container configuration-direct generates Internet resources request to create, which is transferred to management plug-in unit 2112.
Wherein, management plug-in unit 2112 may include application programming interface (Application Programming Interface, API) submodule and network interface control submodule.API submodule can receive the biography of Container Management module 2111 The defeated Internet resources request to create, and the Internet resources request to create is sent to control node 22, later, API submodule It can receive the network resource information of the transmission of control node 22;Network interface control submodule can be received according to API submodule The network resource information arrived configures the corresponding Internet resources of the network resource information for the target container in virtual machine 211.? It is the Internet resources initialization that management plug-in unit 2112 is used to be responsible in virtual machine 211.
Wherein, bridge configuration module 212 also can receive the network resource information of the transmission of control node 22, and by the network Resource information is stored into bridge B, so that subsequent bridges B can be according to the network resource information to the data from target container Message is forwarded.It that is to say, the Internet resources initialization that bridge configuration module 212 is used to be responsible in calculate node 21.
It should be noted that management plug-in unit 2112 can provide network accessibility for the container C in virtual machine 211, and It can directly be communicated with control node 22.In practical application, managing plug-in unit 2112 and control node 22 can be It is realized in OpenStack framework, can be the Kuryr plug-in unit in OpenStack as managed plug-in unit 2112, control node 22 can be with Including the Neutron component in OpenStack, managing plug-in unit 2112 at this time can call neutron public api to come and control Node 22 processed is communicated.
In addition, network interface 2113 can be virtual bridge, as a virtual two-layer switching equipment, network interface 2113 may be coupled to corresponding network, at this point, accessing the container of the network can be in communication with each other by network interface 2113.
The structure of control node 22 is illustrated below.
B referring to fig. 2 may include container configuration module 221 in control node 22, and container configuration module 221 can connect When receiving the Internet resources request to create that the virtual machine 211 in calculate node 21 is sent, Internet resources are distributed for target container, and The virtual machine 211 and bridge the configuration module corresponding network resource information of the Internet resources being sent respectively in calculate node 21 212。
It should be noted that container configuration module 221 can directly be led to the management plug-in unit 2112 in virtual machine 211 Letter, and when control node 22 is realized in OpenStack framework, container configuration module 221 can be in OpenStack Neutron component.
Fig. 3 is a kind of structural schematic diagram of calculate node provided in an embodiment of the present invention, which can be Fig. 2A Shown in calculate node 21.Referring to Fig. 3, which includes at least one processor 301, communication bus 302, memory 303 and at least one communication interface 304.
Processor 301 can be a general central processor (Central Processing Unit, CPU), micro process Device, application-specific integrated circuit (application-specific integrated circuit, ASIC) or one or more A integrated circuit executed for controlling application scheme program.
Communication bus 302 may include an access, and information is transmitted between said modules.
Memory 303 can be read-only memory (read-only memory, ROM) or can store static information and instruction Other types of static storage device, random access memory (random access memory, RAM) or letter can be stored The other types of dynamic memory of breath and instruction, is also possible to Electrically Erasable Programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), CD-ROM (Compact Disc Read- Only Memory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, laser disc, optical disc, digital universal Optical disc, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or store to have referring to Enable or data structure form desired program code and can by any other medium of computer access, but not limited to this. Memory 303, which can be, to be individually present, and is connected by communication bus 302 with processor 301.Memory 303 can also and be located Reason device 301 integrates.
Communication interface 304, using the device of any transceiver one kind, for other equipment or communication, such as Ethernet, wireless access network (Radio Access Network, RAN), WLAN (Wireless Local Area Networks, WLAN) etc..
In the concrete realization, as one embodiment, processor 301 may include one or more CPU, such as in Fig. 3 Shown in CPU0 and CPU1.
In the concrete realization, as one embodiment, which may include multiple processors, such as institute in Fig. 3 The processor 301 and processor 305 shown.Each of these processors can be a single core processor (single- CPU), it is also possible to a multi-core processor (multi-CPU).Here processor can refer to one or more equipment, circuit, And/or the processing core for handling data (such as computer program instructions).
In the concrete realization, as one embodiment, which can also include output equipment 306 and input equipment 307.Output equipment 306 and processor 301 communicate, and can show information in many ways.For example, output equipment 306 can be with It is liquid crystal display (liquid crystal display, LCD), Light-Emitting Diode (light emitting diode, LED) Show equipment, cathode-ray tube (cathode ray tube, CRT) shows equipment or projector (projector) etc..Input Equipment 307 and processor 301 communicate, and can receive the input of user in many ways.For example, input equipment 307 can be mouse Mark, keyboard, touch panel device or sensing equipment etc..
Above-mentioned calculate node can be a general purpose computing node either dedicated computing node.It is implementing In, which can be desktop computer, portable computer, network server, palm PC (Personal Digital Assistant, PDA), cell phone, tablet computer, wireless terminal device, communication equipment or embedded device, the present invention is real Apply the type of the unlimited devise a stratagem operator node of example.
Wherein, memory 303 is used to store the program code 310 for executing application scheme, and processor 301 is deposited for executing The program code 310 stored in reservoir 303.The calculate node can pass through the program generation in processor 301 and memory 303 The operation that calculate node executes in code 310, Lai Shixian following FIG. 4 embodiment.
Fig. 4 is a kind of flow chart of container configuration method provided in an embodiment of the present invention.Referring to fig. 4, this method comprises:
Step 401: the virtual machine in calculate node receives the container configuration-direct for configuring target container, which matches It sets in instruction and carries target network identity.
It should be noted that the calculate node can be any calculate node in multiple calculate nodes, and the calculating section Virtual machine and bridge configuration module can be installed in point.Wherein, container can have been created in the virtual machine;The bridge configures mould Block can configure the bridge in the calculate node, the datagram which can forward the container in the virtual machine to generate Text.
The target container created in the virtual machine is configured in addition, container configuration-direct is used to indicate, which matches Setting instruction can be triggered by user, or can be by the calculate node automatic trigger.When the container configuration-direct is touched by user When hair, user can be triggered by the first specified operation, and the first specified operation can be clicking operation, slide, language Sound operation etc..
Furthermore target network identity is used for unique identification target network, for example, target network identity can be target network Title etc..Wherein, target network is the network that target container needs to access, and target container is carried on the virtual machine, namely It is that before the virtual machine receives the container configuration-direct, target container can have been created in the virtual machine, at this time should Virtual machine can directly configure target container when receiving the container configuration-direct;Alternatively, being received in the virtual machine When to the container configuration-direct, target container can be not yet created in the virtual machine, the virtual machine can first create target at this time Container, then target container is configured.
Step 402: the Internet resources creation that the virtual machine generation in the calculate node carries target network identity is asked It asks, and the Internet resources request to create is sent to control node.
It should be noted that the Internet resources request to create is that target container distributes target network for requesting control node Internet resources.
It further, can be by the corresponding network resource information of the Internet resources distributed for the ease of subsequent control node The calculate node is returned to, before step 402, which can also obtain the address of the virtual machine, then in step 402 In, which can be generated the Internet resources request to create for carrying the address of target network identity and the virtual machine, and will The Internet resources request to create is sent to control node, so that subsequent control node can be according to the address of the virtual machine by the net Network resource information is accurately sent to the virtual machine and the bridge configuration module in the calculate node.
It should be noted that the address of the virtual machine may include the network address (such as IP address) of the virtual machine, MAC Address etc..
Step 403: when control node receives the Internet resources request to create of the transmission of the virtual machine in the calculate node When, it is the Internet resources that target container distributes target network according to target network identity.
It wherein, can be with when control node according to target network identity is the Internet resources that target container distributes target network The network information of target network is obtained according to target network identity, and is target container distribution according to the network information of target network The Internet resources of target network.
It should be noted that the network information of some network may include the subnet information, network type, network of the network Transmission label etc..For example, the network information of target network may include targeted subnet information, target network type and target network Network transmission label etc..
In addition, the network transmission of some network is marked for the data transmitted in the network to be marked, such as working as should When network is vlan, the network transmission label of the network can be vlan-label (i.e. vlan tag), when the network is vxlan When, the network transmission label of the network can identify (i.e. vxlan id) for vxlan.
Wherein, the corresponding relationship between network identity and the network information can be stored in advance in control node, at this point, control It, can be according to target network identity, from the net of storage when node obtains the network information of target network according to target network identity In corresponding relationship between network mark and the network information, the corresponding network information is obtained, and the acquired network information is determined For the network information of target network.
Wherein, control node distributes the Internet resources of target network according to the network information of target network for target container When, a network address can be selected from network segment indicated by the targeted subnet information that the network information of target network includes, And a MAC Address is generated, the network address and the MAC Address are determined as to the destination address of target container, by destination address It is determined as network resource information with the information in the network information of target network in addition to targeted subnet information, by the Internet resources The corresponding Internet resources of information are determined as the Internet resources of the target network distributed for target container.
Step 404: the corresponding network resource information of the Internet resources is sent respectively in the calculate node by control node The virtual machine and bridge configuration module.
It should be noted that the corresponding network resource information of the Internet resources is the relevant information of the Internet resources, and should Network resource information can be the information in destination address and the network information of target network in addition to targeted subnet information, such as should Network resource information may include destination address, target network type (for example, vlan type or vxlan type) and target Network transmission label (for example, target vlan-label or target vxlan mark) etc..
Specifically, control node can be according to the address of the virtual machine in the calculate node, by the network resource information It is sent to the virtual machine;The Microsoft Loopback Adapter mark of the virtual machine can be obtained according to the address of the virtual machine in the calculate node Know, and identify the physical network card mark for obtaining the calculate node according to the Microsoft Loopback Adapter of the virtual machine, according to the calculate node Physical network card mark, the bridge configuration module which being sent in the calculate node.
It should be noted that Microsoft Loopback Adapter mark can be used for unique identification Microsoft Loopback Adapter, as Microsoft Loopback Adapter mark can be with For the title etc. of virtual machine network interface card;Physical network card mark can be used for unique identification physical network card, as physical network card mark can be with The title etc. of physical network card.
Wherein, the corresponding relationship between virtual machine address and Microsoft Loopback Adapter mark can be stored in advance in control node, this When, it, can be with when control node is identified according to the Microsoft Loopback Adapter that the address of the virtual machine in the calculate node obtains the virtual machine It obtains and corresponds to from the corresponding relationship between the virtual machine address and Microsoft Loopback Adapter of storage mark according to the address of the virtual machine Microsoft Loopback Adapter mark, and the Microsoft Loopback Adapter that acquired Microsoft Loopback Adapter mark is determined as the virtual machine is identified.
Wherein, the corresponding relationship between Microsoft Loopback Adapter mark and physical network card mark can be stored in advance in control node, At this point, when control node identifies the physical network card mark for obtaining the calculate node according to the Microsoft Loopback Adapter of the virtual machine, Ke Yigen It is identified according to the Microsoft Loopback Adapter of the virtual machine, in the corresponding relationship between the Microsoft Loopback Adapter of storage mark and physical network card mark, Corresponding physical network card mark is obtained, and acquired physical network card mark is determined as to the physical network card mark of the calculate node Know.
Step 405: when the virtual machine in the calculate node receives control node transmission with the bridge configuration module When the network resource information, the target container created in the virtual machine is configured according to the network resource information.
It should be noted that being for target appearance according to the process that the network resource information configures target container The process of device Configuration network attribute (such as IP address, MAC Address), transmission property (such as data transfer mode) etc., configures Cheng Hou, target container the corresponding Internet resources of the network resource information can be used to carry out data message transmission.
In addition, the container in the embodiment of the present invention in multiple calculate nodes distributes Internet resources by control node for it, It that is to say, Internet resources used in the container in multiple calculate node are managed by control node, at this point, multiple meter Each container in operator node will respectively possess individual Internet resources, thus the every two container in multiple calculate node it Between can be directly in communication with each other by respective Internet resources.In the case, some calculating in multiple calculate node When container in node is moved in other calculate nodes, which can be carried out logical without Internet resources used in change Letter, to realize the persistence and migration of Internet resources used in container.
Furthermore control node can be accessed according to each container in multiple calculate node in the embodiment of the present invention Network come for its distribute Internet resources so that in multiple calculate node access heterogeneous networks container be isolated, And the container for accessing identical network is able to direct communication, and in the case where each container respectively possesses individual Internet resources, Double layer intercommunication between the container of identical network is accessed, the MAC Address of each container is mutually visible.
Specifically, it when the virtual machine receives the network resource information of control node transmission, is configured for target container The corresponding Internet resources of the network resource information;When the bridge configuration module receives the Internet resources letter of control node transmission When breath, by network resource information storage into the bridge in the calculate node.
It should be noted that before the virtual machine configures the corresponding Internet resources of the network resource information for target container, Target container can be first created in the virtual machine, and the virtual machine can match receiving the container for configuring target container Before setting instruction, just target container is created in the virtual machine, alternatively, being somebody's turn to do for control node transmission can received When network resource information, then in the virtual machine target container is created.
In addition, the virtual machine is that target container configures the corresponding Internet resources of the network resource information, it is to hold to target The network attribute of device is configured, so that target container can be used the Internet resources and carry out data message transmission, and the bridge is matched Module is set by network resource information storage into the bridge, is to be configured to the transmission property of target container, so that should Bridge can be forwarded according to the data message that the network resource information generates target container.
Wherein, when which is that target container configures the network resource information corresponding Internet resources, can first judge With the presence or absence of the target network interface for being connected to target network in the virtual machine;When there is no target network interfaces in the virtual machine When, according to target network type, target network interface is created in the virtual machine;The virtual machine is connect with target network interface for father Container joint of the mouth creation sub-interface as target container;The address of the container joint of target container is set mesh by the virtual machine Mark address.
It should be noted that target network interface is the network interface for being connected to target network, it that is to say, container can lead to Cross target network interface access target network.At this point, each network has a respective individual network interface, and the container of identical network Identical network interface can be accessed, to be achieved the isolation between the container of heterogeneous networks, realizes the appearance of identical network Double layer intercommunication between device.
It is by mesh in addition, being that father's interface creates sub-interface as the container joint of target container using target network interface The container joint of mark network interface and target container is attached, at this point, target container is sent out by the container joint of target container The data message sent will be transferred to target network interface.
Furthermore destination address is set by the address of the container joint of target container, is to set the address of target container It is set to destination address, to be achieved the configuration to the network attribute of target container.
Wherein, which can in advance set the title of network interface to the net for the network that the network interface is connected Network mark, at this point, when the virtual machine is judged in the virtual machine with the presence or absence of the target network interface for being connected to target network, it can be with Judge the network interface that whether there is entitled target network identity in the virtual machine;If there are entitled mesh in the virtual machine The network interface for marking network identity, then can determine that there are target network interfaces in the virtual machine;If do not deposited in the virtual machine In the network interface of entitled target network identity, then it can determine that there is no target network interfaces in the virtual machine.
Wherein, which when creating target network interface in the virtual machine, can work as mesh according to target network type Mark network type is vlan type, and when target network transmission is labeled as target vlan-label, creation is for connecting in the virtual machine The network interface of vlan is connect, and it is target vlan-label that the vlan-label of corresponding subnet, which is arranged, in the network interface, obtains mesh Mark network interface;When target network type is vxlan type, creates in the virtual machine and connect for connecting the network of vxlan Mouthful, and using the network interface as target network interface.
It is in the virtual machine it should be noted that creating the network interface for connecting vlan in the virtual machine Creation can encapsulate the network interface of vlan-label for the data message from container.And corresponding son is set in the network interface The vlan-label of net is target vlan-label, is to set target vlan mark for the vlan-label that the network interface can encapsulate Label, to obtain the target network interface for being connectable to target network.
In addition, being needed according to target vlan-label in the virtual machine due to when target network type is vlan type Target network interface is created, and when target network type is vxlan type, it can be directly at this without target vxlan mark Target network interface is created in virtual machine, therefore, when target network type is vlan type, it is virtual that control node is sent to this Target network transmission label can be carried in the network resource information of machine, and when target network type is vxlan type, control Node, which is sent in the network resource information of the virtual machine, can not carry target network transmission label.
Wherein, when which stores the network resource information into the bridge, target network class can be worked as Type is vxlan type, when target network transmission is labeled as target vxlan mark, destination address is corresponding with target vxlan mark It stores in the bridge.
It should be noted that destination address storage corresponding with target vxlan mark is arrived the bridge by the bridge configuration module In, can make the bridge according to target xlan identify, to address be destination address target container generate data message into Row forwarding, to be achieved the configuration to the transmission property of target container.
In practical application, the bridge is in the data message for receiving other calculate nodes transmission except the calculate node When, it can also need to be stored with destination address and mesh in the bridge by the data-message transmission to target container, in the case The corresponding relationship between vlan-label is marked, so that destination address can be destination address according to target xlan label by the bridge Data-message transmission into target container.Thus, which stores the network resource information into the bridge When, it can also be vlan type when target network type, when target network transmission is labeled as target vlan-label, by destination address Storage corresponding with target vlan-label is into the bridge.
Further, the target container created in the virtual machine is carried out according to the network resource information in step 405 After configuration, target container can be sent the data message of generation.And work as the target network that target container is accessed When network type difference, the mode that target container sends datagram is also different, is specifically divided into the progress of the following two kinds situation Explanation.
The first situation: when the network type of the target network of target container access is vlan type, target container is raw At the first data message forwarding go out the process of the calculate node and may include steps of (1)-(3).
(1) when target container receives the first transmission instruction, the first data message of generation is passed through into target container Container joint is transferred to target network interface.
It should be noted that the first transmission instruction is used to indicate and sends to the first data message of generation, and first Sending instruction can be triggered by user, or can be by the calculate node automatic trigger.When the first transmission instruction is touched by user When hair, user can be clicking operation, slide, voice behaviour by the second specified operation triggering, the second specified operation Make etc..
In addition, due to target container container joint with target network interface be father's interface, target container will generate The first data message sent by the container joint of target container after can be directly by the first data-message transmission to target network Network interface.
(2) when target network interface receives the first data message of target container transmission, generation carries the first number The bridge is transferred to according to the first encapsulated message of message and target vlan-label, and by the first encapsulated message.
It should be noted that being distinguished for the ease of the subsequent bridge to the data message from vlan or vxlan, mesh Mark network interface can be used target vlan-label and be packaged to the first data message, be transmitted with obtaining the first encapsulated message Give the bridge.
In addition, target network interface generates the first encapsulated message for carrying the first data message and target vlan-label When, target vlan-label can be used, the first data message is packaged, with the additional object vlan in the first data message Label obtains the first encapsulated message.
Furthermore when the first encapsulated message is transferred to the bridge by target network interface, the virtual of the virtual machine can be passed through First encapsulated message is transferred to the bridge by network interface card.
(3) when the bridge receives the first encapsulated message of target network interface transmission, the first encapsulated message is carried out Forwarding.
It should be noted that after the bridge receives the first encapsulated message, can first judge in the first encapsulated message whether Vlan-label is carried, if carrying vlan-label, can determine the first encapsulated message from vlan, at this point, the bridge First encapsulated message can not be operated, directly the first encapsulated message is forwarded.
In addition, when the bridge is forwarded the first encapsulated message, it can be by the physical network card of the calculate node to One encapsulated message is forwarded.
Further, after which is forwarded the first encapsulated message, other calculate nodes can be encapsulated to first Message is received, specifically, when the bridge in other calculate nodes receives the first encapsulated message of calculate node transmission When, the first encapsulated message is transferred to the first encapsulated message to be sent out by the vlan-label that can be carried according to the first encapsulated message Past network interface;When the network interface receives the first encapsulated message, the first number can be obtained from the first encapsulated message According to message, and according to the destination address of the first data message by the first data-message transmission to corresponding container.
Wherein, the vlan-label that the bridge in other calculate nodes is carried according to the first encapsulated message reports the first encapsulation When text is transferred to the first encapsulated message network interface to be sent to, the vlan-label that can be carried according to the first encapsulated message is true Determine purpose virtual machine, and the first encapsulated message is transferred to purpose virtual machine;When purpose virtual machine receives the first encapsulated message When, the first encapsulated message network interface to be sent to can be determined according to the vlan-label that the first encapsulated message carries, and will First encapsulated message is transferred to the network interface.
Wherein, it can be previously stored in the bridge in other calculate nodes corresponding between vlan-label and capsule address Relationship, at this point, when the bridge in other calculate nodes determines purpose virtual machine according to the vlan-label that the first encapsulated message carries, The capsule address of available storage corresponding with the vlan-label of the first encapsulated message carrying, and be acquired container by address Virtual machine where the container of address determines to be purpose virtual machine.
Wherein, purpose virtual machine determines that the first encapsulated message to be sent to according to the vlan-label that the first encapsulated message carries Network interface when, can will can encapsulate the vlan-label that first encapsulated message carries in purpose virtual machine for data message Network interface is determined as the first encapsulated message network interface to be sent to.
It wherein, can when the network interface in other calculate nodes obtains the first data message from the first encapsulated message To decapsulate to the first encapsulated message, to remove the vlan-label entrained by it from the first encapsulated message, first is obtained Data message.
Second situation: when the network type of the target network of target container access is vxlan type, target container is raw At the second data message forwarding go out the process of the calculate node and may include steps of (4)-(6).
(4) when target container receives the second transmission instruction, the second data message of generation is passed through into target container Container joint is transferred to target network interface.
It should be noted that the second transmission instruction is used to indicate and sends to the second data message of generation, and second Sending instruction can be triggered by user, or can be by the calculate node automatic trigger.When the second transmission instruction is touched by user When hair, user can be clicking operation, slide, voice behaviour by the specified operation triggering of third, the specified operation of third Make etc..
In addition, due to target container container joint with target network interface be father's interface, target container will generate The second data message sent by the container joint of target container after can be directly by the second data-message transmission to target network Network interface.
(5) when target network interface receives the second data message of target container transmission, the second data message is passed It is defeated to arrive the bridge.
It should be noted that target network interface by the second data-message transmission to the bridge when, can be virtual by this The Microsoft Loopback Adapter of machine is by the second data-message transmission to the bridge.
(6) when the bridge receives the second data message of target network interface transmission, generation carries the second data Second encapsulated message of message and target vxlan mark, and the second encapsulated message is forwarded.
It should be noted that can first judge whether the second data message is taken after the bridge receives the second data message With vlan-label, if not carrying vlan-label, the second data message can be determined from vxlan, at this point, the bridge Can source address (i.e. destination address) based on the second data message obtain target vxlan mark, and generate and carry the second number According to the second encapsulated message that message and target vxlan are identified, the second encapsulated message is forwarded.
In addition, due to the corresponding relationship being previously stored in the bridge between destination address and target vxlan mark, because This, after which receives the second data message, can obtain directly according to the source address (i.e. destination address) of the second data message The target vxlan of storage corresponding with the source address is taken to identify.
It, can be by the physical network card of the calculate node to furthermore when the bridge is forwarded the second encapsulated message Two encapsulated messages are forwarded.
Further, after which is forwarded the second encapsulated message, other calculate nodes can be encapsulated to second Message is received, specifically, when the bridge in other calculate nodes receives the second encapsulated message of calculate node transmission When, the second data message can be obtained from the second encapsulated message, and identify according to the vxlan that the second encapsulated message carries, it will Second data-message transmission to the second encapsulated message network interface to be sent to;When the network interface receives the data message When, it can be according to the destination address of the data message by the data-message transmission to corresponding container.
It wherein, can be to when the bridge in other calculate nodes obtains the second data message from the second encapsulated message Two encapsulated messages are decapsulated, and to remove the vxlan mark entrained by it from the second encapsulated message, obtain the second datagram Text.
Wherein, the bridge in other calculate nodes is identified according to the vxlan that the second encapsulated message carries, by the second datagram When text is transferred to the second encapsulated message network interface to be sent to, the vxlan that can be carried according to the second encapsulated message is identified Determine purpose virtual machine, and by the second data-message transmission to purpose virtual machine;When purpose virtual machine receives the second datagram Wen Shi, can determine the second data message network interface to be sent to according to the destination address of the second data message, and by Two data-message transmissions are to the network interface.
Wherein, pair that can be previously stored in the bridge in other calculate nodes between vxlan mark and capsule address It should be related to, at this point, the bridge in other calculate nodes is identified according to the vxlan that the second encapsulated message carries determines purpose virtual machine When, the capsule address of available storage corresponding with the vxlan mark of the second encapsulated message carrying, and be acquired by address Virtual machine where the container of capsule address determines to be purpose virtual machine.
Wherein, purpose virtual machine determines the second data message net to be sent to according to the destination address of the second data message It, can be by address is connected by the container of the destination address of the second data message in purpose virtual machine network interface when network interface It is determined as the second data message network interface to be sent to.
Further, the encapsulated message which can also send other calculate nodes receives, and the meter Operator node carries out received operation with above-mentioned other calculate nodes to the calculating section to the encapsulated message that other calculate nodes are sent It is similar that the first encapsulated message or the second encapsulated message that point is sent carry out received operation.
It that is to say, when the bridge in the calculate node receives the envelope of the transmission of other calculate nodes except the calculate node When filling message, if carrying vlan-label in the encapsulated message, the encapsulated message can be transferred to according to the vlan-label The encapsulated message purpose network interface to be sent to, when purpose network interface receives the encapsulated message, from the encapsulation report Data message is obtained in text, according to the destination address of the data message by the data-message transmission to corresponding container;If should Vxlan mark is carried in encapsulated message, then data message can be obtained from the encapsulated message, and identify according to the vxlan, it will The data-message transmission is to the encapsulated message purpose network interface to be sent to, when purpose network interface receives the datagram Wen Shi, according to the destination address of the data message by the data-message transmission to corresponding container.
In embodiments of the present invention, the virtual machine in any calculate node in multiple calculate nodes is matched receiving container When setting instruction, Network resource allocation request can be generated, and Network resource allocation request is sent to control node.Control section After point receives Network resource allocation request, the net of the target container target network to be accessed can be distributed for target container Network resource, and virtual machine and bridge that the corresponding network resource information of the Internet resources is sent in the calculate node are configured Module, by the virtual machine and the bridge configuration module according to the network resource information to the target container created in the virtual machine into Row configuration.The Internet resources as used in the container in multiple calculate node are managed by control node, so this is more Each container in a calculate node will respectively possess individual Internet resources, thus the every two in multiple calculate node is held It can be directly in communication with each other by respective Internet resources between device.In the case, some in multiple calculate node When container in calculate node is moved in other calculate nodes, which can be carried out without changing used Internet resources i.e. Communication, to realize the persistence and migration of Internet resources used in container.
Fig. 5 is a kind of structural schematic diagram of calculate node provided in an embodiment of the present invention, which is multiple calculating Any calculate node in node is equipped with virtual machine 501 and bridge configuration module 502 in the calculate node, the calculate node It can be calculate node shown in Fig. 3.
Referring to Fig. 5, which includes:
Virtual machine 501, for executing the step 401 in Fig. 4 embodiment;
Virtual machine 501 is also used to execute the step 402 in Fig. 4 embodiment, so that control node executes in Fig. 4 embodiment Step 403 and step 404;
Virtual machine 501 and bridge configuration module 502, for executing the step 405 in Fig. 4 embodiment.
Optionally,
Virtual machine 501, for being target container Configuration network when receiving the network resource information of control node transmission The corresponding Internet resources of resource information;
Bridge configuration module 502, for when receiving the network resource information of control node transmission, Internet resources to be believed Into bridge, bridge is used to forward the data message of target container generation for breath storage.
Optionally, virtual machine 501 are used for:
When the target network interface for being connected to target network is not present in virtual machine, according to target network type, in void Target network interface is created in quasi- machine;
It is that father's interface creates sub-interface as the container joint of target container using target network interface;
Destination address is set by the address of the container joint of target container.
Optionally, target network type is vlan type, and target network transmission is labeled as target vlan-label;Virtual machine 501, it is used for:
The network interface for connecting vlan is created in virtual machine;
The vlan-label that corresponding subnet is arranged in a network interface is target vlan-label, obtains target network interface.
Optionally, target network type is vxlan type, and target network transmission is identified labeled as target vxlan;Bridge is matched Module 502 is set, is used for:
By destination address storage corresponding with target vxlan mark into bridge.
Optionally,
Target container, for executing the step (1) in the step 405 in Fig. 4 embodiment;
Target network interface, for executing the step (2) in the step 405 in Fig. 4 embodiment;
Bridge, for executing the step (3) in the step 405 in Fig. 4 embodiment.
Optionally,
Target container, for executing the step (4) in the step 405 in Fig. 4 embodiment;
Target network interface, for executing the step (5) in the step 405 in Fig. 4 embodiment;
Bridge, for executing the step (6) in the step 405 in Fig. 4 embodiment.
In embodiments of the present invention, the virtual machine in any calculate node in multiple calculate nodes is matched receiving container When setting instruction, Network resource allocation request can be generated, and Network resource allocation request is sent to control node.Control section After point receives Network resource allocation request, the net of the target container target network to be accessed can be distributed for target container Network resource, and virtual machine and bridge that the corresponding network resource information of the Internet resources is sent in the calculate node are configured Module, by the virtual machine and the bridge configuration module according to the network resource information to the target container created in the virtual machine into Row configuration.The Internet resources as used in the container in multiple calculate node are managed by control node, so this is more Each container in a calculate node will respectively possess individual Internet resources, thus the every two in multiple calculate node is held It can be directly in communication with each other by respective Internet resources between device.In the case, some in multiple calculate node When container in calculate node is moved in other calculate nodes, which can be carried out without changing used Internet resources i.e. Communication, to realize the persistence and migration of Internet resources used in container.
It should be understood that calculate node provided by the above embodiment container configure when, only with above-mentioned each functional module Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.Separately Outside, calculate node provided by the above embodiment and container configuration method embodiment belong to same design, and specific implementation process is detailed See embodiment of the method, which is not described herein again.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its any combination real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program Product includes one or more computer instructions.It is all or part of when loading on computers and executing the computer instruction Ground is generated according to process or function described in the embodiment of the present invention.The computer can be general purpose computer, special purpose computer, Computer network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or Person is transmitted from a computer readable storage medium to another computer readable storage medium, for example, the computer instruction Can from a web-site, computer, server or data center by it is wired (such as: coaxial cable, optical fiber, data use Family line (Digital Subscriber Line, DSL)) or wireless (such as: infrared, wireless, microwave etc.) mode to another net Website, computer, server or data center are transmitted.The computer readable storage medium can be computer can Any usable medium of access either includes the data storage such as one or more usable mediums integrated server, data center Equipment.The usable medium can be magnetic medium (such as: floppy disk, hard disk, tape), optical medium (such as: digital versatile disc (Digital Versatile Disc, DVD)) or semiconductor medium (such as: solid state hard disk (Solid State Disk, SSD)) etc..
The above is embodiment provided by the present application, all in spirit herein and original not to limit the application Within then, any modification, equivalent replacement, improvement and so on be should be included within the scope of protection of this application.

Claims (15)

1. a kind of container configuration method, which is characterized in that applied to any calculate node in multiple calculate nodes, the calculating Virtual machine and bridge configuration module are installed in node, which comprises
The virtual machine receives the container configuration-direct for configuring target container, carries target network in the container configuration-direct Network mark, the target container are carried on the virtual machine, and target network is the network that the target container needs to access;
The virtual machine generates the Internet resources request to create for carrying the target network identity, and the Internet resources are created It builds request and is sent to control node, be the Internet resources that the target container distributes the target network by the control node, And the corresponding network resource information of the Internet resources is sent to the virtual machine and the bridge configuration module, the network Resource information includes the destination address of the target container, target network type and target network transmission label;
When the virtual machine and the bridge configuration module receive the network resource information that the control node is sent, The target container created in the virtual machine is configured according to the network resource information.
2. the method as described in claim 1, which is characterized in that described when the virtual machine and the bridge configuration module receive When the network resource information sent to the control node, according to the network resource information to being created in the virtual machine The target container configured, comprising:
When the virtual machine receives the network resource information that the control node is sent, configured for the target container The corresponding Internet resources of the network resource information;
When the bridge configuration module receives the network resource information that the control node is sent, the network is provided Source information is stored into bridge, the data message that the bridge is used to that the target container to be forwarded to generate.
3. method according to claim 2, which is characterized in that the virtual machine is that the target container configures the network money The corresponding Internet resources of source information, comprising:
When the target network interface for being connected to the target network is not present in the virtual machine, according to the target network class Type creates the target network interface in the virtual machine;
The virtual machine is that father's interface creates sub-interface as the container joint of the target container using the target network interface;
The address of the container joint of the target container is set the destination address by the virtual machine.
4. method as claimed in claim 3, which is characterized in that the target network type is virtual LAN vlan type, The target network transmission is labeled as target vlan-label;It is described according to the target network type, created in the virtual machine Build the target network interface, comprising:
The network interface for connecting vlan is created in the virtual machine;
The vlan-label that corresponding subnet is arranged in the network interface is the target vlan-label, obtains target network and connects Mouthful.
5. method as claimed in claim 4, which is characterized in that it is described according to the network resource information in the virtual machine After the target container of creation is configured, further includes:
When the target container receives the first transmission instruction, the first data message of generation is passed through into the target container Container joint is transferred to the target network interface;
When the target network interface receives first data message, generation carries first data message and institute The first encapsulated message of target vlan-label is stated, and first encapsulated message is transferred to the bridge;
When the bridge receives first encapsulated message, first encapsulated message is forwarded.
6. method as claimed in claim 2 or claim 3, which is characterized in that the target network type is virtual expansible local area network Vxlan type, the target network transmission are identified labeled as target vxlan;The bridge configuration module is by the Internet resources Information is stored into bridge, comprising:
The bridge configuration module is by destination address storage corresponding with the target vxlan mark into the bridge.
7. method as claimed in claim 6, which is characterized in that it is described according to the network resource information in the virtual machine After the target container of creation is configured, further includes:
When the target container receives the second transmission instruction, the second data message of generation is passed through into the target container Container joint is transferred to the target network interface;
When the target network interface receives second data message, by second data-message transmission to the net Bridge;
When the bridge receives second data message, generation carries second data message and the target Second encapsulated message of vxlan mark, and second encapsulated message is forwarded.
8. method as described in claim 5 or 7, which is characterized in that the method also includes:
When the encapsulated message that other calculate nodes except the bridge receives the calculate node are sent, if the envelope Vlan-label is carried in dress message, then according to the vlan-label, the encapsulated message is transferred to the encapsulated message and is wanted The purpose network interface being sent to;When the purpose network interface receives the encapsulated message, obtained from the encapsulated message Data message is taken, according to the destination address of the data message by the data-message transmission to corresponding container;
If carrying vxlan mark in the encapsulated message, data message is obtained from the encapsulated message, and according to described Vxlan mark, the purpose network interface that the data-message transmission to the encapsulated message to be sent to;When the purpose net When network interface is to the data message, according to the destination address of the data message by the data-message transmission to corresponding to Container.
9. a kind of calculate node, which is characterized in that the calculate node is any calculate node in multiple calculate nodes, described Virtual machine and bridge configuration module are installed, the calculate node includes: in calculate node
The virtual machine carries in the container configuration-direct for receiving the container configuration-direct for configuring target container Target network identity, the target container are carried on the virtual machine, and the target network target container needs access Network;
The virtual machine, is also used to generate and carries the Internet resources request to create of the target network identity, and by the net The request of network asset creation is sent to control node, is the net that the target container distributes the target network by the control node Network resource, and the corresponding network resource information of the Internet resources is sent to the virtual machine and the bridge configuration module, The network resource information includes the destination address of the target container, target network type and target network transmission label;
The virtual machine and the bridge configuration module, for when the Internet resources letter for receiving the control node transmission When breath, the target container created in the virtual machine is configured according to the network resource information.
10. calculate node as claimed in claim 9, which is characterized in that
The virtual machine, for holding for the target when receiving the network resource information that the control node is sent Device configures the corresponding Internet resources of the network resource information;
The bridge configuration module will be described for when receiving the network resource information that the control node is sent Network resource information is stored into bridge, the data message that the bridge is used to that the target container to be forwarded to generate.
11. calculate node as claimed in claim 10, which is characterized in that the virtual machine is used for:
When the target network interface for being connected to the target network is not present in the virtual machine, according to the target network class Type creates the target network interface in the virtual machine;
It is that father's interface creates sub-interface as the container joint of the target container using the target network interface;
The destination address is set by the address of the container joint of the target container.
12. calculate node as claimed in claim 11, which is characterized in that the target network type is virtual LAN vlan Type, the target network transmission are labeled as target vlan-label;The virtual machine, is used for:
The network interface for connecting vlan is created in the virtual machine;
The vlan-label that corresponding subnet is arranged in the network interface is the target vlan-label, obtains target network and connects Mouthful.
13. calculate node as claimed in claim 12, which is characterized in that
The target container, for when receiving the first transmission instruction, the first data message of generation to be passed through the target The container joint of container is transferred to the target network interface;
The target network interface, for when receiving first data message, generation to carry first datagram First encapsulated message of the literary and described target vlan-label, and first encapsulated message is transferred to the bridge;
The bridge, for being forwarded to first encapsulated message when receiving first encapsulated message.
14. calculate node as described in claim 10 or 11, which is characterized in that the target network type is virtual expansible Local area network vxlan type, the target network transmission are identified labeled as target vxlan;The bridge configuration module, is used for:
By destination address storage corresponding with the target vxlan mark into the bridge.
15. calculate node as claimed in claim 14, which is characterized in that
The target container, for when receiving the second transmission instruction, the second data message of generation to be passed through the target The container joint of container is transferred to the target network interface;
The target network interface, for when receiving second data message, second data-message transmission to be arrived The bridge;
The bridge, for when receiving second data message, generation carries second data message and described Second encapsulated message of target vxlan mark, and second encapsulated message is forwarded.
CN201710911984.2A 2017-09-29 2017-09-29 Container configuration method and computing node Active CN109587281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710911984.2A CN109587281B (en) 2017-09-29 2017-09-29 Container configuration method and computing node

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710911984.2A CN109587281B (en) 2017-09-29 2017-09-29 Container configuration method and computing node

Publications (2)

Publication Number Publication Date
CN109587281A true CN109587281A (en) 2019-04-05
CN109587281B CN109587281B (en) 2020-07-28

Family

ID=65919122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710911984.2A Active CN109587281B (en) 2017-09-29 2017-09-29 Container configuration method and computing node

Country Status (1)

Country Link
CN (1) CN109587281B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109819070A (en) * 2019-04-12 2019-05-28 苏州浪潮智能科技有限公司 A kind of method for network address translation
CN110601949A (en) * 2019-09-10 2019-12-20 中国人民解放军国防科技大学 Multi-virtual equipment container networking method
CN111522624A (en) * 2020-04-17 2020-08-11 成都安恒信息技术有限公司 Message forwarding performance flexible extension system based on virtualization technology and extension method thereof
CN112291094A (en) * 2020-10-30 2021-01-29 康键信息技术(深圳)有限公司 Container network management method, device, equipment and storage medium
CN113132188A (en) * 2019-12-31 2021-07-16 华为技术有限公司 Communication method and network equipment
CN113810230A (en) * 2021-09-16 2021-12-17 广州虎牙科技有限公司 Method, device and system for carrying out network configuration on containers in container cluster
CN114172802A (en) * 2021-12-01 2022-03-11 百果园技术(新加坡)有限公司 Container network configuration method and device, computing node, main node and storage medium
CN114244717A (en) * 2022-02-28 2022-03-25 苏州浪潮智能科技有限公司 Configuration method and device of virtual network card resources, computer equipment and medium
WO2022063170A1 (en) * 2020-09-25 2022-03-31 华为云计算技术有限公司 Public cloud network configuration method, and related device
CN114615109A (en) * 2020-11-23 2022-06-10 北京达佳互联信息技术有限公司 Container network creating method and device, electronic equipment and storage medium
CN114629844A (en) * 2022-02-28 2022-06-14 浙江大华技术股份有限公司 Message forwarding method and device and electronic equipment
CN115426259A (en) * 2022-08-29 2022-12-02 浪潮电子信息产业股份有限公司 Network access control method, device, equipment and storage medium
CN115834410A (en) * 2022-12-28 2023-03-21 安天科技集团股份有限公司 Method and device for replacing Linux virtual machine of network shooting range with container

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105630607A (en) * 2015-12-23 2016-06-01 联想(北京)有限公司 Resource pool management method, container creation method and electronic equipment
US20160182315A1 (en) * 2014-12-22 2016-06-23 Rovio Entertainment Ltd. Container manager
CN105812222A (en) * 2016-03-10 2016-07-27 汉柏科技有限公司 Multi-tenant virtual network and realization method based on virtual machine and container
CN105893133A (en) * 2016-03-31 2016-08-24 乐视控股(北京)有限公司 Application service seamless migration method and system based on container technology
CN106487850A (en) * 2015-08-29 2017-03-08 华为技术有限公司 The methods, devices and systems of mirror image are obtained under a kind of cloud environment
CN106603592A (en) * 2015-10-15 2017-04-26 中国电信股份有限公司 Application cluster migrating method and migrating device based on service model
CN106844000A (en) * 2016-12-21 2017-06-13 北京大学 Using the method and apparatus of browser access linux container cluster under a kind of multi-user environment
JP2017167822A (en) * 2016-03-16 2017-09-21 Kddi株式会社 Network service evaluation system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160182315A1 (en) * 2014-12-22 2016-06-23 Rovio Entertainment Ltd. Container manager
CN106487850A (en) * 2015-08-29 2017-03-08 华为技术有限公司 The methods, devices and systems of mirror image are obtained under a kind of cloud environment
CN106603592A (en) * 2015-10-15 2017-04-26 中国电信股份有限公司 Application cluster migrating method and migrating device based on service model
CN105630607A (en) * 2015-12-23 2016-06-01 联想(北京)有限公司 Resource pool management method, container creation method and electronic equipment
CN105812222A (en) * 2016-03-10 2016-07-27 汉柏科技有限公司 Multi-tenant virtual network and realization method based on virtual machine and container
JP2017167822A (en) * 2016-03-16 2017-09-21 Kddi株式会社 Network service evaluation system
CN105893133A (en) * 2016-03-31 2016-08-24 乐视控股(北京)有限公司 Application service seamless migration method and system based on container technology
CN106844000A (en) * 2016-12-21 2017-06-13 北京大学 Using the method and apparatus of browser access linux container cluster under a kind of multi-user environment

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109819070A (en) * 2019-04-12 2019-05-28 苏州浪潮智能科技有限公司 A kind of method for network address translation
CN110601949A (en) * 2019-09-10 2019-12-20 中国人民解放军国防科技大学 Multi-virtual equipment container networking method
CN110601949B (en) * 2019-09-10 2021-05-04 中国人民解放军国防科技大学 Multi-virtual equipment container networking method
CN113132188B (en) * 2019-12-31 2023-12-19 华为技术有限公司 Communication method and network equipment
CN113132188A (en) * 2019-12-31 2021-07-16 华为技术有限公司 Communication method and network equipment
CN111522624A (en) * 2020-04-17 2020-08-11 成都安恒信息技术有限公司 Message forwarding performance flexible extension system based on virtualization technology and extension method thereof
CN111522624B (en) * 2020-04-17 2023-10-20 成都安恒信息技术有限公司 Message forwarding performance elastic expansion system and expansion method based on virtualization technology
WO2022063170A1 (en) * 2020-09-25 2022-03-31 华为云计算技术有限公司 Public cloud network configuration method, and related device
CN114338606B (en) * 2020-09-25 2023-07-18 华为云计算技术有限公司 Public cloud network configuration method and related equipment
CN114338606A (en) * 2020-09-25 2022-04-12 华为云计算技术有限公司 Network configuration method of public cloud and related equipment
CN112291094A (en) * 2020-10-30 2021-01-29 康键信息技术(深圳)有限公司 Container network management method, device, equipment and storage medium
CN112291094B (en) * 2020-10-30 2022-07-15 康键信息技术(深圳)有限公司 Container network management method, device, equipment and storage medium
CN114615109B (en) * 2020-11-23 2024-03-01 北京达佳互联信息技术有限公司 Container network creation method, device, electronic equipment and storage medium
CN114615109A (en) * 2020-11-23 2022-06-10 北京达佳互联信息技术有限公司 Container network creating method and device, electronic equipment and storage medium
CN113810230A (en) * 2021-09-16 2021-12-17 广州虎牙科技有限公司 Method, device and system for carrying out network configuration on containers in container cluster
CN113810230B (en) * 2021-09-16 2024-06-25 广州虎牙科技有限公司 Method, device and system for carrying out network configuration on containers in container cluster
WO2023098645A1 (en) * 2021-12-01 2023-06-08 百果园技术(新加坡)有限公司 Container network configuration method and apparatus, computing node, master node, and storage medium
CN114172802A (en) * 2021-12-01 2022-03-11 百果园技术(新加坡)有限公司 Container network configuration method and device, computing node, main node and storage medium
CN114172802B (en) * 2021-12-01 2024-04-26 百果园技术(新加坡)有限公司 Container network configuration method, device, computing node, master node and storage medium
CN114629844A (en) * 2022-02-28 2022-06-14 浙江大华技术股份有限公司 Message forwarding method and device and electronic equipment
CN114244717A (en) * 2022-02-28 2022-03-25 苏州浪潮智能科技有限公司 Configuration method and device of virtual network card resources, computer equipment and medium
CN114629844B (en) * 2022-02-28 2024-04-05 浙江大华技术股份有限公司 Message forwarding method and device and electronic equipment
CN115426259A (en) * 2022-08-29 2022-12-02 浪潮电子信息产业股份有限公司 Network access control method, device, equipment and storage medium
CN115834410A (en) * 2022-12-28 2023-03-21 安天科技集团股份有限公司 Method and device for replacing Linux virtual machine of network shooting range with container
CN115834410B (en) * 2022-12-28 2024-08-02 安天科技集团股份有限公司 Method and device for replacing Linux virtual machine of network target range with container

Also Published As

Publication number Publication date
CN109587281B (en) 2020-07-28

Similar Documents

Publication Publication Date Title
CN109587281A (en) Container configuration method and calculate node
US10666609B2 (en) Management of domain name systems in a large-scale processing environment
CN111542064B (en) Container arrangement management system and arrangement method for wireless access network
WO2018024059A1 (en) Method and device for service deployment in virtualized network
WO2018027586A1 (en) Method, device and system for virtual machine to access physical server in cloud computing system
CN107580083A (en) A kind of method and system of container IP address distribution
RU2595540C9 (en) Chassis controllers for converting universal flows
WO2017113231A1 (en) Packet transmission method, device and system
US9934057B2 (en) Shadow VNICs for the control and observability of IO virtual functions
WO2017148249A1 (en) Resource configuration method and network device thereof
JP6424823B2 (en) INFORMATION PROCESSING APPARATUS AND SYSTEM DESIGN SUPPORT METHOD
CN104221331B (en) The 2nd without look-up table layer packet switch for Ethernet switch
CN111416723B (en) Equipment management method and related equipment
CN108139935A (en) The extension of the resource constraint of service definition container
CN107959582A (en) A kind of management method and device of example of cutting into slices
US10382258B2 (en) Viral system discovery and installation for distributed networks
WO2023035830A1 (en) Using remote pod in kubernetes
WO2019057055A1 (en) Task processing method and apparatus, electronic device, and storage medium
CN108255614A (en) A kind of interface calling system and method based on micro services framework
CN112398688A (en) Container network configuration method, container network system, and storage medium
CN103685608A (en) Method and device for automatically configuring IP (Internet Protocol) address of security virtual machine
WO2020211652A1 (en) Tenant resource management method and device in multi-tenant scenario
WO2022028092A1 (en) Vnf instantiation method and apparatus
CN109995552A (en) VNF service instantiation method and device
CN108512782A (en) Accesses control list is grouped method of adjustment, the network equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220221

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technologies Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right