CN109617995B - Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment - Google Patents
Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment Download PDFInfo
- Publication number
- CN109617995B CN109617995B CN201811653800.8A CN201811653800A CN109617995B CN 109617995 B CN109617995 B CN 109617995B CN 201811653800 A CN201811653800 A CN 201811653800A CN 109617995 B CN109617995 B CN 109617995B
- Authority
- CN
- China
- Prior art keywords
- access request
- management
- server
- network
- management object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/565—Conversion or adaptation of application format or content
Abstract
The application provides a management system, a method and electronic equipment for a tenant cluster VPC internal container, wherein the system comprises: a management object, a management terminal and a network device; the management object runs on a first server cluster of a cloud service tenant; the management terminal runs on a second server cluster of the cloud service provider; the management terminal sends an access request to the management object through the network equipment so as to manage the management object; and the network equipment encapsulates the access request of the management terminal and sends the encapsulated access request to the management object. According to the method, the management terminal corresponding to the cloud service tenant is deployed on the second server cluster of the cloud service provider, so that when the management terminal is used for managing the corresponding management object, the management terminal does not need to log in the management terminal in a mode of accessing the VPC of the tenant, the operation process of encryption and decryption is avoided, the operation flow is simplified, the complexity of operation and maintenance management is effectively reduced, and the labor and time costs are reduced.
Description
Technical Field
The application relates to the technical field of cloud computing, in particular to a system and a method for managing a container inside a tenant cluster VPC and electronic equipment.
Background
Container technology virtualization has become a widely recognized way of sharing server resources. The container technology can provide great flexibility for a system administrator in the process of constructing the container technology operating system instance according to needs.
Wherein, the tenant can apply for the required container cluster by using the container platform. For example, when a container platform based on Google kubernets applies for a container cluster, the default is services of Etcd, Kube-ApiServer, Kube-schedule, and Kube-Controller-Manager that need to create a tenant cluster node, and these services are all deployed at "management terminals" corresponding to the cloud service tenant cluster a and the cloud service tenant cluster B shown in fig. 1.
If the cloud service tenant cluster has problems, logging in a management terminal of each cloud service tenant for operation; since the management terminal of each cloud service tenant is deployed in a respective virtual Private cloud VPC (virtual Private cloud), when accessing the management terminal, the control terminal in the management cluster of the cloud service provider needs to access the corresponding VPC through an encryption and decryption process, which is cumbersome to operate. Along with the increase of the number of tenants and the number of tenant clusters, the complexity of tenant management is gradually increased, and the labor cost and the time cost are increased.
Disclosure of Invention
In view of this, an object of the present application is to provide a system and a method for managing a VPC internal container of a tenant cluster, and an electronic device, so as to simplify an operation process of tenant access, thereby effectively reducing complexity of later-stage operation and maintenance management, and reducing labor cost and time cost.
In a first aspect, an embodiment of the present application provides a management system for a VPC internal container of a tenant cluster, including: a management object, a management terminal and a network device; the management object runs on a first server cluster of a cloud service tenant, and the first server cluster is built in a Virtual Private Cloud (VPC) network environment; the management terminal runs on a second server cluster of a cloud service provider, and the network environment of the second server cluster is isolated from the network environment of the first server cluster; the management terminal sends an access request to the management object through the network equipment so as to manage the management object; the network device is respectively in communication connection with the management terminal and the management object, and is used for encapsulating the access request of the management terminal and sending the encapsulated access request to the management object.
With reference to the first aspect, an embodiment of the present application provides a first possible implementation manner of the first aspect, where the first server cluster includes at least one server; at least one pod is running on the server; at least one vessel is operating in the pod; the management object is a container running in the pod of the first server cluster.
With reference to the first aspect, an embodiment of the present application provides a second possible implementation manner of the first aspect, where the second server cluster includes at least one server; at least one pod is running on the server; at least one vessel is operating in the pod; and the management terminal operates in a container of the second server cluster.
With reference to the first or second possible implementation manner of the first aspect, an embodiment of the present application provides a third possible implementation manner of the first aspect, where the server is a virtual machine or a physical machine.
With reference to the third possible implementation manner of the first aspect, an embodiment of the present application provides a fourth possible implementation manner of the first aspect, where the access request is used to access a management object inside a VPC of a target tenant; the access request comprises a source address and a destination address; the source address is the container IP address where the management terminal is located, and the destination address is the container IP address of the management object.
With reference to the fourth possible implementation manner of the first aspect, an embodiment of the present application provides a fifth possible implementation manner of the first aspect, where the network device includes a network bridge, a network component, and a network card, where the network bridge operates on a server where the management terminal is located; the network bridge is configured to forward the access request to the network component; and after receiving the access request, the network component calls a preset packaging module to package the access request and sends the packaged access request to the network card.
With reference to the fifth possible implementation manner of the first aspect, an embodiment of the present application provides a sixth possible implementation manner of the first aspect, where the network device further includes: the network card comprises a gateway running in the VPC network environment and a switch in communication connection with the network card and the gateway respectively; the network card is used for sending the encapsulated access request to the switch; the switch sends the encapsulated access request to the gateway; the gateway sends the encapsulated access request to a server where a management object is located; and the server sends the access request to the management object.
With reference to the fifth possible implementation manner of the first aspect, an embodiment of the present application provides a seventh possible implementation manner of the first aspect, where the encapsulation module includes: a VNI encapsulation unit, configured to perform VNI encapsulation on the access request to obtain a first encapsulated packet; a UDP encapsulation unit, configured to perform UDP encapsulation on the first encapsulated packet to obtain a second encapsulated packet; the IP encapsulation unit is used for carrying out IP encapsulation on the second encapsulation message to obtain a third encapsulation message; and the Ethernet encapsulating unit is used for carrying out Ethernet encapsulation on the third encapsulated message to obtain a fourth encapsulated message.
With reference to the seventh possible implementation manner of the first aspect, an embodiment of the present application provides an eighth possible implementation manner of the first aspect, where the VNI packaging unit is further configured to: acquiring a VNI corresponding to a destination address from Neutron based on the destination address in the access request; the VNI is a VXLAN network identifier of a VPC where a tenant is located; and adding a VXLAN header message header to the message header of the access request, wherein the VXLAN header message header comprises the VNI.
With reference to the seventh possible implementation manner of the first aspect, an embodiment of the present application provides a ninth possible implementation manner of the first aspect, wherein the UDP encapsulation unit is further configured to: acquiring DestPort corresponding to the destination address from Neutron based on the destination address in the access request; the DestPort is a UDP port number of a server where the management object is located; adding an Outer UDP header message header to the message header of the first encapsulated message; wherein, the Outer UDP header message header includes the DestPort.
With reference to the eighth possible implementation manner of the first aspect, an embodiment of the present application provides a tenth possible implementation manner of the first aspect, where the IP encapsulating unit is further configured to: acquiring an IP DA from Neutron based on the destination address in the access request; the IP DA is the IP address of the server where the management object is located; and adding an Outer IP header message header to the message header of the second encapsulation message, wherein the Outer IP header message header comprises the IP DA.
With reference to the eighth possible implementation manner of the first aspect, an embodiment of the present application provides an eleventh possible implementation manner of the first aspect, wherein the Ethernet encapsulating unit is further configured to: acquiring the MAC DA from Neutron based on the destination address in the access request; the MAC DA is an MAC address of a server where a management object is located; and adding an Outer Ethernet header message header to the message header of the third encapsulation message, wherein the Outer Ethernet header message header comprises the MAC DA.
In a second aspect, an embodiment of the present application further provides a method for managing a tenant VPC internal container, where the method is applied to a network component, and the method includes: after receiving the access request, the network component performs four-layer packaging on the access request and sends the packaged access request to a network card; wherein the four-layer encapsulation of the access request includes: VNI packaging is carried out on the access request to obtain a first packaging message; performing UDP encapsulation on the first encapsulated message to obtain a second encapsulated message; performing IP encapsulation on the second encapsulation message to obtain a third encapsulation message; and performing Ethernet encapsulation on the third encapsulated message to obtain a fourth encapsulated message.
With reference to the second aspect, an embodiment of the present application provides a first possible implementation manner of the second aspect, where the performing VNI encapsulation on the access request to obtain a first encapsulated packet includes: acquiring a VNI corresponding to a destination address from Neutron based on the destination address in the access request; the VNI is a VXLAN network identifier of a VPC where a tenant is located; and adding a VXLAN header message header to the message header of the access request, wherein the VXLAN header message header comprises the VNI.
With reference to the second aspect, an embodiment of the present application provides a second possible implementation manner of the second aspect, where performing UDP encapsulation on the first encapsulated packet to obtain a second encapsulated packet includes: acquiring DestPort corresponding to the destination address from Neutron based on the destination address in the access request; the DestPort is a UDP port number of a server where the management object is located; adding an Outer UDP header message header to the message header of the first encapsulated message; wherein, the Outer UDP header message header includes the DestPort.
With reference to the second aspect, an embodiment of the present application provides a third possible implementation manner of the second aspect, where the performing IP encapsulation on the second encapsulated packet to obtain a third encapsulated packet includes: acquiring an IP DA from Neutron based on the destination address in the access request; the IP DA is the IP address of the server where the management object is located; and adding an Outer IP header message header to the message header of the second encapsulation message, wherein the Outer IP header message header comprises the IP DA.
With reference to the second aspect, an embodiment of the present application provides a fourth possible implementation manner of the second aspect, where the performing Ethernet encapsulation on the third encapsulated packet to obtain a fourth encapsulated packet includes: acquiring the MAC DA from Neutron based on the destination address in the access request; the MAC DA is an MAC address of a server where a management object is located; and adding an Outer Ethernet header message header to the message header of the third encapsulation message, wherein the Outer Ethernet header message header comprises the MAC DA.
In a third aspect, embodiments of the present application further provide a computer-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the method of the first aspect and any possible implementation thereof.
In a fourth aspect, an embodiment of the present application further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor executes the computer program to implement the method according to the first aspect and any possible implementation manner thereof.
The embodiment of the application brings the following beneficial effects:
the embodiment of the application provides a management system for a VPC (virtual private container) internal container of a tenant cluster, which comprises: a management object, a management terminal and a network device; the management object runs on a first server cluster of a cloud service tenant, and the first server cluster is built in a Virtual Private Cloud (VPC) network environment; the management terminal runs on a second server cluster of the cloud service provider, and the network environment of the second server cluster is isolated from the network environment of the first server cluster; the management terminal sends an access request to the management object through the network equipment so as to manage the management object; the network equipment is respectively in communication connection with the management terminal and the management object, and is used for packaging the access request of the management terminal and sending the packaged access request to the management object. According to the method, the management terminal corresponding to the cloud service tenant is deployed on the second server cluster of the cloud service provider, so that when the management terminal manages the management object, the management terminal does not need to log in the management terminal in a mode of accessing the VPC of the cloud service tenant, the operation process of encryption and decryption is avoided, the operation flow is simplified, the complexity of later-stage operation and maintenance management is effectively reduced, and the labor cost and the time cost are reduced.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and drawings.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the detailed description of the present application or the technical solutions in the prior art, the drawings needed to be used in the detailed description of the present application or the prior art description will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of a network model of a container platform system in the prior art;
fig. 2 is a schematic structural diagram of a management system for a VPC internal container of a tenant cluster according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of another management system for a VPC internal container of a tenant cluster according to an embodiment of the present application;
fig. 4 is a schematic diagram of an encapsulated access request packet according to an embodiment of the present application;
fig. 5 is a flowchart illustrating an access request encapsulation process according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
A network model of a currently adopted container platform system is shown in fig. 1, and includes: a cloud service provider's management cluster and a cloud service tenant cluster. The management cluster comprises a cluster management terminal and a control terminal, wherein the cluster management terminal is connected with the control terminal through corresponding network equipment (such as an exchanger) and used for managing the control terminal. The cloud service tenant cluster is deployed in a VPC corresponding to a tenant, and a management terminal of services such as Etcd, Kube-ApiServer, Kube-Scheduler, Kube-Controller-Manager and the like is deployed in each cloud service tenant cluster to perform access control on resource nodes applied by the tenant in the tenant cluster.
Because the management terminal is arranged in the VPC of the cloud service tenants, in order to ensure the network security of the tenants, when a system administrator performs operation management on a certain tenant, the management terminal of each cloud service tenant can be logged in and accessed through corresponding network equipment by performing a corresponding encryption and decryption program through the control terminal. Thus, as the number of tenants increases, the number of tenant clusters increases, the complexity of access flow and operation management gradually increases, and the labor cost and the time cost also increase.
Based on this, according to the management system, method and electronic device for the VPC internal container of the tenant cluster, provided by the embodiment of the present application, the management terminal corresponding to the cloud service tenant is deployed on the second server cluster of the cloud service provider, so that when the management terminal manages the management object, the management terminal does not need to log in the management terminal by accessing the VPC of the cloud service tenant, the operation process of encryption and decryption is avoided, the operation flow is simplified, the complexity of the later-stage operation and maintenance management is effectively reduced, and the labor cost and the time cost are reduced.
For the convenience of understanding of the present embodiment, a detailed description is first given of a management system for a tenant cluster VPC internal container disclosed in the embodiment of the present application.
Referring to fig. 2, a schematic structural diagram of a management system for a container inside a tenant cluster VPC according to an embodiment of the present application is shown. The management system for the inner container of the tenant cluster VPC comprises the following steps: management object, management terminal and network equipment.
The management object runs on a first server cluster of a cloud service tenant, the first server cluster is built in a virtual private cloud VPC network environment, and the management object can be but is not limited to a development program. The management terminal runs on a second server cluster of the cloud service provider, and the network environment of the second server cluster is isolated from the network environment of the first server cluster. That is, the network environment of the first server cluster and the network environment of the first server cluster are disconnected from each other, so that the two-layer communication cannot be directly performed, and data exchange needs to be performed through a non-routable protocol.
The management terminal sends an access request to the management object through the network device to manage the management object. For example, the management may include adding, modifying, deleting, and acquiring a log of the management object.
The network device is respectively in communication connection with the management terminal and the management object, and is used for encapsulating the access request of the management terminal and sending the encapsulated access request to the management object.
In the embodiment of the application, the management terminal corresponding to the cloud service tenant is deployed on the second server cluster of the cloud service provider, so that when the management terminal manages the management object, the management terminal does not need to log in the management terminal in a mode of accessing the VPC of the cloud service tenant, the operation process of encryption and decryption is avoided, the operation flow is simplified, the complexity of later-stage operation and maintenance management is effectively reduced, and the labor cost and the time cost are reduced.
In a possible embodiment, referring to fig. 3, the first cluster of servers comprises at least one server; at least one pod is running on the server; at least one vessel is operating in the pod; the management object is a container running in the pod of the first server cluster. The second server cluster comprises at least one server; at least one pod is running on the server; at least one vessel is operating in the pod; the management terminal runs in a container of the second server cluster. It should be noted that the server may be a virtual machine or a physical machine. Therefore, the management object and the management terminal are deployed in a container mode, so that the management object and the management terminal are easy to transplant, convenient to manage and capable of effectively reducing system overhead.
It should be noted that the Pod and server structures in fig. 3 are only exemplified by the server a1 or the server B1 and the corresponding Pod1, and are not particularly limited, and the other pods may have the same structure and each include a plurality of containers; the structure in each of the other servers may be the same and each includes a plurality of Pod.
In addition, because the VPCs of the respective cloud service tenants are isolated from each other, the VPC of each cloud service tenant needs to separately allocate a server (virtual machine or physical machine); at this time, in order to implement multipoint management to prevent a problem that a cloud service tenant cannot normally use a VPC due to a server failure, a plurality of servers are generally separately allocated in the VPC of each cloud service tenant to deploy a plurality of management terminals. Therefore, when the tenant quantity gradually increases, the resource demand quantity gradually increases, and the resource utilization rate is low, which causes resource waste.
In this embodiment, the management terminals are deployed on the second server cluster of the cloud service provider in the form of containers, so that in order to achieve multipoint management and improve resource utilization, the management terminals of different tenants may be deployed in the same server. Therefore, through the multiple groups of ordered deployment and multi-point management, the reliability of the system is guaranteed while the resource utilization rate is improved.
For example, assuming that the cloud service tenant comprises a tenant a and a tenant B, three management terminals are allocated to each tenant, and the management terminals corresponding to the tenant a are a terminal a1, a terminal a2 and a terminal a3 respectively; the management terminals corresponding to tenant B are terminal B1, terminal B2 and terminal B3 respectively; the management terminals corresponding to the tenant a and the tenant B are divided into three groups, each group includes the management terminals of the tenant a and the tenant B, for example, the three groups are respectively: one group, terminal a1 and terminal b 1; two sets, terminal a2 and terminal b 2; three groups, terminal a3 and terminal b 3. In order to realize multipoint management, each group of management terminals is deployed on the same virtual machine, so that the six management terminals are stored by using three virtual machines.
Therefore, when each tenant needs to allocate n management terminals, in the prior art, n servers need to be added for each tenant; when the number of the tenants is m, the number of the required servers is m × n; in this embodiment, the number of servers is determined according to the maximum number of containers that can be deployed, and when the maximum number of servers is sufficient (that is, when one server can deploy m containers), only n servers are needed, so that this embodiment can effectively improve the resource utilization rate while ensuring the reliability of the system.
Since the network environment of the second server cluster is isolated from the network environment of the first server cluster, in order to implement communication between the management object deployed in the first server cluster of the VPC network environment and the management terminal deployed on the second server cluster, in a possible embodiment, the first server cluster further includes an access node connected to the management terminal, and the management object may access the management terminal through the access node. For example, an access node Ingress is deployed in the first server cluster, and the Ingress may provide an access portal outside the cluster to access the cluster, so as to implement access of the management object to the management terminal.
On the other hand, in the communication direction from the management terminal to the management object, since the network environment in which the management object is located is the VPC network and belongs to the internal private network, the access of the management terminal to the management object is limited, and the external network (other than the VPC) cannot directly access the management object inside the VPC. Based on the method, the network equipment encapsulates the access request of the management terminal, and sends the encapsulated access request to the management object, so that the management terminal can access the management object. The access request is used for accessing a management object inside a target tenant VPC; the access request includes a source address and a destination address; the source address is a container IP (Internet Protocol, Protocol for interconnection between networks) address where the management terminal is located, and the destination address is a container IP address of a management object.
The access request may further include an identification of the cloud service tenant, which may be represented by a name or a code. For example, if a manager of the system needs to access a certain management object of the cloud service tenant, the access request may be sent through an interactive interface of the management terminal, and the access request is sent to the corresponding management terminal according to the identifier of the cloud service tenant.
In a possible embodiment, referring to fig. 3, the network device includes a network bridge, a network component, and a network card running on a server where the management terminal is located; the network bridge is used for forwarding the access request to the network component; and after receiving the access request, the network component calls a preset packaging module to package the access request, sends the packaged access request to the network card, and forwards the access request from the server through the network card.
The encapsulation module may include, but is not limited to, the following units:
(1) and the VNI packaging unit is used for performing VNI packaging on the access request to obtain a first packaged message.
It should be noted that, in the network service component Neutron of the system in the embodiment of the present application, a correspondence between an IP address of a management object and VNI, DestPort, IP DA, and MAC DA is recorded. Wherein, vni (VXLAN Network identifier) is a VXLAN (Virtual Extensible LAN) Network identifier of the VPC where the tenant is located; wherein, the DestPort is a UDP (User Datagram Protocol) port number of a server where the management object is located; the IP DA is an IP address of a server where the management object is located. The MAC (Media Access Control) DA is a MAC address of a server where a management object is located.
Therefore, the VNI packaging unit described above is further configured to: acquiring a VNI corresponding to the destination address from Neutron based on the destination address in the access request; wherein, the method comprises the following steps; and adding a VXLAN header message header to the message header of the access request, wherein the VXLAN header message header comprises the VNI. The different VPCs belong to different VXLANs, thereby achieving network isolation of the different VPCs.
In a specific implementation, in order to ensure the integrity of data, referring to fig. 4, the VXLAN header includes the following fields:
VXLAN Flags: flag bit, 16 bits (i.e., the size of the occupied storage space);
group ID: tenant group ID, 16 bits. When the first bit of the VXLAN Flags field takes 1, the value of this field is the Group ID. When 0 is taken, the value of the field is all 0;
VNI: VXLAN network identification to distinguish VXLAN segments, consisting of 24 bits, supporting up to 16M tenants. One tenant can have one or more VNIs, and tenants of different VNIs cannot directly perform two-layer mutual communication, so that network isolation is realized;
reserved: reserved unused, consisting of 8 bits, set to 0.
(2) And the UDP encapsulation unit is used for carrying out UDP encapsulation on the first encapsulated message to obtain a second encapsulated message.
The UDP encapsulation unit is specifically used for acquiring DestPort corresponding to the destination address from Neutron based on the destination address in the access request; adding an Outer UDP header message header to the message header of the first encapsulation message; wherein, the Outer UDP header message header includes the DestPort.
In a specific implementation, in order to ensure the integrity of data, referring to fig. 4, an Outer UDP header packet header specifically includes the following fields:
DestPort: a destination UDP port number set to 4789 (changeable); the UDP port number of the server where the management object is located;
source Port: the source UDP port number is a value calculated by a Hash algorithm according to the inner layer Ethernet message header; i.e. the UDP port number of the server where the management terminal is located.
(3) And the IP encapsulation unit is used for carrying out IP encapsulation on the second encapsulation message to obtain a third encapsulation message.
The IP encapsulation unit is specifically used for acquiring an IP DA from Neutron based on the destination address in the access request; and adding an Outer IP header message header to the message header of the second encapsulation message, wherein the Outer IP header message header comprises the IP DA.
In a specific implementation, in order to ensure the integrity of data, referring to fig. 4, an Outer IP header packet header specifically includes the following fields:
IP SA: a source IP address, the IP address of a VXLAN tunnel source VTEP; the IP address of the server where the management terminal is located;
IP DA: the destination IP address, i.e. the IP address of the VTEP at the destination of the VXLAN tunnel, is the IP address of the server where the management object is located.
(4) An Ethernet encapsulation unit, configured to perform Ethernet encapsulation on the third encapsulation packet to obtain a fourth encapsulation packet.
The Ethernet encapsulating unit is specifically used for acquiring MAC DA from Neutron based on the destination address in the access request; and adding an Outer Ethernet header message header to the message header of the third encapsulated message, wherein the Outer Ethernet header message header comprises the MAC DA.
In a specific implementation, in order to ensure the integrity of data, referring to fig. 4, the header of the out Ethernet header specifically includes the following fields;
MAC DA: the destination MAC address is the MAC address of the next hop equipment on the path reaching the destination VTEP (Vxlan Tunnel End Point, Vxlan Tunnel edge node), namely the MAC address of the server where the management object is positioned;
MAC SA: a source MAC address, which is the MAC address of a source VTEP of a sending message; the MAC address of the server where the management terminal is located;
802.1Q Tag: optional fields, wherein the fields are VLAN tags carried in the message;
ethernet Type: the type of the Ethernet message, the value of the field in the IP protocol message is 0x 0800.
In addition, in a specific implementation, the original header of the access request may include, but is not limited to, an Inner ethernet header, an Inner IP header, and key information Payload (i.e., the access request when it is not encapsulated). The inner IP header is used for storing the container IP address where the management terminal is located and the container IP address of the management object.
The VNI encapsulation unit, the UDP encapsulation unit, the IP encapsulation unit, and the Ethernet encapsulation unit are not limited to the above-mentioned steps.
After the encapsulation of the access request is completed, in order to implement access to the VPC network, the network device further includes: the virtual private cloud VPC network system comprises a gateway running in a virtual private cloud VPC network environment and a switch in communication connection with a network card and the gateway respectively. The network card is used for sending the encapsulated access request to the switch; the switch sends the encapsulated access request to a gateway; the gateway sends the encapsulated access request to a server where the management object is located; the server sends the access request to the management object.
For example, the gateway parses the header of the encapsulated access request, acquires the IP address of the server where the management object of the target tenant is located, and sends the access request to the corresponding server.
In a possible embodiment, a decapsulation module is disposed in the server where the management object is located, and the decapsulation module decapsulates the encapsulated access request according to a corresponding rule, so as to obtain an IP address of the management object. And then, according to the IP address of the management object, sending the access request to a target management object.
In the same VPC, because the IP address of the management object is unique, the server in which the management object is located can directly access the corresponding management object in the VPC in which the management object is located through the IP address, and therefore the management terminal can access the management object in the VPC of the tenant.
In the embodiment of the method, an access request transmitted from a management terminal of a second server cluster to the interior of a VPC of a tenant of the cloud service is encapsulated through a preset encapsulation module, wherein an encapsulated message header comprises an IP address of a server where the management terminal is located, after the server receives the access request, decapsulation is performed to obtain key information of the access request, and the key information is forwarded to a corresponding management object in the interior of the VPC of the tenant, so that access of the management terminal to the management object in the VPC private network of the tenant is realized.
In order to facilitate understanding of the above embodiments, an implementation example is also provided in the embodiments of the present application. Assuming that the management terminal a in the server a1 in the second server cluster accesses the request container log in the management object B in the server B1 in the first server cluster, the specific process may be described as follows:
the management terminal a in the server a1 generates an access request for accessing the container log. Wherein the access request includes an IP address (an internal network source address) of the management terminal a: 10.100.1.2, IP address of management object (intranet destination address): 10.100.2.2.
the first access request is sent to a bridge (for example, docker) in the network component, and the bridge sends the first access request to the network component, and the network component invokes a preset encapsulation module to obtain information, such as VNI, DestPort, IP DA, and MAC DA, corresponding to the IP address of the management object b from Neutron, and encapsulates the access request. It is assumed that the acquired IP address (source address of the external network) of the server where the management terminal a is located is: 172.20.33.110, the IP address (foreign network destination address) of the server where the management object b is located is 172.16.1.2.
The network component sends the encapsulated access request to the gateway through the switch, the gateway analyzes the message header of the encapsulated access request, determines the server corresponding to the external network destination address 172.16.1.2 as a server B1, and sends the encapsulated access request to a server B1.
The server B1 continues to analyze the encapsulated access request, determines the management object corresponding to the intranet destination address 10.100.2.2 as the management object B, and transmits the access request to the management object B.
In summary, communication is realized by encapsulating the packet from the network environment where the second server cluster is located and the network environment of the VPC of the tenant. When the management terminal in the second server cluster accesses the management object in the VPC of the tenant, the specific encapsulation module is used to add the export message of the second server cluster, which is the IP address of the server where the internal management object of the VPC of the tenant is located. When the export message reaches the server where the internal management object of the VPC of the tenant is located, a specific decapsulation module of the server splits the export message, analyzes the message, and forwards the message to the management object to be accessed inside the VPC of the tenant, so that the management terminal in the second server cluster accesses the management object in the VPC of the tenant.
The embodiment of the application also provides a method for managing the inner container of the tenant VPC, which is applied to a network component and comprises the following steps: after receiving the access request, the network component performs four-layer packaging on the access request and sends the packaged access request to the network card; referring to fig. 5, the four-layer encapsulation of the access request includes the following steps:
step S501, VNI packaging is carried out on the access request to obtain a first packaging message;
step S502, UDP encapsulation is carried out on the first encapsulation message to obtain a second encapsulation message;
step S503, performing IP encapsulation on the second encapsulation message to obtain a third encapsulation message;
step S504, the Ethernet encapsulation is carried out to the third encapsulation message, and a fourth encapsulation message is obtained.
Optionally, the step S501 includes: acquiring a VNI corresponding to the destination address from Neutron based on the destination address in the access request; the VNI is a VXLAN network identifier of a VPC where a tenant is located; and adding a VXLAN header message header to the message header of the access request, wherein the VXLAN header message header comprises the VNI.
Optionally, step S502 includes: acquiring DestPort corresponding to the destination address from Neutron based on the destination address in the access request; the DestPort is a UDP port number of a server where the management object is located; adding an Outer UDP header message header to the message header of the first encapsulation message; wherein, the Outer UDP header message header includes the DestPort.
Optionally, the step S503 includes: acquiring an IP DA from Neutron based on the destination address in the access request; wherein, the IP DA is the IP address of the server where the management object is located; adding an Outer IP header message header to the message header of the second encapsulation message, wherein the Outer IP header message header comprises the IP DA;
optionally, the step S504 includes: acquiring the MAC DA from Neutron based on the destination address in the access request; wherein, the MAC DA is the MAC address of the server where the management object is located; and adding an Outer Ethernet header message header to the message header of the third encapsulated message, wherein the Outer Ethernet header message header includes the MAC DA.
Referring to fig. 6, an embodiment of the present application further provides an electronic device 100, including: a processor 40, a memory 41, a bus 42 and a communication interface 43, wherein the processor 40, the communication interface 43 and the memory 41 are connected through the bus 42; the processor 40 is arranged to execute executable modules, such as computer programs, stored in the memory 41.
The Memory 41 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 43 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
The bus 42 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 6, but that does not indicate only one bus or one type of bus.
The memory 41 is used for storing a program, and the processor 40 executes the program after receiving an execution instruction, and the method executed by the apparatus defined by the flow process disclosed in any of the foregoing embodiments of the present application may be applied to the processor 40, or implemented by the processor 40.
The processor 40 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 40. The Processor 40 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory 41, and the processor 40 reads the information in the memory 41 and completes the steps of the method in combination with the hardware thereof.
The management method for the tenant VPC internal container provided by the embodiment of the application has the same technical characteristics as the management system for the tenant VPC internal container provided by the embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
The computer program product for performing the method for managing the tenant VPC internal container provided in the embodiment of the present application includes a computer-readable storage medium storing a processor-executable nonvolatile program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, and is not described herein again.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the method and the electronic device described above may refer to the corresponding processes in the foregoing system embodiments, and are not described herein again.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the description of the present application, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present application. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Unless specifically stated otherwise, the relative steps, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the exemplary embodiments of the present application, and are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. A management system for VPC inner containers of tenant clusters is characterized by comprising: a management object, a management terminal and a network device;
the management object runs on a first server cluster of a cloud service tenant, and the first server cluster is built in a Virtual Private Cloud (VPC) network environment;
the management terminal runs on a second server cluster of a cloud service provider, and the network environment of the second server cluster is isolated from the network environment of the first server cluster; the management terminals are divided into a plurality of groups, each group comprises the management terminals corresponding to the cloud service tenants, and the management terminals are deployed on the server according to the groups to which the management terminals belong;
the management terminal sends an access request to the management object through the network equipment so as to manage the management object;
the network device is respectively in communication connection with the management terminal and the management object, and is used for encapsulating the access request of the management terminal and sending the encapsulated access request to the management object.
2. The system of claim 1,
the first server cluster comprises at least one server;
at least one pod is running on the server; at least one vessel is operating in the pod;
the management object is a container running in the pod of the first server cluster.
3. The system of claim 1,
the second server cluster comprises at least one server;
at least one pod is running on the server; at least one vessel is operating in the pod;
and the management terminal operates in a container of the second server cluster.
4. The system of claim 2 or 3,
the server is a virtual machine or a physical machine.
5. The system of claim 4, wherein the access request is for accessing a management object inside a target tenant VPC; the access request comprises a source address and a destination address; the source address is the container IP address where the management terminal is located, and the destination address is the container IP address of the management object.
6. The system according to claim 5, wherein the network device comprises a network bridge, a network component and a network card running on a server where the management terminal is located;
the network bridge is configured to forward the access request to the network component;
and after receiving the access request, the network component calls a preset packaging module to package the access request and sends the packaged access request to the network card.
7. The system of claim 6, wherein the network device further comprises: the network card comprises a gateway running in the VPC network environment and a switch in communication connection with the network card and the gateway respectively;
the network card is used for sending the encapsulated access request to the switch;
the switch sends the encapsulated access request to the gateway;
the gateway sends the encapsulated access request to a server where a management object is located;
and the server sends the access request to the management object.
8. The system of claim 6, wherein the encapsulation module comprises:
a VNI encapsulation unit, configured to perform VNI encapsulation on the access request to obtain a first encapsulated packet;
a UDP encapsulation unit, configured to perform UDP encapsulation on the first encapsulated packet to obtain a second encapsulated packet;
the IP encapsulation unit is used for carrying out IP encapsulation on the second encapsulation message to obtain a third encapsulation message;
and the Ethernet encapsulating unit is used for carrying out Ethernet encapsulation on the third encapsulated message to obtain a fourth encapsulated message.
9. The system of claim 8, wherein the VNI encapsulation unit is further configured to:
acquiring a VNI corresponding to a destination address from Neutron based on the destination address in the access request; the VNI is a VXLAN network identifier of a VPC where a tenant is located;
and adding a VXLAN header message header to the message header of the access request, wherein the VXLAN header message header comprises the VNI.
10. The system of claim 8, wherein the UDP encapsulation unit is further configured to:
acquiring DestPort corresponding to the destination address from Neutron based on the destination address in the access request; the DestPort is a UDP port number of a server where the management object is located;
adding an Outer UDP header message header to the message header of the first encapsulated message; wherein, the Outer UDP header message header includes the DestPort.
11. The system of claim 8, wherein the IP encapsulation unit is further configured to:
acquiring a destination IP address from Neutron based on the destination address in the access request; the target IP address is the IP address of the server where the management object is located;
and adding an Outer IP header message header to the message header of the second encapsulated message, wherein the Outer IP header message header comprises the destination IP address.
12. The system of claim 8, wherein the Ethernet encapsulation unit is further configured to:
acquiring a destination MAC address from Neutron based on the destination address in the access request; the target MAC address is the MAC address of the server where the management object is located;
and adding an Outer Ethernet header message header to the message header of the third encapsulated message, wherein the Outer Ethernet header message header includes the destination MAC address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811653800.8A CN109617995B (en) | 2018-12-29 | 2018-12-29 | Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811653800.8A CN109617995B (en) | 2018-12-29 | 2018-12-29 | Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109617995A CN109617995A (en) | 2019-04-12 |
| CN109617995B true CN109617995B (en) | 2022-02-25 |
Family
ID=66016071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811653800.8A Active CN109617995B (en) | 2018-12-29 | 2018-12-29 | Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109617995B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112291288B (en) * | 2019-07-24 | 2022-10-04 | 北京金山云网络技术有限公司 | Container cluster expansion method and device, electronic equipment and readable storage medium |
| CN112953884B (en) * | 2019-12-10 | 2023-03-24 | 阿里巴巴集团控股有限公司 | Method and device for establishing access channel |
| CN111193653B (en) * | 2019-12-31 | 2021-08-06 | 腾讯科技(深圳)有限公司 | Data transmission method, device, equipment and storage medium |
| CN112491984B (en) * | 2020-11-13 | 2022-08-12 | 上海连尚网络科技有限公司 | Container editing engine cluster management system based on virtual network bridge |
| CN113852669B (en) * | 2021-09-03 | 2024-01-12 | 紫光云(南京)数字技术有限公司 | Efficient container cluster deployment method suitable for various network environments |
| CN113947391B (en) * | 2021-12-20 | 2022-04-08 | 深圳市明源云采购科技有限公司 | Web-based adoption and enrollment system management method, device, equipment and storage medium |
| CN114389886B (en) * | 2022-01-14 | 2024-03-08 | 平安科技(深圳)有限公司 | Access method, device, equipment and storage medium of virtual private cloud service |
| CN114640556A (en) * | 2022-03-02 | 2022-06-17 | 京东科技信息技术有限公司 | Cross-cluster network communication system and method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376303A (en) * | 2015-10-23 | 2016-03-02 | 深圳前海达闼云端智能科技有限公司 | Docker implementation system and communication method thereof |
| CN106559511A (en) * | 2016-10-18 | 2017-04-05 | 上海优刻得信息科技有限公司 | Cloud system, high in the clouds public service system and the exchanging visit method for cloud system |
| CN107864131A (en) * | 2017-11-03 | 2018-03-30 | 郑州云海信息技术有限公司 | A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations |
| CN108108223A (en) * | 2017-11-30 | 2018-06-01 | 国网浙江省电力公司信息通信分公司 | Container Management platform based on Kubernetes |
| CN108920251A (en) * | 2018-06-08 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of management system and method for container |
| CN109032806A (en) * | 2018-07-30 | 2018-12-18 | 华为技术有限公司 | The service scheduling method and device of container |
| CN109067827A (en) * | 2018-06-22 | 2018-12-21 | 杭州才云科技有限公司 | Based on Kubernetes and OpenStack container cloud platform multi-tenant construction method, medium, equipment |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9106576B2 (en) * | 2012-01-13 | 2015-08-11 | Nec Laboratories America, Inc. | Policy-aware based method for deployment of enterprise virtual tenant networks |
| US10659349B2 (en) * | 2016-02-04 | 2020-05-19 | Twilio Inc. | Systems and methods for providing secure network exchanged for a multitenant virtual private cloud |
| US10482108B2 (en) * | 2016-02-26 | 2019-11-19 | Red Hat, Inc. | Container clustering in a container-based architecture |
| CN106899478B (en) * | 2017-03-23 | 2023-09-01 | 国网浙江省电力公司 | Method for realizing resource elastic expansion of power test service through cloud platform |
| EP3616093A1 (en) * | 2017-04-27 | 2020-03-04 | Citrix Systems Inc. | Methods for enhancing a legacy single tenant application system to a multi-tenant application system with minimal changes |
| CN108462752B (en) * | 2018-03-26 | 2022-02-22 | 深信服科技股份有限公司 | Method and system for accessing shared network, VPC management equipment and readable storage medium |
-
2018
- 2018-12-29 CN CN201811653800.8A patent/CN109617995B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376303A (en) * | 2015-10-23 | 2016-03-02 | 深圳前海达闼云端智能科技有限公司 | Docker implementation system and communication method thereof |
| CN106559511A (en) * | 2016-10-18 | 2017-04-05 | 上海优刻得信息科技有限公司 | Cloud system, high in the clouds public service system and the exchanging visit method for cloud system |
| CN107864131A (en) * | 2017-11-03 | 2018-03-30 | 郑州云海信息技术有限公司 | A kind of method and system for realizing Kubernetes cluster multi-tenant Network Isolations |
| CN108108223A (en) * | 2017-11-30 | 2018-06-01 | 国网浙江省电力公司信息通信分公司 | Container Management platform based on Kubernetes |
| CN108920251A (en) * | 2018-06-08 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of management system and method for container |
| CN109067827A (en) * | 2018-06-22 | 2018-12-21 | 杭州才云科技有限公司 | Based on Kubernetes and OpenStack container cloud platform multi-tenant construction method, medium, equipment |
| CN109032806A (en) * | 2018-07-30 | 2018-12-18 | 华为技术有限公司 | The service scheduling method and device of container |
Non-Patent Citations (2)
| Title |
|---|
| "Kubernetes跨集群管理的设计与实现";周佳威;《中国优秀硕士学位论文全文数据库 信息科技辑》;20180131;全文 * |
| "Two-Tier Multi-tenancy Scaling and Load Balancing";Wei-Tek Tsai,Xin Sun,Qihong Shao;《2010 IEEE 7th International Conference on E-Business Engineering》;20110128;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109617995A (en) | 2019-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109617995B (en) | Management system and method for VPC (virtual private network) internal container of tenant cluster and electronic equipment | |
| US11050586B2 (en) | Inter-cloud communication method and related device, and inter-cloud communication configuration method and related device | |
| CN108259291B (en) | VXLAN message processing method, device and system | |
| US10778532B2 (en) | Overlay network movement operations | |
| US11621869B2 (en) | Enabling access to dedicated resources in a virtual network using top of rack switches | |
| US10063470B2 (en) | Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof | |
| US10708125B1 (en) | Gateway configuration using a network manager | |
| CN112702252A (en) | Message processing method, system and related equipment | |
| CN106603550B (en) | A kind of Network Isolation method and device | |
| CN105991387A (en) | Message transformation method and device of virtual extensible local area network (VXLAN) | |
| CN106921578B (en) | Method and device for generating forwarding table item | |
| CN109995639B (en) | Data transmission method, device, switch and storage medium | |
| CN106878136B (en) | Message forwarding method and device | |
| CN107948077B (en) | Method and device for forwarding data message | |
| CN109412922B (en) | Method, forwarding device, controller and system for transmitting message | |
| CN110311860B (en) | Multilink load balancing method and device under VXLAN | |
| CN113132202B (en) | Message transmission method and related equipment | |
| JP2019521619A (en) | Packet forwarding | |
| US20220029917A1 (en) | Executing workloads across multiple cloud service providers | |
| CN106992918B (en) | Message forwarding method and device | |
| CN111294268B (en) | Method and device for avoiding IP address conflict | |
| CN111404797B (en) | Control method, SDN controller, SDN access point, SDN gateway and CE | |
| CN109379239B (en) | Method and device for configuring access switch in OpenStack environment | |
| CN107896188A (en) | Data forwarding method and device | |
| CN111130978B (en) | Network traffic forwarding method and device, electronic equipment and machine-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |