CN111541651A - Communication method and device - Google Patents

Communication method and device Download PDF

Info

Publication number
CN111541651A
CN111541651A CN202010247514.2A CN202010247514A CN111541651A CN 111541651 A CN111541651 A CN 111541651A CN 202010247514 A CN202010247514 A CN 202010247514A CN 111541651 A CN111541651 A CN 111541651A
Authority
CN
China
Prior art keywords
server
information
address
forwarding
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010247514.2A
Other languages
Chinese (zh)
Other versions
CN111541651B (en
Inventor
付志华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN202010247514.2A priority Critical patent/CN111541651B/en
Publication of CN111541651A publication Critical patent/CN111541651A/en
Application granted granted Critical
Publication of CN111541651B publication Critical patent/CN111541651B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Abstract

The application provides a communication method and a device, wherein the method is applied to a first server configured with a first Flannel network, the first Flannel network has a first VXLAN identifier, and the method comprises the following steps: receiving an adding event notification sent by the etcd database, wherein the adding event notification comprises a second VXLAN identifier which a second Flannel network configured by a second server has; judging whether the second VXLAN identification is the same as the first VXLAN identification; if not, discarding the addition event notification; and if the communication information is the same as the service information, locally storing the corresponding communication information for forwarding the service message to the second server.

Description

Communication method and device
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication method and apparatus.
Background
In recent years, with the continuous development of cloud computing technology, container (container) technology has become more and more popular. docker is an open source container engine that can easily create a lightweight, portable, self-sufficient container for any application. A container that a developer compiles test passes on a notebook may be deployed in a production environment in bulk, including Virtual Machines (VMs), Bare metal (Bare metal), OpenStack clusters, and other underlying application platforms.
In a cloud computing environment, a large number of dockers are often deployed. And communication problems are inevitably involved between docker and docker. There are currently many mechanisms by which communication between dockers can be achieved. The method comprises communication among different dockers of the same host machine and communication among the dockers of different host machines. Most of the mechanisms are implemented by using a bridge (bridge) included in a docker host to realize communication between dockers.
As shown in fig. 1, fig. 1 is a schematic diagram of an internal structure of a host in the prior art. A Linux bridge is created within the host, with a default of docker 0. A veth interface group is created, with one part in docker connector and the other part in docker 0. The docker0 is "bound" with a certain port of the sink host, so that network devices outside the sink host can send the service packet to the inside of the docker. However, the above communication method is implemented on a three-layer network, which affects the transmission efficiency of the network.
The Flannel network is a currently popular container network solution developed by Core OS. The Flannel network allocates a subnet (subnet) to each host (host), and allocates an IP address to the docker included in the host from the subnet. In order to share information among the hosts, the Flannel network uses an etcd database (a key-value distributed database similar to the consul) to store information such as network configuration, allocated subnet, and IP address of the host. The Flannel network offers a variety of backends, the most common being VXLAN and Host-gw. And forwarding the data packet between the host is realized through the backhaul. Fig. 2 shows a specific process, and fig. 2 is a schematic diagram of implementing host communication in a Flannel network in the prior art.
As shown in FIG. 2, host1 and host2 are two Linux hosts. The physical network card addresses are 192.168.56.104 and 192.168.56.105, respectively. The interface on each host network card is enp0s 8. And deploying the distributed consistent database program etcd on the third host, wherein the physical network card address of the distributed consistent database program etcd is 192.168.56.101. Flannel networks are deployed on host1 and host2, and the etcd server is designated as 192.168.56.101. The Flannel network automatically generates a logical network card (Flannel.1) in host, and allocates subnet from the network segment specified by the Flannel network configuration file. The Flannel network sets the.0 address corresponding to subnet to the Flannel.1 network card, and configures the.1 address corresponding to the IP network segment to the docker0 network bridge. For example, if the segment specified by the Flannel network profile is 10.2.0.0/16, then when host1 starts the Flannel network, the Flannel network allocates subnet as 10.2.40.0/24 (it is understood that all dockers on the subsequent host1 allocate IP addresses from this address pool). Similarly, host2 assigns a subnet of 10.2.17.0/24. One docker connector, e.g., bbox1, bbox2, is activated in host1, host2, respectively. If bbox1 assigns an IP address of 10.2.40.2, bbox2 assigns an IP address of 10.2.17.2. bbox1, bbox2 each create a veth interface to connect to a respective docker 0.
Thus, the Flannel network is already open. bbox1, bbox2 are located in different hosts and belong to different network segments. The bbox1 and the bbox2 can be intercommunicated through a Flannel network. For example, the communication process between bbox1 and bbox2 is: the bbox1 sends out an ethernet message, which includes a source IP of 10.2.40.2 and a destination IP of 10.2.17.2. The ethernet message reaches docker0 in bbox 1. Since the flannel.1 in docker0 and bbox1 has configured the gateway address corresponding to the source IP, the ethernet packet arrives at flannel.1. After the Ethernet message reaches Flannel.1, the Flannel network queries a Flannel database according to the destination IP, and acquires that the IP of the host where the network segment corresponding to the destination IP is located is 192.168.56.105, and the IP of the next hop gateway of the destination IP is 10.2.17.0 and the MAC address corresponding to the gateway. host1 encapsulates the Ethernet message according to the found MAC address. Wherein the target MAC is the MAC of Flannel.1 of host 2; the destination IP is IP address 10.2.17.2 of bbox 2. The encapsulated ethernet packet is sent to sink 2. And (3) after the encapsulated Ethernet message reaches the host2, the encapsulation is removed, the Ethernet message reaches Flannel.1 in the host2, and the Ethernet message is sent to the corresponding bbox2 according to the destination IP.
As can be seen from the above process, the Flannel network enables cross-host communication between dockers. However, it also presents a major problem, with no isolation between dockers. That is, the dockers of the entire network are in a large network, and the default network can be intercommunicated. For example, docker1, docker2, docker3 and docker4 belong to the same tenant; docker5, docker6 belong to another tenant, and in many cases, users do not want interworking between dockers of different tenants. If the docker access between different tenants is to be prohibited, a complex firewall or routing policy needs to be configured.
Disclosure of Invention
In view of this, the present application provides a communication method and apparatus, which implement multiple VXLAN instances in a Flannel network based on an existing Flannel network, thereby implementing isolation between dockers of different tenants.
In a first aspect, the present application provides a communication method applied to a first server configured with a first Flannel network having a first VXLAN identifier, the method including:
receiving an adding event notification sent by the etcd database, wherein the adding event notification comprises a second VXLAN identifier which is configured by a second Flannel network of a second server;
judging whether the second VXLAN identification is the same as the first VXLAN identification;
if not, discarding the addition event notification;
and if the communication information is the same as the service information, locally storing the corresponding communication information for forwarding the service message to the second server.
With reference to the first aspect, in a first possible implementation manner, before receiving an add event notification sent by an etcd database, the method further includes:
sending address attribute information to the etcd database, the address attribute information including the subnet address of the first Flannel network, the IP address of the first server, and the first VXLAN identification, such that the etcd database sends an add event notification to the server that has configured the Flannel network.
With reference to the first aspect, in a second possible implementation manner, the added event notification further includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway accessed by the second server;
the communication information for forwarding the service message to the second server includes routing information;
if the two communication messages are the same, locally storing corresponding communication information for forwarding the service message to the second server, specifically comprising:
and if the two messages are the same, locally storing corresponding routing information for forwarding the service message to the second server, wherein the routing information comprises the subnet address of the second Flannel network, the IP address of the second server and the IP and MAC addresses of a gateway accessed by the second server.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the communication information for forwarding the service packet to the second server further includes ARP information;
if the two ARP information are the same, locally storing the corresponding ARP information for forwarding the service message to the second server, specifically comprising:
if the two are the same, locally storing corresponding ARP information for forwarding the service message to the second server, wherein the ARP information comprises the IP and MAC address of the gateway accessed by the second server.
With reference to the second possible implementation manner of the first aspect, in a fourth possible implementation manner, the communication information for forwarding the service packet to the second server further includes FDB information;
if the FDB information is the same as the FDB information, locally storing the corresponding FDB information for forwarding the service packet to the second server, specifically including:
and if the two are the same, locally storing corresponding FDB information for forwarding the service message to the second server, wherein the FDB information comprises the MAC address of the gateway accessed by the second server and a next hop-out interface which is a VXLAN tunnel interface.
In a second aspect, the present application provides a communication device for use with a first server having a first Flannel network configured, the first Flannel network having a first VXLAN identifier, the device comprising:
a receiving unit, configured to receive an addition event notification sent by the etcd database, where the addition event notification includes a second VXLAN identifier that a second Flannel network configured by the second server has;
the judging unit is used for judging whether the second VXLAN identification is the same as the first VXLAN identification;
a discarding unit, configured to discard the addition event notification if the two are different;
and the storage unit is used for locally storing the corresponding communication information for forwarding the service message to the second server if the communication information is the same as the communication information.
With reference to the second aspect, in a first possible implementation manner, the apparatus further includes:
a sending unit, configured to send address attribute information to the etcd database, where the address attribute information includes a subnet address of the first Flannel network, an IP address of the first server, and the first VXLAN identifier, so that the etcd database sends an addition event notification to the server configured with the Flannel network.
With reference to the second aspect, in a second possible implementation manner, the addition event notification further includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway accessed by the second server;
the communication information for forwarding the service message to the second server includes routing information;
the storage unit is specifically configured to, if the two addresses are the same, locally store corresponding routing information for forwarding the service packet to the second server, where the routing information includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway to which the second server is accessed.
With reference to the second possible implementation manner of the second aspect, in a third possible implementation manner, the communication information for forwarding the service packet to the second server further includes ARP information;
the storage unit is specifically configured to, if the two addresses are the same, locally store corresponding ARP information used for forwarding the service packet to the second server, where the ARP information includes an IP address and an MAC address of a gateway to which the second server is accessed.
With reference to the second possible implementation manner of the second aspect, in a fourth possible implementation manner, the communication information for forwarding the service packet to the second server further includes FDB information;
the storage unit is specifically configured to, if the two FDB information are the same, locally store corresponding FDB information for forwarding the service packet to the second server, where the FDB information includes an MAC address of a gateway accessed by the second server and a next hop-out interface is a VXLAN tunnel interface.
In a third aspect, the present application provides a network device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to perform the method provided by the first aspect of the present application.
Therefore, by applying the communication method and apparatus provided in the present application, after the first server configured with the first Flannel network receives the addition event notification sent by the etcd database, the addition event notification includes the second VXLAN identifier that the second Flannel network configured with the second server has. The first server determines whether the second VXLAN identification is the same as the first VXLAN identification that the first Flannel network has. If not, the first server discards the addition event notification; and if the communication information is the same as the service information, locally storing the corresponding communication information for forwarding the service message to the second server. The problem that complex firewalls or routing strategies need to be configured when docker access between different tenants is forbidden in the prior art is solved. The method and the device realize multiple VXLAN instances in the Flannel network based on the existing Flannel network, thereby realizing isolation among dockers of different tenants.
Drawings
FIG. 1 is a schematic diagram of an internal structure of a host in the prior art;
FIG. 2 is a schematic diagram of a Flannel network implementing host communication in the prior art;
FIG. 3 is a diagram illustrating a data center networking in the prior art;
fig. 4 is a flowchart of a communication method according to an embodiment of the present application;
fig. 5 is a schematic diagram of another data center networking provided in the embodiment of the present application;
fig. 6 is a structural diagram of a communication device according to an embodiment of the present application;
fig. 7 is a hardware structure diagram of a network device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the corresponding listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the prior art, the Flannel networks configured in each host establish overlay networks capable of communicating with each other among dockers among the hosts. IP addresses of the plurality of dockers can be different network segments, the Flannel network allocates independent subnet network segments for each host, the subnet network segments allocated to each host are connected, and the subnet network segments can be mutually routed. In essence, the Flannel network forms a large intercommunicating network with the docker0 container networks independent from each other in each host, so as to realize cross-host communication of dockers. As shown in fig. 3, fig. 3 is a schematic diagram of a data center networking in the prior art.
Currently, data centers are mainly networked, and the lowest layer is infrastructure, such as a server (server). The server accesses the TOR layer of the switch network, i.e. the leaf node (leaf) device in the middle layer, and the spine node (spine) is the aggregation device. And starting a plurality of dockers in the server to run the application program. Thus, the dockers can intercommunicate through the Flannel network.
In the prior art, the etcd for storing information such as network configuration, allocated subnet, host IP address, etc. is a distributed key-value pair storage database for reliably and quickly storing key data and providing access. Reliable distributed collaboration is achieved through distributed locks, leader elections, and write barriers (write barriers). The Etcd database is prepared for high availability, persistent data storage and retrieval.
The name "etcd" comes from the unix "/etc" folder and the distributed system "d" istended. The "/etc" folder is where a single system stores configuration data, while the etcd stores configuration information for a large-scale distributed system. Thus, "d" istibuted "/etc" is considered "etcd".
The following describes the communication method provided in the embodiments of the present application in detail. Referring to fig. 4, fig. 4 is a flowchart of a communication method according to an embodiment of the present disclosure. The method is applied to a first server configured with a first Flannel network. The first server is in a data center networking as shown in fig. 3. The communication method provided by the embodiment of the application can comprise the following steps.
Step 401, receiving an addition event notification sent by the etcd database, where the addition event notification includes a second VXLAN identifier that a second Flannel network configured by the second server has.
Specifically, as shown in fig. 5, fig. 5 is a schematic diagram of another data center networking provided in the embodiment of the present application. The data center networking system comprises spine equipment, leaf equipment and a plurality of servers. The server 1 is accessed to a leaf1 device, the server 2 is accessed to a leaf2 device, and the server 3 is accessed to a leaf3 device; and each leaf device is accessed into the spine device. It will be appreciated that the leaf device may be embodied as a vtep device.
Two dockers are included in each server. docker1, docker2 are in server 1, docker3, docker4 are in server 2, docker5, docker6 are in server 3. The Flannel network is already configured in each server.
After a Flannel network is configured in a server, the Flannel network allocates a subnet network segment for the server, and allocates IP addresses for each docker in the server after the subnet network segment is allocated. In the embodiment of the application, when the Flannel network allocates a subnet network segment to the server, allocation is performed by taking (vni, subnet) as a dimension. Servers with different vni may be assigned the same subnet segment as long as the global (vni, subnet) is not duplicated.
It can be understood that, like the process of allocating a subnet segment to a server by a Flannel network in the prior art, after the Flannel network is configured in the server, the Flannel network runs a Flannel ld proxy (agent) in the server, and the agent allocates a subnet segment to each server from an IP address pool.
In the embodiment of the present application, docker1, docker2, docker3, and docker4 belong to the same tenant, and docker5 and docker6 belong to another tenant. Network isolation is realized among tenants. Meanwhile, VXLAN identifiers are allocated to each tenant, for example, docker1, docker2, docker3, and docker4 belong to VXLAN 100. docker5, docker6 belong to VXLAN 200.
In the foregoing example, servers 1 and 2 include dockers belonging to VXLAN 100. When the Flannel network configured in each server is started, subnet segments allocated to the server 1 and the server 2 are 10.2.10.0 and 10.2.20.0, respectively. At this time, the IP addresses allocated to docker1, docker2, docker3, and docker4 by the Flannel network are not duplicated. Since server 3 belongs to VXLAN 200, the subnet segment assigned to server 3 at the time of startup of the Flannel system configured in server 3 may also be assigned to segment 10.2.10.0. At this time, IP addresses allocated to dockers 5 and 6 by the Flannel network may be the same as dockers 1 and 2. However, docker1, docker2, docker3, docker4 belong to a different Flannel network VXLAN instance than docker5, docker 6.
It should be noted that all dockers included in each server belong to only one tenant. The Flannel network profile (Flannel-config. json) in each server adds the VXLAN identification to which the docker included in that server belongs.
For example:
Figure BDA0002434341760000091
further, before this step 401, a step of sending address attribute information to the etcd database by the first server is also included. Through this step, the address attribute information sent by each server is stored in the etcd database, so that the etcd database sends an addition event notification to other servers configured with the Flannel network. And after identifying the added event notification by other servers, discarding the added event notification, or generating communication information for forwarding the service message to a certain server according to the added event notification.
Taking the first server (server 1) as an example for explanation, the first server sends the address attribute information to the etcd database. Wherein the address attribute information includes a subnet address of the first Flannel network, an IP address of the first server, and the first VXLAN identification, such that the etcd database sends an add event notification to other servers (e.g., server 2, server 3) that have configured the Flannel network.
Similarly, other servers (e.g., a second server (server 2), a third server (server 3)) also send address attribute information to the etcd database. The address attribute information sent by the second server comprises a subnet address of the second Flannel network, an IP address of the second server and a second VXLAN identifier; the address attribute information sent by the third server includes the subnet address of the third Flannel network, the IP address of the third server, and the third VXLAN identification.
And after the etcd database receives the address attribute information sent by other servers, the etcd database stores the address attribute information into corresponding server table entries. The etcd database generates an add event notification that includes the VXLAN identification that the Flannel network that the other server has configured has.
The etcd database sends an add event notification to the first server.
Step 402, judging whether the second VXLAN identification is the same as the first VXLAN identification.
Specifically, after receiving the addition event notification, the first server obtains VXLAN identifiers of Flannel networks configured by other servers.
The first server determines whether the VXLAN identifier included in the add event notification is the same as the first VXLAN identifier. If not, go to step 403; if so, go to step 404.
And step 403, if the difference is not the same, discarding the addition event notification.
Specifically, according to the judgment in step 403, if the VXLAN identifier included in the addition event notification is different from the first VXLAN identifier, it indicates that the server sending the addition event notification and the first server belong to different Flannel network VXLAN instances, and at this time, the first server discards the addition event notification, so as to achieve the purpose of implementing network isolation by docker among tenants.
For example, if the VXLAN identifier included in the addition event notification is a third VXLAN identifier, at this time, the third VXLAN identifier is different from the first VXLAN identifier, and the first server discards the addition event notification.
And step 404, if the two are the same, locally storing corresponding communication information for forwarding the service message to the second server.
Specifically, according to the judgment in step 403, if the VXLAN identifier included in the addition event notification is the same as the first VXLAN identifier, it indicates that the server sending the addition event notification and the first server belong to the same Flannel network VXLAN instance, and at this time, the first server locally stores corresponding communication information for forwarding the service packet to the second server, so as to achieve docker between tenants belonging to the same VXLAN instance to implement network interworking.
For example, if the VXLAN identifier included in the addition event notification is the second VXLAN identifier, at this time, the second VXLAN identifier is the same as the first VXLAN identifier, and the first server locally stores the corresponding communication information for forwarding the service packet to the second server.
Therefore, by applying a communication method provided by the embodiment of the present application, after the first server of the first Flannel network has been configured to receive the addition event notification sent by the etcd database, the addition event notification includes the second VXLAN identifier that the second Flannel network has been configured by the second server. The first server determines whether the second VXLAN identification is the same as the first VXLAN identification that the first Flannel network has. If not, the first server discards the addition event notification; and if the communication information is the same as the service information, locally storing the corresponding communication information for forwarding the service message to the second server. The problem that complex firewalls or routing strategies need to be configured when docker access between different tenants is forbidden in the prior art is solved. The method and the device realize multiple VXLAN instances in the Flannel network based on the existing Flannel network, thereby realizing isolation among dockers of different tenants.
Optionally, in this embodiment of the present application, the addition event notification received by the first server in step 401 further includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway accessed by the second server. In step 404, the communication information stored by the first server for forwarding the service packet includes routing information, ARP information, and FDB information.
Specifically, according to the foregoing example, if the VXLAN identifier included in the addition event notification is the second VXLAN identifier, at this time, the second VXLAN identifier is the same as the first VXLAN identifier, the first server locally stores the corresponding routing information, ARP information, and FDB information for forwarding the service packet to the second server.
The routing information comprises a subnet address of a second Flannel network, an IP address of a second server, and an IP and MAC address of a gateway accessed by the second server; the ARP information comprises an IP (Internet protocol) and an MAC (media access control) address of a gateway accessed by the second server; the FDB information includes the MAC address of the gateway accessed by the second server and the next hop-out interface is a VXLAN tunnel interface.
In one example, the Flannel network configured in the server 2 is started, and the server 2 sends address attribute information to the etcd database, the address attribute information including the subnet address of the second Flannel network, the IP address of the second server, and the second VXLAN identification.
And after receiving the event notification, the Etcd database sends the addition event notification to the first server and the third server. And after receiving the addition event notification, the third server judges whether the second VXLAN identification included in the addition event notification is the same as the third VXLAN identification which is configured by the third Flannel. If not, the third server discards the add event notification.
After receiving the addition event notification, the first server judges whether a second VXLAN identifier included in the addition event notification is the same as a first VXLAN identifier of a first self-configured Flannel. And if the two communication messages are the same, the first server locally stores the corresponding communication information for forwarding the service message to the second server.
The routing information includes a subnet address of the second Flannel network: 10.2.20.0, destination IP address 10.2.20.0/24, gateway IP address: 10.2.20.0, gateway MAC address: 12-34-56.
ARP information: gateway IP address: 10.2.20.0, gateway MAC address: 12-34-56.
FDB information: the MAC address is a gateway MAC address: the service messages 12-34-56 are sent to the destination server 2 through the VXLAN tunnel.
As such, routing information and ARP information are only passed between the same VXLAN instances. Namely, the server 1 stores the subnet network segment route corresponding to the server 2; and the server 3 does not store the subnet network segment route corresponding to the server 2. All dockers included in the server 1 can access all dockers included in the server 2; while all dockers comprised within the server 3 may not have access to all dockers comprised within the server 2.
Based on the same inventive concept, the embodiment of the application also provides a communication device corresponding to the communication method. Referring to fig. 6, fig. 6 is a structural diagram of a communication device according to an embodiment of the present application, where the device is applied to a first server configured with a first Flannel network, where the first Flannel network has a first VXLAN identifier, and the device includes:
a receiving unit 610, configured to receive an addition event notification sent by the etcd database, where the addition event notification includes a second VXLAN identifier that a second Flannel network configured by the second server has;
a determining unit 620, configured to determine whether the second VXLAN identifier is the same as the first VXLAN identifier;
a discarding unit 630, configured to discard the addition event notification if the two are different;
and the storage unit 640 is configured to, if the two communication information are the same, locally store corresponding communication information for forwarding the service packet to the second server.
Optionally, the apparatus further comprises: a sending unit 650, configured to send address attribute information to the etcd database, where the address attribute information includes the subnet address of the first Flannel network, the IP address of the first server, and the first VXLAN identifier, so that the etcd database sends an addition event notification to the server configured with the Flannel network.
Optionally, the addition event notification further includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway accessed by the second server;
the communication information for forwarding the service message to the second server includes routing information;
the storage unit 640 is specifically configured to, if the two addresses are the same, locally store corresponding routing information for forwarding the service packet to the second server, where the routing information includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway to which the second server is accessed.
Optionally, the communication information for forwarding the service packet to the second server further includes ARP information;
the storage unit 640 is specifically configured to, if the two pieces of ARP information are the same, locally store corresponding ARP information used for forwarding the service packet to the second server, where the ARP information includes an IP address and an MAC address of a gateway accessed by the second server.
Optionally, the communication information for forwarding the service packet to the second server further includes FDB information;
the storing unit 640 is specifically configured to, if the two FDB information are the same, locally store corresponding FDB information for forwarding the service packet to the second server, where the FDB information includes an MAC address of a gateway accessed by the second server and a next hop-out interface is a VXLAN tunnel interface.
Therefore, by applying the communication device provided in the embodiment of the present application, after the device that has configured the first Flannel network receives the add event notification sent by the etcd database, the add event notification includes the second VXLAN identifier that the second Flannel network that has been configured by the second server has. The device determines whether the second VXLAN identification is the same as the first VXLAN identification that the first Flannel network has. If not, the first server discards the addition event notification; and if the communication information is the same as the service information, locally storing the corresponding communication information for forwarding the service message to the second server. The problem that complex firewalls or routing strategies need to be configured when docker access between different tenants is forbidden in the prior art is solved. The method and the device realize multiple VXLAN instances in the Flannel network based on the existing Flannel network, thereby realizing isolation among dockers of different tenants.
Based on the same inventive concept, the embodiment of the present application further provides a network device, as shown in fig. 7, including a processor 710, a transceiver 720, and a machine-readable storage medium 730, where the machine-readable storage medium 730 stores machine-executable instructions capable of being executed by the processor 710, and the processor 710 is caused by the machine-executable instructions to perform the communication method provided by the embodiment of the present application. The communication apparatus shown in fig. 6 can be implemented by using the hardware structure of the network device shown in fig. 7.
The computer-readable storage medium 730 may include a Random Access Memory (RAM) or a Non-volatile Memory (NVM), such as at least one disk Memory. Optionally, the computer-readable storage medium 730 may also be at least one memory device located remotely from the processor 610.
The Processor 710 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In the embodiment of the present application, the processor 710 reads the machine executable instructions stored in the machine readable storage medium 730, and the machine executable instructions cause the processor 710 itself and the transceiver 720 to be able to perform the communication method described in the embodiment of the present application.
Additionally, embodiments of the present application provide a machine-readable storage medium 730, the machine-readable storage medium 730 storing machine executable instructions that, when invoked and executed by the processor 710, cause the processor 710 itself and the invoking transceiver 720 to perform the communication methods described in embodiments of the present application.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
As for the embodiments of the communication apparatus and the machine-readable storage medium, since the contents of the related methods are substantially similar to those of the foregoing embodiments of the methods, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the embodiments of the methods.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. A method of communication applied to a first server having a first Flannel network configured, the first Flannel network having a first VXLAN identification, the method comprising:
receiving an adding event notification sent by the etcd database, wherein the adding event notification comprises a second VXLAN identifier which a second Flannel network configured by a second server has;
judging whether the second VXLAN identification is the same as the first VXLAN identification;
if not, discarding the addition event notification;
and if the communication information is the same as the service information, locally storing the corresponding communication information for forwarding the service message to the second server.
2. The method of claim 1, wherein before receiving the add event notification sent by the etcd database, the method further comprises:
sending address attribute information to the etcd database, the address attribute information including the subnet address of the first Flannel network, the IP address of the first server, and the first VXLAN identification, so that the etcd database sends an Add event announcement to a server configured with a Flannel network.
3. The method of claim 1, wherein the add event notification further comprises a subnet address of the second Flannel network, an IP address of the second server, and an IP, MAC address of a gateway accessed by the second server;
the communication information for forwarding the service message to the second server includes routing information;
if the two communication information are the same, locally storing corresponding communication information for forwarding the service packet to the second server, specifically including:
and if the two messages are the same, locally storing corresponding routing information for forwarding the service message to the second server, wherein the routing information comprises the subnet address of the second Flannel network, the IP address of the second server and the IP and MAC addresses of gateways accessed by the second server.
4. The method of claim 3, wherein the communication information for forwarding the traffic packet to the second server further comprises ARP information;
if the two ARP information are the same, locally storing corresponding ARP information for forwarding the service message to the second server, specifically comprising:
if the two are the same, locally storing corresponding ARP information for forwarding the service message to the second server, wherein the ARP information comprises the IP and MAC address of a gateway accessed by the second server.
5. The method of claim 3, wherein the communication information for forwarding the traffic packet to the second server further comprises FDB information;
if the FDB information is the same as the FDB information, locally storing the corresponding FDB information for forwarding the service packet to the second server, specifically including:
and if the two are the same, locally storing corresponding FDB information for forwarding the service message to the second server, wherein the FDB information comprises an MAC address of a gateway accessed by the second server and a next hop-out interface which is a VXLAN tunnel interface.
6. A communications apparatus for use with a first server having a first Flannel network configured, the first Flannel network having a first VXLAN identification, the apparatus comprising:
a receiving unit, configured to receive an addition event notification sent by the etcd database, where the addition event notification includes a second VXLAN identifier that a second Flannel network configured by the second server has;
the judging unit is used for judging whether the second VXLAN identification is the same as the first VXLAN identification;
a discarding unit, configured to discard the addition event notification if the two are different;
and the storage unit is used for locally storing the corresponding communication information for forwarding the service message to the second server if the communication information is the same as the communication information.
7. The apparatus of claim 6, further comprising:
a sending unit, configured to send address attribute information to the etcd database, where the address attribute information includes a subnet address of the first Flannel network, an IP address of the first server, and the first VXLAN identifier, so that the etcd database sends an addition event notification to a server configured with a Flannel network.
8. The apparatus of claim 6, wherein the add event notification further comprises a subnet address of the second Flannel network, an IP address of the second server, and an IP, MAC address of a gateway accessed by the second server;
the communication information for forwarding the service message to the second server includes routing information;
the storage unit is specifically configured to, if the two addresses are the same, locally store corresponding routing information for forwarding the service packet to the second server, where the routing information includes a subnet address of the second Flannel network, an IP address of the second server, and an IP and MAC address of a gateway to which the second server is accessed.
9. The apparatus of claim 8, wherein the communication information for forwarding the traffic packet to the second server further comprises ARP information;
the storage unit is specifically configured to, if the two pieces of ARP information are the same, locally store corresponding ARP information used for forwarding the service packet to the second server, where the ARP information includes an IP address and an MAC address of a gateway to which the second server is accessed.
10. The apparatus of claim 8, wherein the communication information for forwarding the traffic packet to the second server further comprises FDB information;
the storage unit is specifically configured to, if the FDB information is the same as the MAC address of the gateway accessed by the second server, locally store corresponding FDB information for forwarding the service packet to the second server, where the FDB information includes the MAC address of the gateway accessed by the second server and a next hop-out interface is a VXLAN tunnel interface.
CN202010247514.2A 2020-03-31 2020-03-31 Communication method and device Active CN111541651B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010247514.2A CN111541651B (en) 2020-03-31 2020-03-31 Communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010247514.2A CN111541651B (en) 2020-03-31 2020-03-31 Communication method and device

Publications (2)

Publication Number Publication Date
CN111541651A true CN111541651A (en) 2020-08-14
CN111541651B CN111541651B (en) 2022-10-21

Family

ID=71970105

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010247514.2A Active CN111541651B (en) 2020-03-31 2020-03-31 Communication method and device

Country Status (1)

Country Link
CN (1) CN111541651B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140146817A1 (en) * 2012-11-29 2014-05-29 Futurewei Technologies, Inc. System and Method for VXLAN Intern-Domain Communications
CN104780089A (en) * 2015-04-17 2015-07-15 杭州华三通信技术有限公司 Message isolating method and device
CN106790660A (en) * 2017-01-18 2017-05-31 咪咕视讯科技有限公司 A kind of dispositions method and device for realizing distributed memory system
CN107070691A (en) * 2017-01-12 2017-08-18 阿里巴巴集团控股有限公司 Docker containers across host communication method and system
CN107317752A (en) * 2016-04-27 2017-11-03 华为技术有限公司 A kind of method and device of forwarding data packets
CN107332775A (en) * 2017-08-14 2017-11-07 上海新炬网络信息技术股份有限公司 Across host exchanging visit system and its control method based on docker containers
CN107645433A (en) * 2017-08-31 2018-01-30 新华三技术有限公司 Message forwarding method and device
CN107896188A (en) * 2017-12-22 2018-04-10 迈普通信技术股份有限公司 Data forwarding method and device
CN107959613A (en) * 2016-10-18 2018-04-24 华为技术有限公司 Message forwarding method and device
CN108075956A (en) * 2016-11-16 2018-05-25 新华三技术有限公司 A kind of data processing method and device
CN108199963A (en) * 2017-12-27 2018-06-22 新华三技术有限公司 Message forwarding method and device
CN109246016A (en) * 2018-11-27 2019-01-18 杭州迪普科技股份有限公司 Message processing method and device across VXLAN
CN109361614A (en) * 2018-12-14 2019-02-19 锐捷网络股份有限公司 A kind of load-balancing method and system based on VXLAN
CN110120919A (en) * 2019-04-04 2019-08-13 华中科技大学 A kind of Internet resources partition method and system for capacitor network
CN110635987A (en) * 2019-09-09 2019-12-31 新华三信息安全技术有限公司 Message transmission method, device, equipment and machine readable storage medium

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140146817A1 (en) * 2012-11-29 2014-05-29 Futurewei Technologies, Inc. System and Method for VXLAN Intern-Domain Communications
CN104780089A (en) * 2015-04-17 2015-07-15 杭州华三通信技术有限公司 Message isolating method and device
CN107317752A (en) * 2016-04-27 2017-11-03 华为技术有限公司 A kind of method and device of forwarding data packets
CN107959613A (en) * 2016-10-18 2018-04-24 华为技术有限公司 Message forwarding method and device
CN108075956A (en) * 2016-11-16 2018-05-25 新华三技术有限公司 A kind of data processing method and device
CN107070691A (en) * 2017-01-12 2017-08-18 阿里巴巴集团控股有限公司 Docker containers across host communication method and system
CN106790660A (en) * 2017-01-18 2017-05-31 咪咕视讯科技有限公司 A kind of dispositions method and device for realizing distributed memory system
CN107332775A (en) * 2017-08-14 2017-11-07 上海新炬网络信息技术股份有限公司 Across host exchanging visit system and its control method based on docker containers
CN107645433A (en) * 2017-08-31 2018-01-30 新华三技术有限公司 Message forwarding method and device
CN107896188A (en) * 2017-12-22 2018-04-10 迈普通信技术股份有限公司 Data forwarding method and device
CN108199963A (en) * 2017-12-27 2018-06-22 新华三技术有限公司 Message forwarding method and device
CN109246016A (en) * 2018-11-27 2019-01-18 杭州迪普科技股份有限公司 Message processing method and device across VXLAN
CN109361614A (en) * 2018-12-14 2019-02-19 锐捷网络股份有限公司 A kind of load-balancing method and system based on VXLAN
CN110120919A (en) * 2019-04-04 2019-08-13 华中科技大学 A kind of Internet resources partition method and system for capacitor network
CN110635987A (en) * 2019-09-09 2019-12-31 新华三信息安全技术有限公司 Message transmission method, device, equipment and machine readable storage medium

Also Published As

Publication number Publication date
CN111541651B (en) 2022-10-21

Similar Documents

Publication Publication Date Title
CN111885075B (en) Container communication method, device, network equipment and storage medium
US11283707B2 (en) Segment routing with fast reroute for container networking
US10547463B2 (en) Multicast helper to link virtual extensible LANs
US11265368B2 (en) Load balancing method, apparatus, and system
US11102079B2 (en) Cross-regional virtual network peering
JP6648308B2 (en) Packet transmission
WO2019201043A1 (en) Network communication method, system and device, and storage medium
CN110012125B (en) Cluster network communication method, device, storage medium and equipment
WO2021135471A1 (en) Data transmission method and apparatus, network card and storage medium
CN107624240B (en) Configuration of network elements for automated policy-based routing
JP6445015B2 (en) System and method for providing data services in engineered systems for execution of middleware and applications
US20190081818A1 (en) Data center networks
CN106452857B (en) Method for generating configuration information and network control unit
US9253140B2 (en) System and method for optimizing within subnet communication in a network environment
JP2020512638A (en) System and method for providing homogeneous fabric attributes to reduce the need for subnet administrator access in a high performance computing environment
US9559950B2 (en) Data center networks
CN105264855A (en) Method, device and system for realizing private network traversal
CN112910685B (en) Method and device for realizing unified management of container network
US9716688B1 (en) VPN for containers and virtual machines in local area networks
WO2018113701A1 (en) Resource scheduling method
CN115442184B (en) Access system and method, access server, system and storage medium
CN115174139B (en) Node isolation method, switching equipment and Ethernet storage system
CN111010340A (en) Data message forwarding control method and device and computing device
US20200213233A1 (en) Balancing load
CN113676390A (en) VXLAN-based trigger type dynamic security channel method, user side and central console

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant