CN112565047A - Method, device, equipment and medium for constructing network by using VPP in docker - Google Patents
Method, device, equipment and medium for constructing network by using VPP in docker Download PDFInfo
- Publication number
- CN112565047A CN112565047A CN202011307285.5A CN202011307285A CN112565047A CN 112565047 A CN112565047 A CN 112565047A CN 202011307285 A CN202011307285 A CN 202011307285A CN 112565047 A CN112565047 A CN 112565047A
- Authority
- CN
- China
- Prior art keywords
- vpp
- interface
- host
- network
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004891 communication Methods 0.000 claims abstract description 38
- 238000012725 vapour phase polymerization Methods 0.000 claims description 3
- 239000002071 nanotube Substances 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 19
- 230000006870 function Effects 0.000 description 18
- 238000012545 processing Methods 0.000 description 14
- 230000006872 improvement Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1074—Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1087—Peer-to-peer [P2P] networks using cross-functional networking aspects
- H04L67/1091—Interfacing with client-server systems or between P2P systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the specification discloses a method, a device, equipment and a medium for constructing a network by using VPP in docker, which comprises the following steps: in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface; the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; alternatively, the first virtual interfaces in the VPP communicate with each other via a Virtual Local Area Network (VLAN) to facilitate inter-container communication with the host.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a medium for constructing a network using a VPP in a docker.
Background
With the development of micro services, a docker is used as a lightweight open-source application container engine, so that developers can rapidly deploy applications to different platforms. due to the adoption of the docker, the problems of low utilization rate of bare metal deployment hardware resources, complex expansion, deployment environment difference and the like are solved. However, the original automation network of docker has simple functions and cannot meet the requirements in complex scenes.
A method for constructing a network in a docker is needed to meet the requirements of complex scenes.
Disclosure of Invention
One or more embodiments of the present specification provide a method, an apparatus, a device, and a medium for constructing a network using a VPP in a docker, so as to solve the following technical problems: a method for constructing a network in docker is needed to meet the requirements of complex scenarios.
To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:
one or more embodiments of the present specification provide a method of constructing a network using a VPP in a docker, the method including:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
One or more embodiments of the present specification also provide an apparatus for constructing a network using a VPP in a docker, the apparatus including:
the device comprises a connection unit, a Virtual Private Part (VPP) and a Virtual Private Part (VPP), wherein the connection unit is used for connecting the VPP with a pre-established network name space through a first virtual interface in a host machine, and the network name space is communicated with a container in the host machine through a second virtual interface;
the first communication unit is used for the VPP to manage a physical interface of a host machine through a first preset driver, and the intercommunication between the physical network interface and the first virtual interface is realized through a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host machine is crossed; or,
and the second communication unit is used for carrying out communication among the first virtual interfaces in the VPP through a virtual local area network so as to realize the communication among the containers when the VPP is connected with the host.
One or more embodiments of the present specification also provide an apparatus for constructing a network using a VPP in a docker, the apparatus including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
One or more embodiments of the present specification also provide a medium for constructing a network using a VPP in a docker, storing computer-executable instructions configured to:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
At least one technical scheme adopted by one or more embodiments of the specification can achieve the following beneficial effects: one or more embodiments of the present description may introduce a VPP into a docker network to construct, and construct a diversified docker network by using high performance and high scalability of the VPP, thereby satisfying different application scenarios.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a schematic flow diagram of a method for constructing a network using a VPP in a docker according to one or more embodiments of the present disclosure;
fig. 2 is a schematic diagram of a first network interworking model provided in one or more embodiments of the present disclosure;
fig. 3 is a schematic diagram of a second network interworking model provided in one or more embodiments of the present description;
fig. 4 is a schematic diagram of a third network interworking model provided in one or more embodiments of the present description;
fig. 5 is a schematic diagram of a fourth network interworking model provided in one or more embodiments of the present description;
fig. 6 is a schematic structural diagram of an apparatus for constructing a network using a VPP in a docker according to one or more embodiments of the present disclosure.
Detailed Description
The original automation network of docker has simple functions and cannot meet the requirements under complex scenes. To solve the above problems, the prior art mostly combines docker and ovs. However, the complexity of the flow table causes great inconvenience for management and debugging, and the function extension of ovs is complicated and not good.
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any inventive step based on the embodiments of the present disclosure, shall fall within the scope of protection of the present application.
Fig. 1 is a schematic flowchart of a method for constructing a network using a VPP in a docker according to one or more embodiments of the present disclosure, where the one or more embodiments of the present disclosure may be implemented by an execution unit of a network system, and specifically may include:
step S101, in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface. If the host is crossed, executing the step S102; if yes, go to step S103.
In one or more embodiments of the present description, the VPP platform is an extensible framework that provides out-of-box production quality switch/router functionality. The VPP platform is an open source version of the Vector Packet Processing (VPP) technology, and is a high-performance Packet Processing stack that can run on commercial CPUs. Based on the mode, the VPP plug-in extension is very convenient, and can meet the customization requirements of users. The VPP platform processes messages by serially connecting message processing nodes to form a data channel. Developers can add plug-ins to the plug-in directory, the plug-ins can be automatically loaded when programs are run, new message processing nodes are introduced or the message processing nodes are rearranged in the form of the plug-ins, and function expansion can be conveniently carried out. In addition, the VPP functions closer to the physical switch, making it easier to maintain and debug.
In one or more embodiments of the present disclosure, the first virtual interface may be a Host interface port or other port with similar functions, and the second virtual interface may be a peer port or a path port.
And S102, the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset drive receiving host machine and a virtual local area network inside the VPP through a sub-interface so as to realize the communication between containers when the host machine is crossed.
In one or more embodiments of the present description, the virtual local area network may be Bridge domain. The first preset driver may be a driver in a DPDK, or may be another driver with a similar function, where the DPDK (Data Plane Development Kit) is mainly operated based on a Linux system, and is used for a function library and a driver set for fast packet processing, which may greatly improve Data processing performance and throughput and improve the work efficiency of a Data Plane application program.
Step S103, the first virtual interfaces in the VPP are communicated through a virtual local area network, so that the communication between the containers is realized when the VPP is connected with a host.
Further, if a first container in the current host and a second container in the destination host communicate with each other in a network segment, the VPP in the current host is used as a first VPP, and the VPP in the destination host is used as a second VPP, the method further comprising:
and a first virtual interface in the first VPP receives the message sent by the first container, and sends the message to the physical interface through a sub-interface and a virtual local area network, so that the message is sent to a physical interface of a destination host machine through the physical interface, and the message is sent to the second container through the second VPP.
In one or more embodiments of the present disclosure, if a first container in a current host and a second container in a destination host communicate with each other in a network segment, see fig. 2, which shows a schematic diagram of a first network interworking model, specifically as follows:
the host machine A is a current host machine, the host machine B is a target host machine, and the host machine A and the host machine B are in the same network segment. Respectively creating network namespaces ns-AAA (the network namespaces can be the same because the Host A and the Host B are two different hosts) on the Host A and the Host B, communicating with the inside of the container through a peer port, and simultaneously, connecting the VPP with the network namespaces through creating Host interface. VPP manages the physical network port of the Host machine through DPDK, and the intercommunication between the physical network port (ens192) and the Host interface is realized through a subinterface and Bridge domain inside the VPP. The traffic in the container 1 reaches the physical interface corresponding to the container 2 through the physical interface, and is forwarded to the container 2 of the host B through the VPP.
Further, if the third container and the fourth container in the host are in communication with the network segment, the method further includes:
and the corresponding first virtual interface in the VPP receives the message sent by the third container and sends the message to the corresponding first virtual interface through the virtual local area network, so that the message is sent to the fourth container through the corresponding first virtual interface.
In one or more embodiments of the present disclosure, if a third container and a fourth container in a host communicate with a network segment, see fig. 3, which shows a schematic diagram of a second network interworking model, specifically as follows:
two network namespaces ns-AAA and ns-BBB are created on the Host A, and are communicated with the inside of the container through a peer port, and meanwhile, the VPP is connected with the network namespaces through creating Host interface. The Host interfaces communicate with each other through the same Bridge domain inside the vpp. Traffic in container 1 reaches container 2 through Bridge domain.
Further, in one or more embodiments of the present disclosure, if two containers communicate in different network segments, the method further includes:
in a routing node, a VPP creates a corresponding first gateway interface and a second gateway interface according to a network segment to which a container belongs, and stores the address of the first gateway interface and the address of the second gateway interface into a routing table;
and the VPP drives the physical network port of the nano-tube routing node through a second preset, and realizes the intercommunication between the physical network port of the routing node and the VPP through a sub-interface and a virtual local area network.
Further, if a fifth container in the current host and a sixth container in the destination host communicate with each other in different network segments, the VPP in the current host is used as a third VPP, the VPP in the destination host is used as a fourth VPP, and the VPP of the routing node is used as a fifth VPP, where the method further includes:
when the fifth container forwards the message to a routing node through the third VPP, the fifth VPP forwards the message to the first gateway interface through a sub-interface and a virtual local area network, and sends the message to the second gateway interface according to the routing table;
and the second gateway interface forwards the message to a physical interface corresponding to a destination host through a corresponding physical interface so as to send the message to the sixth container through the fourth VPP.
In one or more embodiments of the present disclosure, if a fifth container in the current host communicates with a sixth container in the destination host in different network segments, see fig. 4, which shows a schematic diagram of a third network interworking model, specifically as follows:
the host machine A is a current host machine, the host machine B is a target host machine, the node C is equivalent to a routing node, and the container 1 in the host machine A and the container 2 in the host machine B are in different network segments. Respectively creating network namespaces ns-AAA (the network namespaces can be the same because the Host A and the Host B are two different hosts) on the Host A and the Host B, communicating with the inside of the container through a peer port, and simultaneously, connecting the VPP with the network namespaces through creating Host interface. VPP manages the physical network port of the Host machine through DPDK, and the intercommunication between the physical network port (ens192) and the Host interface is realized through a subinterface and Bridge domain inside the VPP. Traffic in container 1 arrives at gateway interface loop1 in node C through forwarding, is routed to gateway interface loop2 via a VPP lookup routing table in node C, and then goes through a series of forwarding into container 2.
Further, if a seventh container and an eighth container in the host communicate with each other in different network segments, the VPP in the host is used as a sixth VPP, and the VPP of the routing node is used as a seventh VPP, and the method further includes:
when the seventh container forwards the message to a routing node through the sixth VPP, the sixth VPP forwards the message to the first gateway interface through a subinterface and a virtual local area network, and sends the message to the second gateway interface according to the routing table;
and the second gateway interface forwards the message to a physical interface corresponding to the host through a corresponding physical interface so as to send the message to the eighth container through the seventh VPP.
In one or more embodiments of the present disclosure, if the seventh container and the eighth container in the host communicate in different network segments, refer to fig. 5, which shows a schematic diagram of a fourth network interworking model, specifically as follows:
Further, after the VPP is connected to the pre-created network namespace through the host interface, the method further includes:
the VPP adds the plug-in the plug-in directory so as to automatically load the plug-in when the host runs.
One or more embodiments of the present description may introduce a VPP into a docker network to construct, and construct a diversified docker network by using high performance and high scalability of the VPP, thereby satisfying different application scenarios. In addition, the VPP message processing speed is high, and the performance of the docker network can be improved.
It should be noted that in one or more embodiments of the present disclosure, the upper case and the lower case of the letters do not affect each other, i.e., both the upper case and the lower case can be regarded as the same letter.
Fig. 6 is a schematic structural diagram of an apparatus for constructing a network using a VPP in a docker according to one or more embodiments of the present disclosure, where the apparatus includes: a connection unit 1, a first communication unit 2 and a second communication unit 3.
The connection unit 1 is used for a VPP to be connected with a pre-established network name space through a first virtual interface in a host machine, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the first communication unit 2 is used for the VPP to manage the physical interface of the host through a first preset driver, and the intercommunication between the physical network interface and the first virtual interface is realized through a sub-interface and a virtual local area network in the VPP, so that the communication between containers is realized when the host is crossed; or,
the second communication unit 3 is used for communication between the first virtual interfaces in the VPP via a virtual local area network, so as to implement communication between containers when being compatible with the host.
One or more embodiments of the present specification also provide an apparatus for constructing a network using a VPP in a docker, the apparatus including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, the present specification embodiments may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the apparatus, the device, and the nonvolatile computer storage medium, since they are substantially similar to the embodiments of the method, the description is simple, and for the relevant points, reference may be made to the partial description of the embodiments of the method.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The above description is merely one or more embodiments of the present disclosure and is not intended to limit the present disclosure. Various modifications and alterations to one or more embodiments of the present description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of one or more embodiments of the present specification should be included in the scope of the claims of the present specification.
Claims (10)
1. A method of constructing a network using VPP in a docker, the method comprising:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
2. The method of claim 1, wherein if a first container in the current host communicates with a second container in the destination host on a network segment, the VPP in the current host is used as a first VPP, and the VPP in the destination host is used as a second VPP, the method further comprising:
and a first virtual interface in the first VPP receives the message sent by the first container, and sends the message to the physical interface through a sub-interface and a virtual local area network, so that the message is sent to a physical interface of a destination host machine through the physical interface, and the message is sent to the second container through the second VPP.
3. The method of claim 1, wherein if a third container and a fourth container in a host communicate with a network segment, the method further comprises:
and the corresponding first virtual interface in the VPP receives the message sent by the third container and sends the message to the corresponding first virtual interface through the virtual local area network, so that the message is sent to the fourth container through the corresponding first virtual interface.
4. The method of claim 1, wherein if two containers communicate on different network segments, the method further comprises:
in a routing node, a VPP creates a corresponding first gateway interface and a second gateway interface according to a network segment to which a container belongs, and stores the address of the first gateway interface and the address of the second gateway interface into a routing table;
and the VPP drives the physical network port of the nano-tube routing node through a second preset, and realizes the intercommunication between the physical network port of the routing node and the VPP through a sub-interface and a virtual local area network.
5. The method of claim 4, wherein if a fifth container in the current host communicates with a sixth container in the destination host in different network segments, the VPP in the current host is used as a third VPP, the VPP in the destination host is used as a fourth VPP, and the VPP in the routing node is used as a fifth VPP, and the method further comprises:
when the fifth container forwards the message to a routing node through the third VPP, the fifth VPP forwards the message to the first gateway interface through a sub-interface and a virtual local area network, and sends the message to the second gateway interface according to the routing table;
and the second gateway interface forwards the message to a physical interface corresponding to a destination host through a corresponding physical interface so as to send the message to the sixth container through the fourth VPP.
6. The method of claim 4, wherein if a seventh container and an eighth container in the host communicate with each other in different network segments, the VPP in the host is used as a sixth VPP, and the VPP in the routing node is used as a seventh VPP, the method further comprising:
when the seventh container forwards the message to a routing node through the sixth VPP, the sixth VPP forwards the message to the first gateway interface through a subinterface and a virtual local area network, and sends the message to the second gateway interface according to the routing table;
and the second gateway interface forwards the message to a physical interface corresponding to the host through a corresponding physical interface so as to send the message to the eighth container through the seventh VPP.
7. The method of constructing a network using a VPP in a docker of claim 1, wherein after the VPP is connected to a pre-created network namespace through a host interface, the method further comprises:
the VPP adds the plug-in the plug-in directory so as to automatically load the plug-in when the host runs.
8. An apparatus for constructing a network using VPPs in a docker, the apparatus comprising:
the device comprises a connection unit, a Virtual Private Part (VPP) and a Virtual Private Part (VPP), wherein the connection unit is used for connecting the VPP with a pre-established network name space through a first virtual interface in a host machine, and the network name space is communicated with a container in the host machine through a second virtual interface;
the first communication unit is used for the VPP to manage a physical interface of a host machine through a first preset driver, and the intercommunication between the physical network interface and the first virtual interface is realized through a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host machine is crossed; or,
and the second communication unit is used for carrying out communication among the first virtual interfaces in the VPP through a virtual local area network so as to realize the communication among the containers when the VPP is connected with the host.
9. An apparatus for constructing a network using VPPs in a docker, the apparatus comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
10. A medium for constructing a network using VPP in a docker, having stored thereon computer-executable instructions configured to:
in a host machine, a VPP is connected with a pre-established network name space through a first virtual interface, wherein the network name space is communicated with a container in the host machine through a second virtual interface;
the VPP realizes the intercommunication between the physical network port and the first virtual interface through a first preset physical interface driving the host computer and a sub-interface and a virtual local area network in the VPP so as to realize the communication between containers when the host computer is crossed; or,
the first virtual interfaces in the VPP communicate through a virtual local area network so as to realize the communication between containers when being compatible with the host.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011307285.5A CN112565047B (en) | 2020-11-19 | 2020-11-19 | Method, device, equipment and medium for constructing network by using VPP in docker |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011307285.5A CN112565047B (en) | 2020-11-19 | 2020-11-19 | Method, device, equipment and medium for constructing network by using VPP in docker |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112565047A true CN112565047A (en) | 2021-03-26 |
CN112565047B CN112565047B (en) | 2022-03-04 |
Family
ID=75044126
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011307285.5A Active CN112565047B (en) | 2020-11-19 | 2020-11-19 | Method, device, equipment and medium for constructing network by using VPP in docker |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112565047B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113259503A (en) * | 2021-06-24 | 2021-08-13 | 浩鲸云计算科技股份有限公司 | Method and system for realizing cross-network communication among different containers based on Infiniband |
CN113938533A (en) * | 2021-10-15 | 2022-01-14 | 京东科技信息技术有限公司 | Communication method and device between applications, electronic equipment and computer readable medium |
CN114726744A (en) * | 2022-03-30 | 2022-07-08 | 新华三技术有限公司 | Virtual port online method and device in simulation network |
CN115208888A (en) * | 2022-09-13 | 2022-10-18 | 杭州优云科技有限公司 | Communication method and device for cloud instance to cross available areas and electronic equipment |
CN115379010A (en) * | 2022-08-15 | 2022-11-22 | 杭州安恒信息技术股份有限公司 | Container network construction method, device, equipment and storage medium |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017198035A1 (en) * | 2016-05-20 | 2017-11-23 | 北京奇虎科技有限公司 | Method and apparatus for controlling uploading/downloading characteristic of docker container |
US20180074839A1 (en) * | 2016-09-09 | 2018-03-15 | Mohanish Chandrapalsingh PACHLORE | Device virtualization for containers |
CN108111383A (en) * | 2017-12-26 | 2018-06-01 | 北京航空航天大学 | A kind of cross-domain container virtual network construction method based on SDN |
CN108270856A (en) * | 2018-01-15 | 2018-07-10 | 赛特斯信息科技股份有限公司 | The virtual management system and its configuration method of logic cpe device based on Docker technologies |
US20190297011A1 (en) * | 2018-03-20 | 2019-09-26 | Cisco Technology, Inc. | Intra-host and end-to-end packet path and treatment tracing using in-situ oam in container networking architecture |
CN110351149A (en) * | 2019-07-26 | 2019-10-18 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device for safeguarding network data Forwarding plane |
CN110704155A (en) * | 2018-07-09 | 2020-01-17 | 阿里巴巴集团控股有限公司 | Container network construction method and device, physical host and data transmission method |
CN110785965A (en) * | 2017-06-19 | 2020-02-11 | 思科技术公司 | Layer 3 authentication using virtual route forwarding containers in a network |
US20200076685A1 (en) * | 2018-08-30 | 2020-03-05 | Juniper Networks, Inc. | Multiple networks for virtual execution elements |
US20200073692A1 (en) * | 2018-08-30 | 2020-03-05 | Juniper Networks, Inc. | Multiple virtual network interface support for virtual execution elements |
CN110995561A (en) * | 2019-12-06 | 2020-04-10 | 中国科学院信息工程研究所 | Virtual network data communication interaction method and system based on container technology |
CN111143034A (en) * | 2019-12-23 | 2020-05-12 | 北京神州绿盟信息安全科技股份有限公司 | Method, device and system for controlling network data forwarding plane |
CN111885075A (en) * | 2020-07-30 | 2020-11-03 | 广州华多网络科技有限公司 | Container communication method, device, network equipment and storage medium |
CN111901244A (en) * | 2020-07-10 | 2020-11-06 | 苏州浪潮智能科技有限公司 | Network message forwarding architecture |
-
2020
- 2020-11-19 CN CN202011307285.5A patent/CN112565047B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017198035A1 (en) * | 2016-05-20 | 2017-11-23 | 北京奇虎科技有限公司 | Method and apparatus for controlling uploading/downloading characteristic of docker container |
US20180074839A1 (en) * | 2016-09-09 | 2018-03-15 | Mohanish Chandrapalsingh PACHLORE | Device virtualization for containers |
CN110785965A (en) * | 2017-06-19 | 2020-02-11 | 思科技术公司 | Layer 3 authentication using virtual route forwarding containers in a network |
CN108111383A (en) * | 2017-12-26 | 2018-06-01 | 北京航空航天大学 | A kind of cross-domain container virtual network construction method based on SDN |
CN108270856A (en) * | 2018-01-15 | 2018-07-10 | 赛特斯信息科技股份有限公司 | The virtual management system and its configuration method of logic cpe device based on Docker technologies |
US20190297011A1 (en) * | 2018-03-20 | 2019-09-26 | Cisco Technology, Inc. | Intra-host and end-to-end packet path and treatment tracing using in-situ oam in container networking architecture |
CN110704155A (en) * | 2018-07-09 | 2020-01-17 | 阿里巴巴集团控股有限公司 | Container network construction method and device, physical host and data transmission method |
US20200076685A1 (en) * | 2018-08-30 | 2020-03-05 | Juniper Networks, Inc. | Multiple networks for virtual execution elements |
US20200073692A1 (en) * | 2018-08-30 | 2020-03-05 | Juniper Networks, Inc. | Multiple virtual network interface support for virtual execution elements |
CN110351149A (en) * | 2019-07-26 | 2019-10-18 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device for safeguarding network data Forwarding plane |
CN110995561A (en) * | 2019-12-06 | 2020-04-10 | 中国科学院信息工程研究所 | Virtual network data communication interaction method and system based on container technology |
CN111143034A (en) * | 2019-12-23 | 2020-05-12 | 北京神州绿盟信息安全科技股份有限公司 | Method, device and system for controlling network data forwarding plane |
CN111901244A (en) * | 2020-07-10 | 2020-11-06 | 苏州浪潮智能科技有限公司 | Network message forwarding architecture |
CN111885075A (en) * | 2020-07-30 | 2020-11-03 | 广州华多网络科技有限公司 | Container communication method, device, network equipment and storage medium |
Non-Patent Citations (6)
Title |
---|
AAA小肥杨: "docker四种网络模式", 《BLOG.CSDN.NET/YANGYIN007/ARTICLE/DETAILS/109035331》 * |
徐启后: "OpenStack云平台中的网络数据性能研究与优化", 《电子设计工程》 * |
曹含笑等: "轻量级容器化技术驱动的虚拟网络部署研究", 《电子测试》 * |
杨鑫等: "基于Macvlan的docker容器网络架构", 《微型电脑应用》 * |
网络安全研发随想: "基于DPDK+VPP实现高性能防火墙", 《BLOG.CSDN.NET/GENGZHIKUI1992/ARTICLE/DETAILS/86712367》 * |
魏亮等: "基于SDN/NFV的未来网络实验平台", 《电信科学》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113259503A (en) * | 2021-06-24 | 2021-08-13 | 浩鲸云计算科技股份有限公司 | Method and system for realizing cross-network communication among different containers based on Infiniband |
CN113938533A (en) * | 2021-10-15 | 2022-01-14 | 京东科技信息技术有限公司 | Communication method and device between applications, electronic equipment and computer readable medium |
CN113938533B (en) * | 2021-10-15 | 2024-02-02 | 京东科技信息技术有限公司 | Inter-application communication method and device, electronic equipment and computer readable medium |
CN114726744A (en) * | 2022-03-30 | 2022-07-08 | 新华三技术有限公司 | Virtual port online method and device in simulation network |
CN114726744B (en) * | 2022-03-30 | 2023-11-14 | 新华三技术有限公司 | Virtual port online method and device in simulation network |
CN115379010A (en) * | 2022-08-15 | 2022-11-22 | 杭州安恒信息技术股份有限公司 | Container network construction method, device, equipment and storage medium |
CN115379010B (en) * | 2022-08-15 | 2024-04-26 | 杭州安恒信息技术股份有限公司 | Container network construction method, device, equipment and storage medium |
CN115208888A (en) * | 2022-09-13 | 2022-10-18 | 杭州优云科技有限公司 | Communication method and device for cloud instance to cross available areas and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN112565047B (en) | 2022-03-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112565047B (en) | Method, device, equipment and medium for constructing network by using VPP in docker | |
CN111800329B (en) | Message forwarding method, device and medium based on SDN and OVN | |
CN110704155B (en) | Container network construction method and device, physical host and data transmission method | |
CN108418851B (en) | Policy issuing system, method, device and equipment | |
CN111698344A (en) | Network address translation method, equipment and medium | |
CN112235357B (en) | Cross-platform application development system | |
CN112104499B (en) | Container network model construction method, device, equipment and medium | |
CN107562777B (en) | Data processing method and apparatus thereof | |
CN108268289B (en) | Parameter configuration method, device and system for web application | |
US20170010673A1 (en) | Gesture based sharing of user interface portion | |
CN110912825A (en) | Message forwarding method, device, equipment and system | |
CN111756629B (en) | Method, device, equipment, network and medium for accessing equipment to overlay network and communication | |
CN107038058B (en) | Code processing method and device | |
CN112468415A (en) | Protocol message processing method, device, equipment and medium | |
CN106559339B (en) | A kind of message processing method and device | |
CN114168114A (en) | Operator registration method, device and equipment | |
CN115202623A (en) | Service capability using method, device and equipment | |
CN112688867B (en) | Method, device, equipment and medium for operating spanning tree protocol in MLAG environment | |
CN111443944B (en) | Program construction method, device and equipment | |
CN112181979A (en) | Data updating method and device, storage medium and electronic equipment | |
CN111163060A (en) | Application group-based forwarding method, device and system | |
CN108681492A (en) | Data processing method and device | |
CN116248584B (en) | Method, equipment and medium for processing EVPN route under double SPINE MLAG environment | |
CN111984247A (en) | Service processing method and device and electronic equipment | |
CN111797070A (en) | Ticket data processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |