CN113765799A - Method for transmitting and receiving container message, storage medium and container communication system - Google Patents

Method for transmitting and receiving container message, storage medium and container communication system Download PDF

Info

Publication number
CN113765799A
CN113765799A CN202010504733.4A CN202010504733A CN113765799A CN 113765799 A CN113765799 A CN 113765799A CN 202010504733 A CN202010504733 A CN 202010504733A CN 113765799 A CN113765799 A CN 113765799A
Authority
CN
China
Prior art keywords
container
nos
message
address
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010504733.4A
Other languages
Chinese (zh)
Inventor
张丽晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202010504733.4A priority Critical patent/CN113765799A/en
Publication of CN113765799A publication Critical patent/CN113765799A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a method, a system and a computer storage medium for sending and receiving container messages, wherein the method comprises the following steps: the container message is sent from an eth0 interface, and the address of the eth0 interface is the address of an NOS interface of the network equipment operating system; the proxy service module creates a Socket on the host operating system, wherein the Socket is used for capturing a container message sent by a container; the agent service module forwards the container message to the NOS, and the NOS sends the container message. The invention realizes the technical effects that the container communicates with the external equipment on the basis of the existing equipment and does not occupy additional resources.

Description

Method for transmitting and receiving container message, storage medium and container communication system
Technical Field
The embodiment of the invention relates to a method for transmitting and receiving a container message, a storage medium and a container communication system.
Background
With the rapid development of internet and cloud computing, the construction scale of a data center is larger and larger, and the complexity of a system is higher and higher, which brings great challenges to the operation and maintenance of network equipment. It has become a trend of future technology development to let network devices provide more openness. There are two major aspects to achieving the openness of a network: on one hand, by using a management tool, the management level of network automation is improved, and a wide automation characteristic is supported; another aspect is the ability to support network device programmability.
With the increasing size of networks, especially in virtualized environments, manual configuration becomes an almost impossible task. There is a trend towards the automated deployment of services to network devices through the use of management tools. The network has the programmable capability, the network complexity can be reduced, the network requirements of virtualization and cloud computing are met, and a novel network system capable of providing an open programmable interface is required to be constructed in future network development.
Generally, there are several methods for providing basic openness capability of network devices, mainly from the technical point of view: first, the network device operating system is directly based on the native Linux kernel protocol stack, and in this way, the original network device system can be regarded as an open system, and there is no need to separately provide open capability support. The network equipment operating system provides an open architecture by loading a third-party container system through integrated deployment based on user state NOS (network operating system) provided by equipment. But is limited by the operating system capability of the network device, and is not suitable for the network device adopting the user mode protocol stack operating system, and in addition, the method has great challenge on the security of the device.
Second, the container communicates with the outside by means of the network device NOS, but the container needs to be individually assigned an external communication IP address. The container communicates with the outside by means of the network device NOS, and requires resource monopolizing the IP address of the network device or the interface of the network device, and notifying this address to the external system as the communication address of the container. The method is presented in a dual-system mode on the external presentation, different addresses need to be independently allocated to the original network equipment operating system and the container system, and the deployment cost is high.
Disclosure of Invention
In order to solve the technical problems, the invention provides a method and a system for sending and receiving a container message, which solve the problems that the container is not high in openness in the communication with an external network, is not compatible with the existing equipment, and needs to occupy interface address resources independently.
According to an embodiment of the present invention, a method for sending a container packet is provided, including: the container message is sent from an eth0 interface, and the address of the eth0 interface is the address of an NOS interface of a network equipment operating system; the proxy service module creates a Socket on a host operating system, wherein the Socket is used for capturing a container message sent by the container; and the agent service module forwards the container message to the NOS, and the NOS sends the container message.
According to another embodiment of the present invention, a method for receiving a container packet is provided, including: the NOS receives a container message, wherein the address of the container message is the interface address of the NOS, and the container message is forwarded to an agent service module; and the proxy service module creates a Socket on the host operating system, and the Socket forwards the container message to a container.
According to another embodiment of the present invention, there is provided a container communication system including: the container establishes an eth0 interface, the address of the eth0 interface is the address of an NOS interface of a network equipment operating system, and a container message is sent through the eth0 interface; the agent service module creates a Socket on a host operating system, the Socket is used for capturing a container message sent by the container, and the agent service module forwards the container message to the NOS; and the NOS is used for sending the container message.
According to another embodiment of the present invention, an apparatus for implementing container packet receiving or sending is provided, including: the device comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that the processor realizes the implementation method of receiving or sending the container message when executing the program.
According to another embodiment of the present invention, a computer-readable storage medium is provided, which stores computer-executable instructions for performing an implementation method of the container packet receiving or sending.
According to the method and the device, the agent module serves as a bridge, the container message is transmitted through the agent module and finally sent or received by the network equipment, and the container shares the interface address of the operating system NOS of the network equipment, so that the technical effect that the container can be communicated with the outside through the existing equipment is achieved, meanwhile, the container does not need to additionally occupy interface resources, the problems that the container communication is incompatible with the existing equipment and the extra interface resources need to be occupied in the prior art are solved, and the resource utilization efficiency is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flowchart of a method for sending container packets according to an embodiment of the present invention
FIG. 2 is a flow chart of creating a container communication network according to an embodiment of the present invention
FIG. 3 is a data flow diagram of the container communicating with the outside according to the embodiment of the present invention
FIG. 4 is a data flow diagram of internal communication between a container and a network device NOS according to an embodiment of the present invention
FIG. 5 is a block diagram of a container communication system according to an embodiment of the present invention
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Example one
In this embodiment, a method for sending a container packet is provided, and fig. 1 is a flowchart of the method for sending a container packet according to the embodiment of the present invention, as shown in fig. 1, the flowchart includes the following steps:
step S101, a container message is sent from an eth0 interface, and the address of the eth0 interface is the address of an NOS interface of a network equipment operating system;
in step S101, the container is attached to the operating system of the host through a virtual ethernet pair veth pair (the virtual ethernet pair is a pair of ports, all the data packets entering from one end of the pair of ports will come out from the other end, and vice versa), and eth0 is the interface on the container side in the veth pair. The agent module registers a Transmission Control Protocol (TCP) port interval and/or a User Datagram Protocol (UDP) port interval of the container.
Step S102, the proxy service module creates a Socket on the host operating system, and the Socket is used for capturing a container message sent by the container;
before a container message is sent out from an eth0 interface, the container sends an address resolution protocol response request (ARP request) to a message destination address; the Socket captures the ARP response-substituting request and uses the interface address of the network equipment operating system to complete the ARP response-substituting.
Step S013, the agent service module forwards the container message to NOS, and NOS sends out the container message.
In step S103, when the destination address of the container packet is the IP address of NOS, the container packet is processed locally by NOS; when the address of the container message is not the IP address of the NOS, the container message is sent to the external equipment by the NOS searching route.
Example two
In this embodiment, a method for creating a container communication system is provided, and fig. 2 is a flowchart of creating a container communication network according to an embodiment of the present invention, as shown in fig. 2, the flowchart includes the following steps:
step S201, firstly, through a basic bridge network mode of a container, the container is connected to a host OS through a virtual Ethernet;
in step S201, one eth0 interface of the veth pair is an interface in the container, and the other interface of the veth pair is accessed in the bridge of the host. In general, this creation may be performed by the container network, and when the container network is specified to be in bridge mode, it is in connection mode of the veth pair.
Step S202, an lo interface is created for the container, and the interface address inherits the interface address of the NOS;
in step S202, the container lo interface inherits the interface address of NOS for the purpose of multiplexing the NOS interface address with external communication. After the network device and the external communication interface are configured with the IP address, the address is synchronously configured to the lo interface of the container through the proxy service module.
Step S203, a default route is created for the container, the route points to an eth0 interface in the path _ pair, and the communication source address adopts an lo interface address;
in step S203, the lo interface address is an interface address of the multiplexing network device. In specific implementation, after the network device and the external communication interface configure the IP address, the address is synchronously configured on the lo interface of the container through the proxy service module.
Step S204, creating a Socket based on the host system, and binding an interface for capturing a message sent by a container;
in step S204, the proxy module creates a Socket based on the host operating system, where the Socket is bound to a side of the veth pair host, and is connected to a port of the host, and is used to capture a packet sent from the container, and for a packet sent from the outside to the container, the packet is also distributed to the container through the Socket.
In order to realize the proxy between the container and the network device NOS, the Socket is created by the host operating system, and the Socket binds the path pair to the internet access of the host to capture the packet, so that the packet sent by the container can be captured.
Step S205, a communication pipeline between the agent module and the NOS is established;
in step S205, a communication channel between the agent module and the NOS is created based on the interface provided by the NOS, and for the packet captured and sent out from the container, the packet is sent to the NOS through the channel, and finally sent out by the NOS for external communication. Likewise, messages sent externally to the container are also received through this communication pipe.
Step S206, the registration of the TCP/UDP port interval of the container system is completed.
In step S206, the registration of the TCP/UDP port interval of the container is completed, so that the container and the network device share the IP address resource.
EXAMPLE III
In this embodiment, a method for creating a container communication system is provided, and fig. 3 is a data flow diagram of a container communicating with the outside according to an embodiment of the present invention, as shown in fig. 3, the data flow includes the following steps:
step 301, when the container system communicates with the outside, according to the route of the container system, a message is sent from an eth0 interface, an interface IP _ NOS address of NOS is used as a source address, and according to the link type of the route, an ARP request is firstly triggered to a destination address of the communication;
step 302, the proxy service module creates a Socket based on the host OS, binds to a docker0 interface, captures an ARP request sent from the container, uses an interface address of NOS to implement ARP response, and captures subsequent IP messages sent from the container system after finishing the ARP response learning process of the container system;
step 303, the agent service module forwards the captured container outgoing message to the NOS for processing through a communication channel between the agent service module and the NOS;
step 304, the NOS receives the message forwarded by the agent service module, normally processes the NOS, and sends the message from the NOS network interface to the external device by searching the route;
step 305, the NOS receives the message sent to the container by the external device through the interface of the network device;
step 306, the network equipment NOS system processes the received message, the destination address of the message is the interface address IP _ NOS of the equipment, the message is distributed for the TCP/UDP port interval registered by the container system according to the proxy service module, and the message sent to the container is distributed to the proxy service module;
step 307, the proxy service module distributes the message to a Bridge (Docker0) on a Bridge connected with the container and the host through a Socket of the host operating system;
the Docker0 here communicates with other physical or virtual network cards at the kernel level, putting all containers and local hosts in the same physical network.
Step 308, using the two-layer forwarding (MAC forwarding) of Bridge to distribute the message to the container system;
example four
In this embodiment, a method for creating a container communication system is provided, and fig. 4 is a data flow diagram of internal communication between a container and a network device NOS according to an embodiment of the present invention, as shown in fig. 4, a data flow includes the following steps:
step 401: when the container system is communicated with the NOS internally, the message is sent out from an eth0 interface according to the route of the container message, the IP _ NOS address of the NOS is used as a source address, and the destination address is an equipment interface address IP _ NOS 2;
step 402: the proxy service module completes the ARP learning process of the container system, and subsequent IP messages sent out from the container system are captured and sent out by the Socket;
step 403: the agent service module transmits the captured container outgoing message to the NOS for processing through a communication channel with the NOS;
step 404: and the NOS receives the message forwarded by the proxy service module, normally performs NOS processing, searches for route local termination, and forwards the NOS for service processing. Meanwhile, for the message which is sent by NOS and the destination address of which is IP _ NOS, routing local processing is carried out;
step 405: the NOS judges whether the message is to be sent to the container according to the port interval registered for the container system by the agent service module, and if so, the message is distributed to the agent service module;
step 406: the proxy service module distributes the message to a bridge (Docker0) connected with the container and the host machine through a Socket of the host machine operating system;
step 407: this message is distributed to the container system for reception using Bridge's layer two forwarding (MAC forwarding).
EXAMPLE five
In this embodiment, a method for creating a container communication system is provided, and fig. 5 is a block diagram of a structure of the container communication system according to an embodiment of the present invention, and as shown in fig. 5, the system includes the following modules:
network equipment host operating system module: providing an equipment host machine operating system, carrying and supporting the operating system of the network equipment, and taking the operating system as a host machine system for carrying a container;
network device operating system module: the main operating system of the service provided by the network equipment works in a user mode protocol stack and provides a software routing operating system for the network equipment through the network equipment operating system;
a container system module: the container system is integrated in the network equipment and provides open capability support for the network equipment;
the proxy service module: the method comprises the steps of realizing intercommunication among a host machine operating system, a network equipment operating system and a container, establishing a Socket on the host machine, capturing a message sent by the container by using the Socket, forwarding the message to the network equipment operating system, and sending the message by the network equipment operating system; or receiving the message sent to the container by the network equipment and transferring the message to the container.
According to another embodiment of the present invention, an apparatus for implementing container packet receiving or sending is provided, including: the device comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that the processor realizes the implementation method of receiving or sending the container message when executing the program.
According to another embodiment of the present invention, a computer-readable storage medium is provided, which stores computer-executable instructions for performing an implementation method of the container packet receiving or sending.
In this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.

Claims (10)

1. A method for sending a container message comprises the following steps:
the container message is sent from an eth0 interface, and the address of the eth0 interface is the interface address of an operating system NOS of the network equipment;
the proxy service module creates a Socket on a host operating system, wherein the Socket is used for capturing the container message sent by the container;
and the agent service module forwards the captured container message to the NOS, and the NOS sends the container message.
2. The method according to claim 1, before the container packet is sent out from the eth0 interface, further comprising:
the container is hung to the host operating system through a virtual Ethernet to a veth pair, and the eth0 interface is one interface in the veth pair.
3. The method of claim 1, comprising:
and the proxy service module registers a Transmission Control Protocol (TCP) port interval and/or a User Datagram Protocol (UDP) port interval of the container.
4. The method according to claim 1, before the container message is sent out from the eth0 interface, comprising:
the container sends an ARP (address resolution protocol) response-substituting request to a destination address;
and the Socket captures the ARP answering request and uses the NOS interface address to complete ARP answering.
5. The method of claim 1, wherein the NOS messaging the container, comprising:
when the destination address of the container message is the IP address of the NOS, the container message is processed locally by the NOS;
or, when the address of the container message is not the IP address of the NOS, the container message is sent to the external device by the NOS finding route.
6. A receiving method of a container message comprises the following steps:
the NOS receives a container message and forwards the container message to an agent service module, wherein the address of the container message is an interface address of the NOS;
and the proxy service module creates a Socket on the host operating system, and the Socket forwards the container message to a container.
7. The method of claim 6, comprising:
and the proxy service module registers a Transmission Control Protocol (TCP) port interval and/or a User Datagram Protocol (UDP) port interval of the container.
8. The method of claim 7, comprising:
and the NOS sends the container message to the proxy service module according to the TCP port interval and/or UDP port interval pair.
9. A container communication system comprising:
the container establishes an eth0 interface, the address of the eth0 interface is the address of an NOS interface of a network equipment operating system, and a container message is sent through the eth0 interface;
the agent service module creates a Socket on a host operating system, the Socket is used for capturing a container message sent by the container, and the agent service module forwards the container message to the NOS;
and the NOS is used for sending the container message.
10. A computer-readable storage medium storing computer-executable instructions for performing a method for implementing the container packet receiving or sending according to any one of claims 1 to 8.
CN202010504733.4A 2020-06-05 2020-06-05 Method for transmitting and receiving container message, storage medium and container communication system Pending CN113765799A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010504733.4A CN113765799A (en) 2020-06-05 2020-06-05 Method for transmitting and receiving container message, storage medium and container communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010504733.4A CN113765799A (en) 2020-06-05 2020-06-05 Method for transmitting and receiving container message, storage medium and container communication system

Publications (1)

Publication Number Publication Date
CN113765799A true CN113765799A (en) 2021-12-07

Family

ID=78784000

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010504733.4A Pending CN113765799A (en) 2020-06-05 2020-06-05 Method for transmitting and receiving container message, storage medium and container communication system

Country Status (1)

Country Link
CN (1) CN113765799A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208838A (en) * 2022-08-25 2022-10-18 科东(广州)软件科技有限公司 Message forwarding device, method and operating system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208838A (en) * 2022-08-25 2022-10-18 科东(广州)软件科技有限公司 Message forwarding device, method and operating system

Similar Documents

Publication Publication Date Title
CN107645444B (en) System, device and method for fast routing transmission between virtual machines and cloud service computing devices
CN107566441B (en) Method and system for fast routing transmission between virtual machine and cloud service computing device
US9923732B2 (en) Virtual gateways and implicit routing in distributed overlay virtual environments
US11374899B2 (en) Managing network connectivity between cloud computing service endpoints and virtual machines
JP6445015B2 (en) System and method for providing data services in engineered systems for execution of middleware and applications
CN101207604B (en) Virtual machine system and communication processing method thereof
US9559950B2 (en) Data center networks
US20110299537A1 (en) Method and system of scaling a cloud computing network
CA2753747C (en) Method for operating a node cluster system in a network and node cluster system
EP3367612B1 (en) Dial testing method, dial testing system, and computing node
CN102792651B (en) At the device of MAC layer application service path Route Selection
US20150304450A1 (en) Method and apparatus for network function chaining
WO2016184283A1 (en) Data stream management method and system for virtual machine
EP3780885A1 (en) Method, apparatus and system for establishing subflows of multipath connection
CN111371666B (en) Method, device and system for processing message
CN110740093A (en) data forwarding device based on virtual host
CN106685860B (en) Network virtualization method and device
US11108594B2 (en) Implementing three-layer communication
CN113364660B (en) Data packet processing method and device in LVS load balancing
CN113765799A (en) Method for transmitting and receiving container message, storage medium and container communication system
WO2001097485A2 (en) Method for providing transparent public addressed networks within private networks
CN116488958A (en) Gateway processing method, virtual access gateway, virtual service gateway and related equipment
US7536479B2 (en) Local and remote network based management of an operating system-independent processor
CN115361204A (en) Network isolation method and device for sharing public network IP under edge scene
CN109302447B (en) Message processing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination