CN114124714B - Multi-level network deployment method, device, equipment and storage medium - Google Patents
Multi-level network deployment method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114124714B CN114124714B CN202111332134.XA CN202111332134A CN114124714B CN 114124714 B CN114124714 B CN 114124714B CN 202111332134 A CN202111332134 A CN 202111332134A CN 114124714 B CN114124714 B CN 114124714B
- Authority
- CN
- China
- Prior art keywords
- network
- virtual
- pod
- switch
- bridging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 abstract description 7
- 238000007726 management method Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 7
- RJKFOVLPORLFTN-LEKSSAKUSA-N Progesterone Chemical compound C1CC2=CC(=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H](C(=O)C)[C@@]1(C)CC2 RJKFOVLPORLFTN-LEKSSAKUSA-N 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 108090000623 proteins and genes Proteins 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a multi-level network deployment method, device, equipment and storage medium, and belongs to the technical field of network management. The method comprises the following steps: respectively establishing a management network, a bridging network and a tunnel network for the physical machine cluster system so that a plurality of physical machines are respectively connected to a first switch through the management network and the bridging network, and are respectively connected to a second switch through the tunnel network; and respectively establishing a first bridging sub-network, a second bridging sub-network and a cluster network for each physical machine, so that a plurality of virtual machines are respectively connected to the first virtual switch through the first bridging sub-network, the cluster network and the second virtual switch through the second bridging sub-network. The POD, the virtual machine and the physical machine in the virtual machine can be mutually communicated, the same plane network capability is achieved, and the diversity of network functions is improved.
Description
Technical Field
The present application relates to the field of network management technologies, and in particular, to a method, an apparatus, a device, and a storage medium for deploying a multi-level network.
Background
Early cloud computing was generally an Openstack-based virtual machine solution, and many private cloud solutions were to build Kubernetes on top of an Openstack virtual machine. However, in network topology, the Pod managed by Kubernetes generally adopts intra-cluster IP, and externally provided services are generally exposed in a service manner, which is generally applicable to applications based on network protocols. However, some conventional applications cannot employ such a scheme, for example: streaming media services. Streaming services typically use the UDP protocol and have a strong binding of ip+ ports, which requires that Pod must have a stable and directly exposed IP address. That is, pod is required to be able to provide an IP address on the same plane as the host.
In the prior art, the method for enabling the Pod to provide the IP address on the same plane with the host machine mainly comprises the steps of setting a related plug-in, and after the plug-in is installed, enabling the Pod in the Kubernetes to directly use a virtual machine-level network, namely enabling the Pod's network and the virtual machine to be on the same plane, so that the Pod can directly communicate with external applications.
However, the plug-in is only suitable for a special environment, and when the plug-in is adopted for intercommunication, a large number of virtual network cards and Pod are required to be created in the Openstack in one-to-one correspondence, which greatly consumes the resources of the Openstack, and the Pod in the Kubernetes can only use one network, cannot be used in a mixed mode, and has a single function.
Disclosure of Invention
The purpose of the application is to provide a multi-level network deployment method, device, equipment and storage medium, which can realize mutual communication among PODs, virtual machines and physical machines in virtual machines, have the same plane network capability and improve the diversity of network functions.
Embodiments of the present application are implemented as follows:
in one aspect of the embodiments of the present application, a multi-level network deployment method is provided, where the method is applied to a physical machine cluster system, and the physical machine cluster system includes: a plurality of physical machines, a first switch, a second switch, each physical machine comprising: a plurality of virtual machines, a first virtual switch, a second virtual switch, the method comprising:
respectively establishing a management network, a bridging network and a tunnel network for the physical machine cluster system so that a plurality of physical machines are respectively connected to a first switch through the management network and the bridging network, and are respectively connected to a second switch through the tunnel network;
a first bridging sub-network, a second bridging sub-network and a cluster network are respectively established for each physical machine, so that a plurality of virtual machines are respectively connected to a first virtual switch through the first bridging sub-network, the cluster network and the tunnel network, the plurality of virtual machines are respectively connected to a second virtual switch through the second bridging sub-network, and the second virtual switch is connected with the bridging network;
the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with a first bridging sub-network through the third virtual switch, the second POD is connected with a second bridging sub-network through the fourth virtual switch, and the third POD is connected with a cluster network through the fifth virtual switch.
Optionally, each physical machine includes: the system comprises at least one first network card, at least one second network card and at least one third network card, wherein the first network card is used for connecting a management network, the second network card is used for connecting a bridging network, and the third network card is used for connecting a tunnel network.
Optionally, the physical machine includes: a first network card, a second network card, a third network card.
Optionally, each virtual machine includes: at least one first virtual network card, at least one second virtual network card, and at least one third virtual network card; the first virtual network card is used for connecting the first bridging sub-network, the second virtual network card is used for connecting the second bridging sub-network, and the third virtual network card is used for connecting the cluster network.
Optionally, the virtual machine includes: a first virtual network card, a second virtual network card, a third virtual network card.
Optionally, the virtual machine includes: a first POD, a second POD, and a third POD.
Optionally, the virtual machine further includes: and the fourth POD comprises at least three virtual network interfaces which are respectively connected with the first bridging sub-network, the second bridging sub-network and the cluster network.
In another aspect of the embodiments of the present application, a multi-level network deployment apparatus is provided, where the apparatus is applied to a physical machine cluster system, and the physical machine cluster system includes: a plurality of physical machines, a first switch, a second switch, each physical machine comprising: a plurality of virtual machines, a first virtual switch, a second virtual switch, the apparatus comprising: the system comprises a physical machine network bridge establishment module and a virtual machine network bridge establishment module;
the system comprises a physical machine network bridge establishing module, a physical machine network bridge establishing module and a physical machine network configuration module, wherein the physical machine network bridge establishing module is used for respectively establishing a management network, a bridging network and a tunnel network for a physical machine cluster system so that a plurality of physical machines are respectively connected to a first switch through the management network and the bridging network, and a plurality of physical machines are respectively connected to a second switch through the tunnel network;
the virtual machine network bridge establishment module is used for respectively establishing a first bridging sub-network, a second bridging sub-network and a cluster network for each physical machine, so that a plurality of virtual machines are respectively connected to a first virtual switch through the first bridging sub-network, the cluster network and the first virtual switch, the first virtual switch is connected with a tunnel network, the plurality of virtual machines are respectively connected to a second virtual switch through the second bridging sub-network, and the second virtual switch is connected with the bridging network;
the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with a first bridging sub-network through the third virtual switch, the second POD is connected with a second bridging sub-network through the fourth virtual switch, and the third POD is connected with a cluster network through the fifth virtual switch.
In another aspect of the embodiments of the present application, there is provided a computer device comprising: the system comprises a memory and a processor, wherein the memory stores a computer program which can be run on the processor, and the processor realizes the steps of the multi-level network deployment method when executing the computer program.
In another aspect of the embodiments of the present application, a computer readable storage medium is provided, on which a computer program is stored, which when executed by a processor, implements the steps of the above-described multi-level network deployment method.
The beneficial effects of the embodiment of the application include:
in the method, the device, the equipment and the storage medium for deploying the multi-level network provided by the embodiment of the application, a management network, a bridging network and a tunnel network are respectively established for a physical machine cluster system, so that a plurality of physical machines are respectively connected to a first switch through the management network and the bridging network, and are respectively connected to a second switch through the tunnel network; a first bridging sub-network, a second bridging sub-network and a cluster network are respectively established for each physical machine, so that a plurality of virtual machines are respectively connected to a first virtual switch through the first bridging sub-network, the cluster network and the tunnel network, the plurality of virtual machines are respectively connected to a second virtual switch through the second bridging sub-network, and the second virtual switch is connected with the bridging network; the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with a first bridging sub-network through the third virtual switch, the second POD is connected with a second bridging sub-network through the fourth virtual switch, and the third POD is connected with a cluster network through the fifth virtual switch. Through the connection deployment mode, the corresponding network bridge relationship among the PODs in the virtual machines, the virtual machines in the physical machines and the physical machines in the physical machine cluster system can be established, so that the PODs, the virtual machines and the physical machines can be mutually communicated, the same-plane network capability is achieved, and the diversity of network functions is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a physical machine cluster system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of the inside of a physical machine according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of the inside of a virtual machine according to an embodiment of the present application;
fig. 4 is a flow chart of a multi-level network deployment method provided in an embodiment of the present application;
fig. 5 is another schematic structural diagram of the inside of the virtual machine according to the embodiment of the present application;
fig. 6 is a schematic structural diagram of a multi-level network deployment device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present application, it should be noted that the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and are not to be construed as indicating or implying relative importance.
In order to more clearly explain the related art related to the present application, the following explains related terms and english-specific words that may be related to the present application.
Kubernetes: is an open source for managing containerized applications on multiple hosts in a cloud platform, and the goal of Kubernetes is to make deploying containerized applications simple and efficient, kubernetes provides a mechanism for application deployment, planning, updating, and maintenance.
OpenStack: openStack is an open-source cloud computing management platform project, is a combination of a series of software open-source projects, and provides extensible and elastic cloud computing services for private cloud and public cloud.
POD: in Kubernetes clusters, pod is the basis for all traffic types, which is a combination of one or more containers. These containers share specifications of storage, networks, and namespaces, and how to operate. In Pod, all containers are arranged and scheduled identically and run in a shared context. In the embodiment of the present application, the POD is a child container provided in the virtual machine.
The following specifically explains the specific structural relationship of the physical machine cluster system provided in the embodiment of the present application.
Fig. 1 is a schematic structural diagram of a physical machine cluster system provided in an embodiment of the present application, referring to fig. 1, the physical machine cluster system includes: the plurality of physical machines 110, the first switch 120 and the second switch 130, the plurality of physical machines 110 are respectively connected to the first switch 120 through a management network and a bridge network, and the plurality of physical machines 110 are respectively connected to the second switch 120 through a tunnel network.
Alternatively, the physical machine 110 may be specifically a physical computer device, for example: computers, cell phones, tablet computers, dedicated electronic devices, etc., are not particularly limited herein.
Alternatively, the first switch 120 and the second switch 130 may each be an entity switch, for example: the first switch can be network bridging equipment such as a router, and the physical machine accessed to the first switch can be accessed to the Internet through the first switch; the second switch may be a cluster-specific high-speed switch.
Optionally, the physical machine 110 may provide a bridging network for the virtual machines to communicate with the outside of the cluster in an Underlay (flat/vlan) manner through the first switch 120, and the physical machine 110 may provide a tunnel network for the virtual machines in the physical machine 110 to communicate with each other in the cluster in an Overlay (vlan/gene) manner through the second switch 130.
The management network may specifically be a network that is an interface of cluster management; the bridging network is used for providing an Underlay (flat/vlan) network for the virtual machine, so that the capacity of the same plane network as the physical machine is provided for the virtual machine; the tunnel network can virtualize a plurality of physical machines into a large intranet, and provides a private network for the virtual machines in an Overlay (vxlan/gene) mode.
Optionally, each physical machine includes: the system comprises at least one first network card, at least one second network card and at least one third network card, wherein the first network card is used for connecting a management network, the second network card is used for connecting a bridging network, and the third network card is used for connecting a tunnel network.
Optionally, the number of network cards may be set according to the actual requirement of the user, where at least one of the first network card, the second network card and the third network card is required.
Illustratively, in the physical machine cluster system shown in fig. 1, each physical machine includes: a first network card, a second network card, a third network card.
The following specifically explains the structural relationship inside the physical machine in the embodiment of the present application.
Fig. 2 is a schematic structural diagram of the inside of a physical machine provided in the embodiment of the present application, referring to fig. 2, each physical machine includes: the system comprises a plurality of virtual machines 210, a first virtual switch 220 and a second virtual switch 230, wherein the plurality of virtual machines 210 are respectively connected to the first virtual switch 220 through a first virtual network card and a third virtual network card, the first virtual switch 220 is connected with a tunnel network, the plurality of virtual machines 210 are respectively connected to the second virtual switch 230 through a second virtual network card, and the second virtual switch 230 is connected with a bridging network.
Alternatively, the virtual machine 210 may be a complete computer system with complete hardware system functions, i.e. a virtual computer device, installed in the physical machine 110 and simulated by software, and running in a completely isolated environment, similar to the task that the physical machine can perform.
The first virtual switch 220 and the second virtual switch 230 may be switches having a complete hardware system function, which are installed in the physical machine 110 through software simulation. Similar to what an entity switch can do.
Wherein the first virtual switch 220 may be a virtual switch supporting an Overlay (vxlan/gene) network; the second virtual switch 230 may be a virtual switch supporting an Underlay (flat/vlan) network.
Optionally, each virtual machine 210 includes: at least one first virtual network card, at least one second virtual network card, and at least one third virtual network card; the first virtual network card is used for connecting the first bridging sub-network, the second virtual network card is used for connecting the second bridging sub-network, and the third virtual network card is used for connecting the cluster network.
Optionally, the first bridging subnetwork accesses the first virtual switch 220, the second bridging subnetwork accesses the second virtual switch 230, and the cluster network accesses the first virtual switch 220.
Optionally, the number of virtual network cards may be set according to the actual needs of the user, where at least one of the first virtual network card, the second virtual network card, and the third virtual network card is required.
Illustratively, in the physical machine shown in fig. 2, the virtual machine includes: a first virtual network card, a second virtual network card, a third virtual network card.
The connection relationship inside the virtual machine provided in the embodiment of the present application is specifically explained below.
Fig. 3 is a schematic structural diagram of the inside of a virtual machine provided in the embodiment of the present application, referring to fig. 3, the virtual machine includes a first POD310, and a third virtual switch 340 connected to the first POD; a second POD320, a fourth virtual switch 350 connected to the second POD; the third POD330 and the fifth virtual switch 360 connected to the third POD, the first POD310 is connected to the first bridging sub-network through the third virtual switch 340, the second POD320 is connected to the second bridging sub-network through the fourth virtual switch 350, and the third POD330 is connected to the cluster network through the fifth virtual switch 360.
Alternatively, the first POD310, the second POD320, and the third POD330 are all virtual containers disposed in a virtual machine; the third virtual switch 340, the fourth virtual switch 350, and the fifth virtual switch 360 are all child virtual switches provided in the virtual machine.
Wherein, the first POD, the second POD and the third POD each have only one virtual network card, the third virtual switch 340 may be a virtual switch supporting an Overlay (vxlan/gene) network, and the third virtual switch 340 may be connected to the first bridging sub-network; the fourth virtual switch 350 may be a virtual switch supporting an Overlay (vxlan/gene) network, and the fourth virtual switch 350 may be connected to the aforementioned second bridging subnetwork; the fifth virtual switch 360 may be a virtual switch supporting an Underlay (flat/vlan) network, and the fifth virtual switch 360 may be connected to the aforementioned cluster network.
Illustratively, in the virtual machine shown in fig. 3, it includes: a first POD, a second POD, and a third POD.
The following specifically explains the implementation procedure of the multi-level network deployment method provided in the embodiment of the present application.
Fig. 4 is a flowchart of a multi-level network deployment method provided in an embodiment of the present application, please refer to fig. 4, and the method includes:
s410: and respectively establishing a management network, a bridging network and a tunnel network for the physical machine cluster system. So that the plurality of physical machines are respectively connected to the first switch through the management network and the bridging network, and the plurality of physical machines are respectively connected to the second switch through the tunnel network.
Optionally, the network card on each physical machine may be configured correspondingly in response to a configuration operation of the user, so that the management network, the bridge network and the tunnel network are established.
Optionally, the execution body of the method may be specifically any physical machine in the above-mentioned physical machine cluster system.
S420: and respectively establishing a first bridging sub-network, a second bridging sub-network and a cluster network for each physical machine. The plurality of virtual machines are respectively connected to the second virtual switch through the second bridging sub-network, and the second virtual switch is connected with the bridging network.
Optionally, in the process of establishing the first bridging sub-network, the second bridging sub-network and the cluster network, network connection configuration of the virtual machine may be performed corresponding to operation of the relevant configuration plugin in the physical machine by the user.
For example: the first virtual network card of the virtual machine may be connected to the Overlay network (assuming that the network CIDR is 192.168.0.0/24), the second virtual network card of the virtual machine and the first virtual network card share a subnet, the Overlay network is also connected, and the third virtual network card of the virtual machine is connected to the Underlay network (assuming that the network CIDR is 10.5.202.0/24). The above operation may be specifically completed on the Openstack, where the second virtual network card and the third virtual network card are used as bridging network cards, and no address allocation is required, and in the configuring process, the "port security" option of the Openstack needs to be closed, so that the traffic of different IP addresses passes through.
The relevant instructions are as follows:
openstack port create--network${NETWORK_ID}--no-fixed-ip --disable-port-security${PORT_NAME}
openstack server add port${SERVER_ID}${PORT_ID}
the specific meaning of the above instruction is to create a network port and attach the created network port to a specified virtual machine.
In the process of network planning, a preset related plug-in unit may be adopted, for example: kube-ovn plug-in, key parameters can be adjusted during planning by adopting the plug-in, and the specific adjustment process is as follows:
(1) The POD_CIDR is modified to 172.30.0.0/16, the SVC_CIDR is modified to 172.31.0.0/16, and collision between the network of the physical machine and the network of the virtual machine is avoided.
(2) The NETWORK_TYPE is modified to be a hybrid mode, i.e. two NETWORK models of overlay/underlay are supported simultaneously.
(3) And modifying VLAN_INTERFACE_NAME to be eth1, namely the NAME of the second virtual network card in the virtual machine.
(4) Modify VLAN ID to 0 or VLAN value allowed to pass in the physical switch (i.e. the first switch or the second switch).
It should be noted that, the kube-ovn plug-in is a plug-in for supporting bridge establishment, and this plug-in is taken as an example in this application, and other plug-ins for supporting bridge establishment may also be used in the actual use process, which is not limited in particular herein.
Optionally, after the kube-ovn plug-in is installed, kube-ovn automatically creates a default network using the eth0 network card (first virtual network card) as a kubernetes cluster network, the subnet name is ovn-default, and the CIDR is 172.30.0.0/16. The PODs within the virtual machine use the addresses in the network by default, thereby enabling interworking between different PODs.
Optionally, the process of creating an Underlay network in the virtual machine is explained below, and specifically, the plug-in kube-ovn may also be adopted, where the kube-ovn automatically creates a bridge, named br-provider, and binds to the eth1 network card (second virtual network card). The following steps are as follows:
(1) Defining a Vlan resource, named Vlan;
(2) Defining a Namespace, also named vlan;
(3) Defining a subnet, also named vlan, cidrBlock set to 192.168.0.0/24 (i.e. same subnet as the virtual machine) and gateway set to 192.168.0.1 (i.e. same gateway as the virtual machine).
(4) After the vlan sub-network is successfully created, all subsequent PODs under the Namespace=vlan are allocated to addresses in the sub-network 192.168.0.0/24, that is, the PODs and the virtual machines where the PODs are located are in the same sub-network, so that the PODs can directly communicate with other virtual machines.
Alternatively, a procedure of creating a second underway network in the virtual machine using the eth2 network card (third virtual network card) as a bridge will be explained below. Multiple bridges are not supported due to the kube-ovn plug-in default deployment. Additional creation is required, as follows:
(1) The 2 nd bridge is created for all virtual machines, and kube-ovn own commands can be used:
kubectl-ko vsctl$node add-br br-provider2
where $node is the hostname of the virtual machine and br-provider2 is the bridge name to be created.
(2) Adding the 3 rd network card to the network bridge br-provider 2:
kubectl-ko vsctl$node add-port br-provider2 eth2
wherein eth2 is the name of the third virtual network card.
(3) The ovn-bridge-mapping parameter in the openvswitch is modified:
kubectl-ko vsctl$node set open.external-ids:ovn-bridge-mappings=
provider:br-provider,provider2:br-provider2
wherein br-provider is the bridge name created by default when kube-ovn is installed and br-provider2 is the bridge name created as described above.
(4) Defining a Vlan resource, named Vlan-ex; setting a providerInterfaceName parameter as provider2; setting a logicalInterfaceName parameter as eth2;
(5) Defining a Namespace, also named vlan-ex;
(6) Defining a subnet, also named vlan-ex, cidrBlock set to 10.5.202.0/24 (i.e., same subnet as the physical machine) and gateway set to 10.5.202.1 (i.e., same gateway as the physical machine).
(7) After the vlan-ex subnet is successfully created, all subsequent PODs under the Namespace=vlan-ex are allocated to addresses in the subnet 10.5.202.0/24, that is, the addresses are in the same subnet as the physical machine, and the network card eth2 (third virtual network card) is an Underlay network at the openstack level, so that the PODs in the k8s cluster can also be directly intercommunicated with the physical machine outside the openstack.
Alternatively, the Kubernetes may be provided with three networks in the above manner, and different networks may be used for different PODs.
Wherein, according to the address, the first POD uses the first bridging sub-network and the virtual machine to be in the same sub-network (192.168.0.0/24); the second POD is in the same subnet (10.5.202.0/24) as the physical machine using a second bridging subnetwork; the third POD uses a clustered network (172.30.0.0/16).
In the multi-level network deployment method provided by the embodiment of the application, a management network, a bridging network and a tunnel network are respectively established for a physical machine cluster system, so that a plurality of physical machines are respectively connected to a first switch through the management network and the bridging network, and are respectively connected to a second switch through the tunnel network; a first bridging sub-network, a second bridging sub-network and a cluster network are respectively established for each physical machine, so that a plurality of virtual machines are respectively connected to a first virtual switch through the first bridging sub-network, the cluster network and the tunnel network, the plurality of virtual machines are respectively connected to a second virtual switch through the second bridging sub-network, and the second virtual switch is connected with the bridging network; the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with a first bridging sub-network through the third virtual switch, the second POD is connected with a second bridging sub-network through the fourth virtual switch, and the third POD is connected with a cluster network through the fifth virtual switch. Through the connection deployment mode, the corresponding network bridge relationship among the PODs in the virtual machines, the virtual machines in the physical machines and the physical machines in the physical machine cluster system can be established, so that the PODs, the virtual machines and the physical machines can be mutually communicated, the same-plane network capability is achieved, and the diversity of network functions is improved.
Another specific structural relationship in the virtual machine provided in the embodiment of the present application is specifically explained below.
Fig. 5 is another schematic structural diagram of the inside of the virtual machine according to the embodiment of the present application, referring to fig. 5, the virtual machine further includes: the fourth POD370, the fourth POD370 comprises at least three virtual network interfaces connected with the first bridging sub-network, the second bridging sub-network and the cluster network, respectively.
Optionally, the fourth POD may be a POD using Multus-CNI, and three virtual network interfaces may be created simultaneously, and each virtual network interface may communicate with other PODs in the cluster through the cluster network; communicating with the virtual machine through a first bridging subnetwork; and communicating with the physical machine through a second bridging sub-network.
The following describes a device, equipment, a storage medium, etc. corresponding to the multi-level network deployment method provided by the present application, and specific implementation processes and technical effects of the device, equipment, storage medium, etc. refer to the foregoing, and are not described in detail below.
Fig. 6 is a schematic structural diagram of a multi-level network deployment device provided in an embodiment of the present application, referring to fig. 6, the device includes: a physical machine bridge establishment module 610 and a virtual machine bridge establishment module 620;
the physical machine bridge establishing module 610 is configured to establish a management network, a bridging network, and a tunnel network for the physical machine cluster system, so that the plurality of physical machines are connected to the first switch through the management network and the bridging network, and the plurality of physical machines are connected to the second switch through the tunnel network;
the virtual machine bridge establishment module 620 is configured to establish a first bridging sub-network, a second bridging sub-network, and a cluster network for each physical machine, so that the plurality of virtual machines are connected to the first virtual switch through the first bridging sub-network, the cluster network, and the first virtual switch, the tunnel network, the plurality of virtual machines are connected to the second virtual switch through the second bridging sub-network, and the second virtual switch is connected to the bridging network; the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with a first bridging sub-network through the third virtual switch, the second POD is connected with a second bridging sub-network through the fourth virtual switch, and the third POD is connected with a cluster network through the fifth virtual switch.
The foregoing apparatus is used for executing the method provided in the foregoing embodiment, and its implementation principle and technical effects are similar, and are not described herein again.
The above modules may be one or more integrated circuits configured to implement the above methods, for example: one or more application specific integrated circuits (Application Specific Integrated Circuit, abbreviated as ASICs), or one or more microprocessors, or one or more field programmable gate arrays (Field Programmable Gate Array, abbreviated as FPGAs), etc. For another example, when a module above is implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or other processor that may invoke the program code. For another example, the modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application, referring to fig. 7, the computer device includes: the system comprises a memory 710 and a processor 720, wherein the memory 710 stores a computer program which can be run on the processor 720, and the processor 720 realizes the steps of the multi-level network deployment method when executing the computer program.
Optionally, the computer device may specifically be any physical machine in the foregoing physical machine cluster system.
In another aspect of the embodiments of the present application, there is further provided a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the above-described multi-level network deployment method.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (english: processor) to perform part of the steps of the methods of the embodiments of the invention. And the aforementioned storage medium includes: u disk, mobile hard disk, read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk, etc.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes or substitutions are covered by the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (10)
1. A method for deploying a multi-level network, wherein the method is applied to a physical machine cluster system, the physical machine cluster system comprising: a plurality of physical machines, a first switch, a second switch, each of the physical machines comprising: a plurality of virtual machines, a first virtual switch, a second virtual switch, the method comprising:
respectively establishing a management network, a bridging network and a tunnel network for the physical machine cluster system so that the plurality of physical machines are respectively connected to a first switch through the management network and the bridging network, and the plurality of physical machines are respectively connected to a second switch through the tunnel network;
respectively establishing a first bridging sub-network, a second bridging sub-network and a cluster network for each physical machine, so that the plurality of virtual machines are respectively connected to the first virtual switch through the first bridging sub-network, the cluster network and the tunnel network, the plurality of virtual machines are respectively connected to the second virtual switch through the second bridging sub-network, and the second virtual switch is connected with the bridging network;
the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with the first bridging sub-network through the third virtual switch, the second POD is connected with the second bridging sub-network through the fourth virtual switch, and the third POD is connected with the cluster network through the fifth virtual switch.
2. The method of claim 1, wherein each of the physical machines comprises: the system comprises at least one first network card, at least one second network card and at least one third network card, wherein the first network card is used for connecting the management network, the second network card is used for connecting the bridging network, and the third network card is used for connecting the tunnel network.
3. The method of claim 2, wherein the physical machine comprises: a first network card, a second network card, a third network card.
4. The method of claim 1, wherein each of the virtual machines comprises: at least one first virtual network card, at least one second virtual network card, and at least one third virtual network card; the first virtual network card is used for connecting the first bridging sub-network, the second virtual network card is used for connecting the second bridging sub-network, and the third virtual network card is used for connecting the cluster network.
5. The method of claim 4, wherein the virtual machine comprises: a first virtual network card, a second virtual network card, a third virtual network card.
6. The method of claim 1, wherein the virtual machine comprises: a first POD, a second POD, and a third POD.
7. The method of claim 5, wherein the virtual machine further comprises: and the fourth POD comprises at least three virtual network interfaces which are respectively connected with the first bridging sub-network, the second bridging sub-network and the cluster network.
8. A multi-level network deployment apparatus, the apparatus being applied to a physical machine cluster system, the physical machine cluster system comprising: a plurality of physical machines, a first switch, a second switch, each of the physical machines comprising: a plurality of virtual machines, a first virtual switch, a second virtual switch, the apparatus comprising: the system comprises a physical machine network bridge establishment module and a virtual machine network bridge establishment module;
the physical machine network bridge building module is used for building a management network, a bridging network and a tunnel network for the physical machine cluster system respectively, so that the physical machines are connected to the first switch through the management network and the bridging network respectively, and are connected to the second switch through the tunnel network respectively;
the virtual machine network bridge building module is used for building a first bridging sub-network, a second bridging sub-network and a cluster network for each physical machine respectively, so that the plurality of virtual machines are connected to the first virtual switch through the first bridging sub-network, the cluster network and the tunnel network respectively, the plurality of virtual machines are connected to the second virtual switch through the second bridging sub-network respectively, and the second virtual switch is connected with the bridging network;
the virtual machine comprises a first POD, a third virtual switch connected with the first POD, a second POD, a fourth virtual switch connected with the second POD, a third POD and a fifth virtual switch connected with the third POD, wherein the first POD is connected with the first bridging sub-network through the third virtual switch, the second POD is connected with the second bridging sub-network through the fourth virtual switch, and the third POD is connected with the cluster network through the fifth virtual switch.
9. A computer device, comprising: memory, a processor, in which a computer program is stored which is executable on the processor, when executing the computer program, realizing the steps of the method of any of the preceding claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111332134.XA CN114124714B (en) | 2021-11-11 | 2021-11-11 | Multi-level network deployment method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111332134.XA CN114124714B (en) | 2021-11-11 | 2021-11-11 | Multi-level network deployment method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124714A CN114124714A (en) | 2022-03-01 |
| CN114124714B true CN114124714B (en) | 2024-03-12 |
Family
ID=80378412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111332134.XA Active CN114124714B (en) | 2021-11-11 | 2021-11-11 | Multi-level network deployment method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124714B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114785762A (en) * | 2022-03-23 | 2022-07-22 | 深圳市飞泉云数据服务有限公司 | Method and device for realizing cloud computing system, terminal equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605084A (en) * | 2009-06-29 | 2009-12-16 | 北京航空航天大学 | Virtual network message processing method and system based on virtual machine |
| CN102469004A (en) * | 2010-10-29 | 2012-05-23 | 中国科学院计算技术研究所 | Virtual machine network system and creation method thereof |
| CN104066207A (en) * | 2014-05-29 | 2014-09-24 | 浙江大学 | 802.11 wireless access network based on virtualization technology |
| CN110838975A (en) * | 2018-08-15 | 2020-02-25 | 丛林网络公司 | Secure forwarding of tenant workloads in virtual networks |
| CN111800523A (en) * | 2020-06-30 | 2020-10-20 | 北京金山云网络技术有限公司 | Management method, data processing method and system of virtual machine network |
| CN112035216A (en) * | 2020-09-01 | 2020-12-04 | 浪潮云信息技术股份公司 | Communication method for Kubernetes cluster network and OpenStack network |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9559896B2 (en) * | 2013-07-08 | 2017-01-31 | Cisco Technology, Inc. | Network-assisted configuration and programming of gateways in a network environment |
| US9565105B2 (en) * | 2013-09-04 | 2017-02-07 | Cisco Technology, Inc. | Implementation of virtual extensible local area network (VXLAN) in top-of-rack switches in a network environment |
-
2021
- 2021-11-11 CN CN202111332134.XA patent/CN114124714B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605084A (en) * | 2009-06-29 | 2009-12-16 | 北京航空航天大学 | Virtual network message processing method and system based on virtual machine |
| CN102469004A (en) * | 2010-10-29 | 2012-05-23 | 中国科学院计算技术研究所 | Virtual machine network system and creation method thereof |
| CN104066207A (en) * | 2014-05-29 | 2014-09-24 | 浙江大学 | 802.11 wireless access network based on virtualization technology |
| CN110838975A (en) * | 2018-08-15 | 2020-02-25 | 丛林网络公司 | Secure forwarding of tenant workloads in virtual networks |
| CN111800523A (en) * | 2020-06-30 | 2020-10-20 | 北京金山云网络技术有限公司 | Management method, data processing method and system of virtual machine network |
| CN112035216A (en) * | 2020-09-01 | 2020-12-04 | 浪潮云信息技术股份公司 | Communication method for Kubernetes cluster network and OpenStack network |
Non-Patent Citations (2)
| Title |
|---|
| 网络感知的虚拟机部署与整合技术研究及实现;罗刚毅;《中国优秀硕士学位论文全文数据库》;20160131;全文 * |
| 虚拟机网络部署与管理研究;沈敏虎,查德平,刘百祥等;《实验技 术与管理》;20110430;311-313 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124714A (en) | 2022-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107947961B (en) | SDN-based Kubernetes network management system and method | |
| US10547463B2 (en) | Multicast helper to link virtual extensible LANs | |
| CN107851034B (en) | System and method for defining a virtual machine architecture profile for a virtual machine | |
| US10367753B2 (en) | Virtual network interface records | |
| EP3430512B1 (en) | Network virtualization of containers in computing systems | |
| CN107852376B (en) | System and method for router SMA abstraction supporting SMP connectivity checks across virtual router ports in a high performance computing environment | |
| CN108141415B (en) | System and method for supporting dual-ported virtual routers in a high performance computing environment | |
| CN109040276B (en) | Method and device for constructing cloud platform, computer storage medium and terminal | |
| CN114363021B (en) | Network target range system, virtual network implementation method and device of network target range system | |
| US10622769B2 (en) | Modular infrastructure management device | |
| US8612738B2 (en) | System and method for automated network configuration | |
| CN108370368B (en) | Security policy deployment method and device | |
| CN110995561B (en) | Virtual network data communication interaction method and system based on container technology | |
| CN103997414A (en) | Configuration information generation method and network control unit | |
| EP3643012B1 (en) | Validating endpoint configurations between nodes | |
| CN110224917B (en) | Data transmission method, device and system and server | |
| US9166947B1 (en) | Maintaining private connections during network interface reconfiguration | |
| CN114124714B (en) | Multi-level network deployment method, device, equipment and storage medium | |
| EP4221103A1 (en) | Public cloud network configuration method, and related device | |
| US8615600B2 (en) | Communication between a host operating system and a guest operating system | |
| US11337323B2 (en) | Modular infrastructure management device | |
| CN117278428A (en) | Metric set for software defined network architecture | |
| Missbach et al. | Stateless Computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |