CN114924835A - Method and system for improving virtual machine access performance under super-fusion environment - Google Patents

Method and system for improving virtual machine access performance under super-fusion environment Download PDF

Info

Publication number
CN114924835A
CN114924835A CN202210506959.7A CN202210506959A CN114924835A CN 114924835 A CN114924835 A CN 114924835A CN 202210506959 A CN202210506959 A CN 202210506959A CN 114924835 A CN114924835 A CN 114924835A
Authority
CN
China
Prior art keywords
container
node
network
ebpf
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210506959.7A
Other languages
Chinese (zh)
Inventor
石光银
蔡卫卫
高传集
孙思清
肖雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN202210506959.7A priority Critical patent/CN114924835A/en
Publication of CN114924835A publication Critical patent/CN114924835A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for improving virtual machine access performance in a super-convergence environment, belongs to the technical field of container access, and aims to solve the technical problem of avoiding using an IPtables rule and improving the network performance of a virtual machine and a container. The method comprises the following steps: creating an eBPF-based network plug-in, wherein the network plug-in is configured on a container network interface; monitoring nodes, service resources and IP network segment resources of the container cloud based on an Operator and a CRD; when a newly added node is monitored, an IP network segment is distributed through a network plug-in and a node routing strategy is generated, wherein the IP network segment comprises a container IP segment; when a new container is added to a node, a container network card is created through a network plug-in and a container IP is distributed, and an eBPF interface is called to establish the mapping between the container network card and the container IP in an operating system kernel; and calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system when the newly added service resource is monitored.

Description

Method and system for improving virtual machine access performance under super-fusion environment
Technical Field
The invention relates to the technical field of container access, in particular to a method and a system for improving virtual machine access performance in a super-fusion environment.
Background
With the development of cloud computing services, a container technology is accepted and used by wide cloud manufacturers as a mainstream cloud computing technology, and cloud manufacturers successively release cloud products such as public clouds, private clouds, edge clouds, distributed clouds and the like. Each cloud product adopts a container technology to manage cloud physical host resources, and the container technology comprises main functions of container resource management, container scheduling and the like. The container-based cloud native technology provides declarative centralized management and distributed concurrent execution capacity for the cloud platform, provides a uniform operation interface for research and development and operation and maintenance personnel of the cloud platform, and provides the capacity of efficient management of cloud resources.
The workload provided by the cloud manufacturer for the tenant is mainly divided into a container and a virtual machine, the cloud manufacturer provides a super-fusion product, namely, the virtual machine control plane program is managed by using the cloud native technology of the container, and the operation and maintenance capacity of the virtual machine management program can be greatly improved. When the management surface program of the virtual machine is managed by using the container, the computing and storage resources required by the virtual machine are taken as nodes of the container cloud and are brought into the cloud platform, so that network traffic of the virtual machine and the container exists on the computing nodes at the same time.
The current popular container network management components are Calico, Kuryr, Kube-OVN, OVS, MacVtap and the like, wherein the Calico has better performance and is generally used for the network management of containers. The container network resources comprise a Pod network and a Service network, wherein the Pod network is realized by Calico, and the Service network is realized by Kube-Proxy. Calico and Kube-Proxy are implemented based on the Iptables, so there are many Iptables rules in CKE clusters. Because the operating system needs to load all rules when matching the Iptables rules, the time complexity is o (n), and the more the rules are, the slower the rule matching is. In a 100-node-scale cluster, a Pod has a ten thousand-level scale, a Service also has a ten thousand-level scale, an Iptables rule is at least 4 thousands, and the access delay of a container and a virtual machine network in the cluster is very large, so that the access performance is seriously influenced.
In the super-convergence environment, the virtual machine and the container run on the computing node at the same time, and most of the network traffic of the container and the virtual machine is managed by the Iptables, so when the tenant accesses the virtual machine resource, the Iptables rule of the container is also filtered. The more nodes managed by the cloud platform and the more Iptables rules, when the cluster scale reaches 200, the access performance of the virtual machine is seriously affected, and most private clouds reach the cluster scale of 200 nodes, so that the performance problem of accessing the virtual machine is urgently needed to be solved.
In a converged environment, how to avoid using the Iptables rule, improve the network performance of virtual machines and containers, and provide high-performance containers and virtual machine workloads is a technical problem to be solved.
Disclosure of Invention
The technical task of the invention is to provide a method and a system for improving the access performance of a virtual machine in a super-fusion environment, so as to solve the technical problems of avoiding using an Iptables rule, improving the network performance of the virtual machine and a container, and providing a high-performance container and a virtual machine workload in the fusion environment.
In a first aspect, the method for improving virtual machine access performance in a super-fusion environment of the present invention is characterized by comprising the following steps:
creating an eBPF-based network plug-in, the network plug-in being configured at a container network interface;
monitoring nodes, service resources and IP network segment resources of the container cloud based on an Operator and a CRD;
when a newly added node is monitored, distributing an IP network segment to the newly added node through a network plug-in and generating a node routing strategy, wherein the IP network segment comprises a container IP segment;
when a newly added container on a node is monitored, for the newly added container, a container network card is created through the network plug-in and a container IP is distributed, and an eBPF interface is called to establish the mapping between the container network card and the container IP in an operating system kernel;
and when the newly added service resource is monitored, calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system for the newly added service resource.
Preferably, when the node is monitored to delete the container, calling the eBPF interface to remove the mapping between the container network card and the container IP in the kernel of the operating system for the deleted container, and recovering the corresponding container IP and the container network card through the network plug-in;
when the nodes to be deleted are monitored, calling an eBPF interface to remove the mapping between a container network card and a container IP in an operating system kernel for each container under the nodes to be deleted, recovering the corresponding container IP and the container network card through the network plug-in, and recovering the corresponding IP network segment resources for the nodes to be deleted;
and when the service resources are monitored to be deleted, calling the eBPF interface to remove the mapping between the service resource IP and the container IP in the operating system for the service resources to be deleted.
Preferably, for the newly added container, a container IP is allocated from the IP network segment of the corresponding node through the network plug-in.
Preferably, when one node accesses the container of the current node, calling the eBPF interface, and realizing the access of the container according to the mapping relation between the container IP and the container network card;
when one node accesses the container of another node, the node where the container is located is found as a target node through a node routing strategy, and an eBPF interface is called on the target node to access the container according to the mapping relation between the container IP and the container network card.
Preferably, when a node accesses the container through the service resource, the eBPF interface is called, and the IP of the container is found according to the mapping relation between the IP of the service resource and the IP of the container;
if the container IP is at the current node, calling an eBPF interface, and accessing the container according to the mapping relation between the container IP and the container network card;
if the container IP is located at other nodes, finding out the node where the container is located as a target node through a node routing strategy, and calling an eBPF interface on the target node to access the container according to the mapping relation between the container IP and the container network card.
In a second aspect, the present invention provides a system for improving virtual machine access performance in a super-fusion environment, which is used for implementing container access by the method for improving virtual machine access performance in a super-fusion environment according to any one of the first aspect, and the system includes:
a network plug-in configuration module for creating an eBPF-based network plug-in configured at the container network interface;
the monitoring module is used for monitoring nodes, service resources and IP network segment resources of the container cloud based on an Operator and a CRD;
the node configuration module is used for distributing an IP network segment through a network plug-in and generating a node routing strategy for the newly added node when the newly added node is monitored through the monitoring module, wherein the IP network segment comprises a container IP segment;
the container configuration module is used for creating a container network card and distributing a container IP for the newly added container through the network plug-in when the newly added container on the node is monitored through the monitoring module, and calling an eBPF interface to establish the mapping between the container network card and the container IP in an operating system kernel;
and the service resource configuration module is used for calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system for the newly added service resource when the monitoring module monitors the newly added container on the node.
Preferably, when the monitoring module monitors that a container is deleted from a node, the container configuration module is used for calling an eBPF interface to remove the mapping between the container network card and the container IP in an operating system kernel for the deleted container, and recovering the corresponding container IP and the container network card through the network plug-in;
when the monitoring module monitors the deleted node, the node configuration module is matched with the container configuration module, for each container under the node to be deleted, the container configuration module is used for calling an eBPF interface in an operation system kernel to remove the mapping between a container network card and a container IP, and recovering the corresponding container IP and the container network card through the network plug-in, and for the node to be deleted, the node configuration module is used for recovering the corresponding IP network segment resource;
and when the monitoring module monitors that the service resources are deleted, the service resource configuration module is used for calling the eBPF interface to remove the mapping of the service resource IP and the container IP in the operating system for the service resources to be deleted.
Preferably, for the newly added container, the container configuration module is configured to allocate a container IP from the IP network segment of the corresponding node through the network plug-in.
Preferably, when a node accesses the container of the current node, the node calls an eBPF interface to realize the access of the container according to the mapping relation between the container IP and the container network card;
when one node accesses the container of another node, the node finds out the node where the container is located as a target node through a node routing strategy, and calls an eBPF interface on the target node to access the container according to the mapping relation between the container IP and the container network card.
Preferably, when a node accesses the container through the service resource, the node calls an eBPF interface and finds the container IP according to the mapping relation between the service resource IP and the container IP;
if the container IP is at the current node, the node calls an eBPF interface to access the container according to the mapping relation between the container IP and the container network card;
if the container IP is located in other nodes, the node finds out the node where the container is located as a target node through a node routing strategy, and calls an eBPF interface to access the container according to the mapping relation between the container IP and the container network card on the target node.
The method and the system for improving the virtual machine access performance in the super-fusion environment have the following advantages:
1. establishing a network plug-in based on eBPF, wherein the network plug-in is configured at a container network interface, for a node, an IP network segment can be distributed through the network plug-in, a node routing strategy is generated, for a container, a container network can be established through the plug-in, a container IP is distributed, a mapping relation between a container network card and the container IP is established, and for a service resource, a mapping relation between the service resource IP and the container IP is established, so that the access of the container is realized based on the eBPF technology, and the use of an IPtables rule is avoided;
2. in a large-scale container cloud cluster, the performance of accessing the container is improved, and the network performance of accessing a tenant virtual machine and the container is improved;
3. the high availability and the stability of the cloud platform are greatly improved, high-performance containers and virtual machine workloads are provided for tenants, and the satisfaction degree of users is greatly improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed for the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
The invention is further described below with reference to the accompanying drawings.
Fig. 1 is a flow chart of a method for improving virtual machine access performance in a super-fusion environment according to embodiment 1;
fig. 2 is a schematic diagram of a container access architecture in a method for improving virtual machine access performance in a hyper-convergence environment according to embodiment 1.
Detailed Description
The present invention is further described below with reference to the accompanying drawings and specific embodiments so that those skilled in the art can better understand the present invention and can implement the present invention, but the embodiments are not intended to limit the present invention, and the embodiments and technical features of the embodiments can be combined with each other without conflict.
The embodiment of the invention provides a method and a system for improving access performance of a virtual machine in a super-convergence environment, which are used for solving the technical problems of avoiding using an Iptables rule, improving network performance of the virtual machine and a container and providing a high-performance container and a virtual machine working load in the convergence environment.
Example 1:
the invention relates to a method for improving virtual machine access performance in a super-fusion environment, which comprises the following steps:
s100, creating a network plug-in based on eBPF, wherein the network plug-in is configured at a container network interface;
s200, monitoring nodes, service resources and IP network segment resources of the container cloud based on an Operator and a CRD;
s300, when a newly added node is monitored, distributing an IP network segment to the newly added node through a network plug-in and generating a node routing strategy, wherein the IP network segment comprises a container IP segment;
when a newly added container on a node is monitored, for the newly added container, a container network card is created through a network plug-in and a container IP is distributed, and an eBPF interface is called to establish the mapping between the container network card and the container IP in an operating system kernel;
and when the newly added service resource is monitored, for the newly added service resource, calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system.
In this embodiment, a network plug-in based on the eBPF is developed at the container network interface, the creation of the container network card and the allocation of the container IP are realized by the network plug-in, and the mapping between the container network card and the IP is realized in the kernel of the operating system based on the eBPF technology. In the case of container IP allocation, a container IP is allocated from the IP network segment of the corresponding node via the network plug-in.
In this embodiment, nodes, service resources, and IP network segment resources of a container cloud are monitored based on an Operator + CRD technology, and for the service resources, load balancing from a ServiceIP to a container IP is implemented in an operating system kernel based on an eBPF technology.
Node, container, and service resource operations are not limited to additions, but involve deletions. When a node is monitored to delete a container, calling an eBPF interface to remove the mapping between a container network card and a container IP in an operating system kernel for the deleted container, and recovering the corresponding container IP and the container network card through the network plug-in;
when the nodes to be deleted are monitored, calling an eBPF interface to remove the mapping between the container network card and the container IP in the kernel of the operating system for each container under the nodes to be deleted, recovering the corresponding container IP and the container network card through the network plug-in, and recovering the corresponding IP network segment resources for the nodes to be deleted;
and when the service resources are monitored to be deleted, calling the eBPF interface to remove the mapping between the service resource IP and the container IP in the operating system for the service resources to be deleted.
In the hyper-converged environment, all the Iptables rules are used to access the virtual machine, since the container does not produce the Iptables rules.
In this embodiment, a container access is implemented based on the Endpoint of the eBPF, and as a specific implementation of the container access, when a container is created, the kubel implements creation of a container network card and allocation of a container IP by calling a container network plug-in, and implements mapping between the container network card and the IP in an operating system kernel based on the eBPF technology.
When a container of a current node is accessed at one node, the network card of the container is acquired through the eBPF according to the container IP, and the access of the container is realized.
When one node accesses the container of another node, the node where the container is located is found through the route, and the network card of the container is acquired on the node where the container is located through the eBPF according to the container IP, so that the container access is realized.
The embodiment realizes load balancing of container access based on LB of eBPF, and as a specific implementation, when Service is created, load balancing from ServiceIP to container IP is realized.
When a container is accessed through Service at a node, the container IP is found through eBPF according to load balancing configuration.
And if the container IP is at the current node, acquiring the network card of the container according to the container IP through the eBPF, and realizing the access of the container.
If the container IP is located in another node, finding out the node where the container is located through the routing rule, and obtaining the network card of the container on the node where the container is located through the eBPF according to the container IP to achieve the access of the container.
The method of the embodiment supports the following scenarios:
(1) in a container cloud cluster, a container of a current node is directly accessed from one node.
(2) In a container cloud cluster, a container of a current node is directly accessed from a container of one node.
(3) In a container cloud cluster, a container of one node is accessed directly from another node.
(4) In a container cloud cluster, a container of one node is accessed directly from a container of another node.
(5) In a container cloud cluster, a container is accessed from one node by accessing Service.
(6) In the container cloud cluster, a container is accessed from a container of one node by accessing Service.
(7) In a hyper-converged environment, a virtual machine of a current node is accessed from a container of one node.
(8) In a hyper-converged environment, a container of a current node is accessed from a container of one node.
(9) In a hyper-converged environment, a virtual machine of one node is accessed from a container of another node.
(10) In a hyper-converged environment, a container of one node is accessed in a container of another node.
Example 2:
the invention relates to a system for improving virtual machine access performance in a super-convergence environment, which comprises a network plug-in configuration module, a monitoring module, a node configuration module, a container configuration module and a service resource configuration module, wherein the network plug-in configuration module is used for creating a network plug-in based on eBPF (enhanced business process function) and is configured at a container network interface; the monitoring module is used for monitoring nodes, service resources and IP network segment resources of the container cloud based on the Operator and the CRD; when a monitoring module monitors a newly added node, for the newly added node, the node configuration module is used for allocating an IP network segment through a network plug-in and generating a node routing strategy, wherein the IP network segment comprises a container IP segment; when a monitoring module monitors a newly added container on a node, for the newly added container, the container configuration module is used for creating a container network card and distributing a container IP through the network plug-in, and calling an eBPF interface to establish mapping between the container network card and the container IP in an operating system kernel; and when the monitoring module monitors a newly added container on the node, for the newly added service resource, the service resource configuration module is used for calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system.
And for the newly added container, allocating a container IP from the IP network segment of the corresponding node through the network plug-in.
When one node accesses the container of the current node, calling an eBPF interface, and realizing the access of the container according to the mapping relation between the container IP and the container network card;
when one node accesses the container of another node, the node where the container is located is found as a target node through a node routing strategy, and an eBPF interface is called on the target node to access the container according to the mapping relation between the container IP and the container network card.
When a node accesses the container through the service resource, calling the eBPF interface, and finding the container IP according to the mapping relation between the service resource IP and the container IP;
if the container IP is at the current node, calling an eBPF interface, and accessing the container according to the mapping relation between the container IP and the container network card;
if the container IP is located at other nodes, the node where the container is located is found out through a node routing strategy to serve as a target node, and an eBPF interface is called on the target node to access the container according to the mapping relation between the container IP and the container network card.
Management of nodes, containers and service resources in the container cloud is not limited to addition, and also relates to deletion operation, so that deletion management is realized by cooperation of all modules of the system.
And when the monitoring module monitors that the container is deleted from the node, the container configuration module is used for calling the eBPF interface to remove the mapping between the container network card and the container IP in the kernel of the operating system for the deleted container, and recovering the corresponding container IP and the container network card through the network plug-in.
And when the monitoring module monitors that the node is deleted, the node configuration module is matched with the container configuration module, for each container under the node to be deleted, the container configuration module is used for calling an eBPF interface to remove the mapping between the container network card and the container IP in the kernel of the operating system, recovering the corresponding container IP and the container network card through the network plug-in, and for the node to be deleted, the node configuration module is used for recovering the corresponding IP network segment resources.
And when the monitoring module monitors that the service resources are deleted, the service resource configuration module is used for calling the eBPF interface to remove the mapping between the service resource IP and the container IP in the operating system for the service resources to be deleted.
The system of this embodiment can execute the method disclosed in embodiment 1 to realize the access of the container based on the eBPF technology.
While the invention has been shown and described in detail in the drawings and in the preferred embodiments, it is not intended to limit the invention to the embodiments disclosed, and it will be apparent to those skilled in the art that various combinations of the code auditing means in the various embodiments described above may be used to obtain further embodiments of the invention, which are also within the scope of the invention.

Claims (10)

1. A method for improving virtual machine access performance under a super-fusion environment is characterized by comprising the following steps:
creating an eBPF-based network plug-in, the network plug-in being configured at a container network interface;
monitoring nodes, service resources and IP network segment resources of the container cloud based on an Operator and a CRD;
when a newly added node is monitored, for the newly added node, distributing an IP network segment through a network plug-in and generating a node routing strategy, wherein the IP network segment comprises a container IP segment;
when a newly added container on a node is monitored, for the newly added container, a container network card is created through the network plug-in and a container IP is distributed, and an eBPF interface is called to establish the mapping between the container network card and the container IP in an operating system kernel;
and when the newly added service resource is monitored, calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system for the newly added service resource.
2. The method for improving the virtual machine access performance in the super-fusion environment is characterized in that when a node is monitored to delete a container, an eBPF interface is called to remove the mapping between a container network card and a container IP in an operating system kernel for the deleted container, and the corresponding container IP and the container network card are recovered through the network plug-in;
when the nodes to be deleted are monitored, calling an eBPF interface to remove the mapping between the container network card and the container IP in the kernel of the operating system for each container under the nodes to be deleted, recovering the corresponding container IP and the container network card through the network plug-in, and recovering the corresponding IP network segment resources for the nodes to be deleted;
and when the service resources are monitored to be deleted, calling the eBPF interface to remove the mapping between the service resource IP and the container IP in the operating system for the service resources to be deleted.
3. The method according to claim 1, wherein for the newly added container, a container IP is allocated from the IP network segment of the corresponding node through a network plug-in.
4. The method for improving virtual machine access performance in the ultra-fusion environment according to claim 1, 2 or 3, wherein when a node accesses a container of a current node, the eBPF interface is called, and the container access is realized according to the mapping relationship between the container IP and the container network card;
when one node accesses the container of another node, the node where the container is located is found as a target node through a node routing strategy, and an eBPF interface is called on the target node to access the container according to the mapping relation between the container IP and the container network card.
5. The method for improving virtual machine access performance in the ultra-converged environment of claim 1, 2 or 3, wherein when a node accesses a container through a service resource, the eBPF interface is called, and the container IP is found according to the mapping relation between the service resource IP and the container IP;
if the container IP is at the current node, calling an eBPF interface, and accessing the container according to the mapping relation between the container IP and the container network card;
if the container IP is located at other nodes, the node where the container is located is found out through a node routing strategy to serve as a target node, and an eBPF interface is called on the target node to access the container according to the mapping relation between the container IP and the container network card.
6. A system for improving virtual machine access performance in a super-fusion environment, wherein the system is used for implementing container access by the method for improving virtual machine access performance in a super-fusion environment according to any one of claims 1 to 5, and the system comprises:
a network plug-in configuration module for creating an eBPF-based network plug-in configured at the container network interface;
the monitoring module is used for monitoring nodes, service resources and IP network segment resources of the container cloud based on an Operator and a CRD;
the node configuration module is used for distributing an IP network segment through a network plug-in and generating a node routing strategy for the newly added node when the newly added node is monitored through the monitoring module, wherein the IP network segment comprises a container IP segment;
the container configuration module is used for creating a container network card and distributing a container IP for the newly added container through the network plug-in when the newly added container on the node is monitored through the monitoring module, and calling an eBPF interface to establish the mapping between the container network card and the container IP in an operating system kernel;
and the service resource configuration module is used for calling the eBPF interface to establish the mapping of the service resource IP and the container IP in the operating system for the newly added service resource when the monitoring module monitors the newly added container on the node.
7. The system according to claim 5, wherein when the monitoring module monitors that a container is deleted from a node, the container configuration module is configured to invoke the eBPF interface to release mapping between the container network card and the container IP in the kernel of the operating system for the deleted container, and to recover the corresponding container IP and container network card through the network plug-in;
when the monitoring module monitors that the nodes are deleted, the node configuration module is matched with the container configuration module, for each container under the nodes to be deleted, the container configuration module is used for calling an eBPF interface to remove the mapping between a container network card and a container IP in an operating system kernel, and recovering the corresponding container IP and container network card through the network plug-in, and for the nodes to be deleted, the node configuration module is used for recovering the corresponding IP network segment resources;
and when the monitoring module monitors that the service resources are deleted, the service resource configuration module is used for calling the eBPF interface to remove the mapping between the service resource IP and the container IP in the operating system for the service resources to be deleted.
8. The system according to claim 6, wherein for the newly added container, the container configuration module is configured to allocate a container IP from the IP network segment of the corresponding node through the network plug-in.
9. The system according to claim 6, 7 or 8, wherein when a node accesses a container of a current node, the node invokes an eBPF interface to access the container according to a mapping relationship between a container IP and a container network card;
when one node accesses the container of another node, the node finds the node where the container is located as a target node through a node routing strategy, and calls an eBPF interface on the target node to access the container according to the mapping relation between the container IP and the container network card.
10. The system according to claim 6, 7 or 8, wherein when a node accesses a container through a service resource, the node invokes an eBPF interface to find a container IP according to a mapping relationship between a service resource IP and the container IP;
if the container IP is at the current node, the node calls an eBPF interface and accesses the container according to the mapping relation between the container IP and the container network card;
if the container IP is located at other nodes, the node finds the node where the container is located as a target node through a node routing strategy, and calls an eBPF interface and accesses the container according to the mapping relation between the container IP and the container network card on the target node.
CN202210506959.7A 2022-05-11 2022-05-11 Method and system for improving virtual machine access performance under super-fusion environment Pending CN114924835A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210506959.7A CN114924835A (en) 2022-05-11 2022-05-11 Method and system for improving virtual machine access performance under super-fusion environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210506959.7A CN114924835A (en) 2022-05-11 2022-05-11 Method and system for improving virtual machine access performance under super-fusion environment

Publications (1)

Publication Number Publication Date
CN114924835A true CN114924835A (en) 2022-08-19

Family

ID=82809317

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210506959.7A Pending CN114924835A (en) 2022-05-11 2022-05-11 Method and system for improving virtual machine access performance under super-fusion environment

Country Status (1)

Country Link
CN (1) CN114924835A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116800605A (en) * 2023-08-25 2023-09-22 苏州思萃工业互联网技术研究所有限公司 Network implementation method, system, equipment and medium for running virtual machine in container

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116800605A (en) * 2023-08-25 2023-09-22 苏州思萃工业互联网技术研究所有限公司 Network implementation method, system, equipment and medium for running virtual machine in container
CN116800605B (en) * 2023-08-25 2023-12-22 苏州思萃工业互联网技术研究所有限公司 Network implementation method, system, equipment and medium for running virtual machine in container

Similar Documents

Publication Publication Date Title
CN110311948B (en) Communication method between container groups and container cloud network system based on same
CN110297670B (en) Method and system for improving training efficiency of distributed tasks on container cloud
CN111880902A (en) Pod creation method, device, equipment and readable storage medium
CN110308986B (en) Method for distributed training data communication on container cloud based on optimal scheduling
CN110308987B (en) Method for updating connection parameters of distributed training tasks on container cloud
CN112437129B (en) Cluster management method and cluster management device
Morana et al. Scaling and self-repair of linux based services using a novel distributed computing model exploiting parallelism
CN112600903B (en) Elastic virtual network card migration method
EP3235224A1 (en) Resource allocation
CN102915255A (en) Cloud computing service system and method for massive dataset parallel computation
CN106547790B (en) Relational database service system
CN114924835A (en) Method and system for improving virtual machine access performance under super-fusion environment
CN114301914B (en) Cloud edge cooperation method, cloud edge cooperation device and storage medium
CN111767139A (en) Cross-region multi-data-center resource cloud service modeling method and system
CN110795202B (en) Resource allocation method and device of virtualized cluster resource management system
EP4258609A1 (en) Container cluster management method and apparatus
KR20230062566A (en) Possibility of automatic node replacement between compute nodes and infrastructure nodes in the edge zone
Doan et al. Reusing sub-chains of network functions to support mec services
CN112346814A (en) Method and platform for realizing unified management and self-service of data center resources
CN115915404A (en) Network slice deployment system and method based on NFV-MANO
CN112468458B (en) Scheduling method based on neutron layering mechanism
CN110300192B (en) Method for updating distributed training task connection parameters according to IP distribution table
CN106533720B (en) Compiling method and device for network service request and controller
CN114721827A (en) Data processing method and device
CN113886011A (en) Container group pod deployment configuration method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination