CN115473816A - Communication method and device based on VPC network, computer equipment and storage medium - Google Patents

Communication method and device based on VPC network, computer equipment and storage medium Download PDF

Info

Publication number
CN115473816A
CN115473816A CN202211114442.XA CN202211114442A CN115473816A CN 115473816 A CN115473816 A CN 115473816A CN 202211114442 A CN202211114442 A CN 202211114442A CN 115473816 A CN115473816 A CN 115473816A
Authority
CN
China
Prior art keywords
network
virtual
virtual machine
machine
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211114442.XA
Other languages
Chinese (zh)
Inventor
徐斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kangjian Information Technology Shenzhen Co Ltd
Original Assignee
Kangjian Information Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kangjian Information Technology Shenzhen Co Ltd filed Critical Kangjian Information Technology Shenzhen Co Ltd
Priority to CN202211114442.XA priority Critical patent/CN115473816A/en
Publication of CN115473816A publication Critical patent/CN115473816A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to the technical field of communication, and discloses a communication method, a device, computer equipment and a storage medium based on a VPC network, which comprises the following steps: creating a virtual bridge in a host; configuring a virtual gateway of a virtualized network segment for a virtual network bridge; bridging a gateway of at least one virtual machine to a virtual bridge; and responding to the communication instruction, at least one virtual machine communicates with the external network through the virtual gateway and the network card of the host machine, and/or at least one virtual machine communicates with the internal network through the virtual gateway. The method can realize the mutual ip access and communication of different network segments of the host machine and the virtual machine based on the kvm virtualization scheme of the virtual private cloud service. Meanwhile, the network intercommunication between the virtual machines and the container or among the virtual machines is solved, and the aim of smoothly processing the mutual communication between the virtual machines and the container or among the virtual machines without modifying service codes is fulfilled.

Description

Communication method and device based on VPC network, computer equipment and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication method and apparatus based on a VPC network, a computer device, and a storage medium.
Background
Currently, the server and related services of a cloud vendor generally adopt 2 service modes: kvm (Kernel-based Virtual Machine) virtualization and k8s (kubernets) containerization. k8s containerization uses a cloud vendor's container cloud, and kvm virtualizes virtualization built by the cloud vendor's bare metal server itself. However, for a VPC (Virtual Private Cloud) network, a kvm virtualization technology and a CCE (Cloud Container Engine) containerization technology are mixed and deployed, which does not support a kvm virtualized ip self-established by a management user, and in order to ensure normal communication between a vm Virtual machine and a pod, service code modification needs to be performed, which easily affects existing services.
Disclosure of Invention
In view of this, the present application provides a communication method, apparatus, computer device and storage medium based on a VPC network, so as to solve the problem of smooth processing of mutual communication between a virtual machine and a container or between multiple virtual machines in the VPC network.
In a first aspect, a communication method based on a VPC network is provided, where the VPC network serves a host and at least one virtual machine, and the method includes:
creating a virtual bridge in a host;
configuring a virtual gateway of a virtualized network segment for a virtual network bridge;
bridging a gateway of at least one virtual machine to a virtual bridge;
and responding to the communication instruction, at least one virtual machine communicates with the external network through the virtual gateway and the network card of the host machine, and/or at least one virtual machine communicates with the internal network through the virtual gateway.
Further, creating a virtual bridge in the host, comprising:
acquiring a configuration file;
and creating a virtual bridge at the network layer of the OSI network model of the host according to the configuration file.
Further, configuring a virtual gateway of a virtualized network segment for the virtual bridge includes:
creating a VPC network interface on a host machine, wherein the VPC network interface is connected with a network card interface of the host machine;
any available IP address in the virtualized network segment is allocated to a VPC network interface;
the VPC network interface is connected to a virtual bridge.
Further, at least one virtual machine communicates with the external network through a virtual gateway and a network card of the host machine, and the method comprises the following steps:
under the condition that any virtual machine accesses an external network through the network card of any virtual machine, any virtual machine sends a first data acquisition request corresponding to a communication instruction to the ip address of the virtual gateway through the network card of any virtual machine;
the virtual gateway forwards the first data acquisition request to an ip address of a network card of the host machine;
sending a first data acquisition request to an external network according to a network protocol of a VPC (virtual private network) network through an ip address of a network card of a host machine;
and the host machine sends the data packet fed back by the external network to the ip address of the network card of any virtual machine.
Further, at least one virtual machine communicates with the intranet through a virtual gateway, including:
under the condition that any virtual machine accesses the intranet through the network card of any virtual machine, any virtual machine sends a second data acquisition request corresponding to the communication instruction to the ip address of the virtual gateway through the network card of any virtual machine;
sending a second data acquisition request to the intranet through the virtual gateway;
and the host machine sends the data packet fed back by the intranet to the ip address of the network card of any virtual machine.
Further, the intranet includes at least one virtual machine; the extranet includes an LXC cluster, a k8s cluster, and/or an Internet appliance.
Further, the virtual bridge comprises a linux bridge or an OVS bridge.
In a second aspect, there is provided a communication apparatus based on a VPC network, the VPC network serving at least one virtual machine and a host, the apparatus comprising:
the system comprises a creating module, a sending module and a receiving module, wherein the creating module is used for creating a virtual bridge in a host machine;
the configuration module is used for configuring a virtual gateway of a virtualized network segment for the virtual network bridge;
a communication module for bridging a gateway of at least one virtual machine to a virtual bridge; and the number of the first and second groups,
and responding to the communication instruction, at least one virtual machine communicates with the external network through the virtual gateway and the network card of the host machine, and/or at least one virtual machine communicates with the internal network through the virtual gateway.
Further, the communication device based on the VPC network further includes:
the acquisition module is used for acquiring the configuration file;
and the creating module is specifically used for creating the virtual network bridge at a network layer of an OSI network model of the host according to the configuration file.
Further, the creating module is also used for creating a VPC network interface on the host machine, and the VPC network interface is connected with a network card interface of the host machine;
the configuration module is specifically used for allocating any available IP address in the virtualized network segment to a VPC network interface; and (c) a second step of,
the VPC network interface is connected to a virtual bridge.
Further, the communication module is specifically configured to, when any virtual machine accesses the external network through the network card of any virtual machine, send the first data acquisition request to the ip address of the virtual gateway through the network card of any virtual machine by any virtual machine;
the virtual gateway forwards a first data acquisition request corresponding to the communication instruction to an ip address of a network card of the host machine;
sending a first data acquisition request to an external network according to a network protocol of a VPC (virtual private network) network through an ip address of a network card of a host machine;
and the host machine sends the data packet fed back by the external network to the ip address of the network card of any virtual machine.
Further, the communication module is specifically configured to, when any virtual machine accesses the intranet through a network card of any virtual machine, send a second data acquisition request corresponding to the communication instruction to the ip address of the virtual gateway through the network card of any virtual machine by any virtual machine;
sending a second data acquisition request to the intranet through the virtual gateway;
and the host machine sends the data packet fed back by the intranet to the ip address of the network card of any virtual machine.
Further, the intranet includes at least one virtual machine; the extranet includes an LXC cluster, a k8s cluster, and/or an Internet appliance.
Further, the virtual bridge comprises a linux bridge or an OVS bridge.
In a third aspect, a computer device is provided, which includes a memory, a processor and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of the VPC network-based communication method are implemented.
In a fourth aspect, a computer-readable storage medium is provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the above communication method based on a VPC network.
In the above communication method, apparatus, computer device and storage medium based on VPC network, a virtual bridge is created in a host, so that at least one virtual machine (vm) can bridge with the host's network through the virtual bridge. And configuring a virtual gateway of a virtualized network segment for the virtual network bridge, and arranging at least one virtual machine virtualized ip communication gateway on the virtual network bridge. Therefore, through the construction of the virtual network bridge and the virtual gateway, the host machine is used as a switch between at least one virtual machine and the internal network and the external network, so that the at least one virtual machine can communicate with the external network through the network cards of the virtual gateway and the host machine, and the at least one virtual machine can communicate with the internal network through the virtual gateway. And a kvm virtualization scheme based on the virtual private cloud service and mutual ip access and communication of different network segments of the host machine and the virtual machine are realized. Meanwhile, the network intercommunication between the virtual machine and the container or a plurality of virtual machines is solved, so that the services deployed on the virtual machine can be mutually communicated and accessed, and the aim of smoothly processing the mutual communication between the virtual machine and the container or among the virtual machines without transforming service codes is fulfilled.
The above description is only an overview of the technical solutions of the present application, and the present application may be implemented in accordance with the content of the description so as to make the technical means of the present application more clearly understood, and the detailed description of the present application will be given below in order to make the above and other objects, features, and advantages of the present application more clearly understood.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments of the present application will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a communication method based on a VPC network in the present application;
FIG. 2 is a flowchart illustrating an embodiment of step S10 of FIG. 1;
FIG. 3 is a flowchart illustrating one embodiment of step S20 of FIG. 1;
FIG. 4 is a second flowchart of a communication method based on VPC network according to the present application;
fig. 5 is a third flowchart of a communication method based on VPC network in the present application;
fig. 6 is a schematic view of an application scenario of the communication method based on the VPC network in the present application;
FIG. 7 is a schematic diagram of communication based on a VPC network in the present application;
fig. 8 is a schematic structural diagram of a communication device based on a VPC network in the present application;
fig. 9 is a schematic structural diagram of a computer device in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart of a communication method based on a VPC network according to an embodiment of the present application, including the following steps:
s10: creating a virtual bridge in a host;
it should be noted that the VPC network serves at least one virtual machine and a host machine. Each virtual machine (vm) has an ethernet card with a designated intranet ip address and a default route. For example, as shown in fig. 6, a VPC (Virtual Private Cloud) network deploys 3 Virtual machines, which are VM-Guest1, VM-Guest2 and VM-Guest3, and ethernet card ip addresses of the 3 Virtual machines are 192.168.1.11, 192.168.1.12 and 192.168.1.13, respectively.
Specifically, the virtual bridge may be a linux bridge, that is, a bridge created by using linux tool brct, or an OVS (Open vSwitch) bridge; the OVS bridge is an openvswitch virtual switch created by using an OVS-vsctl tool.
In one possible implementation, the VPC network may be applied in a Medical cloud (Medical cloud) service scenario to meet the increasing Medical communication efficiency requirements. The medical cloud is a medical health service cloud platform established by using cloud computing on the basis of new technologies such as cloud computing, mobile technology, multimedia, 4G communication, big data and the Internet of things and combining medical technology, and medical resource sharing and medical range expansion are achieved. Due to the combination of the cloud computing technology, the medical cloud improves the efficiency of medical institutions and brings convenience to residents to see medical advice. Like the appointment register, the electronic medical record, the medical insurance and the like of the existing hospital are all products combining cloud computing and the medical field, and the medical cloud also has the advantages of data security, information sharing, dynamic expansion and overall layout.
In this embodiment, a virtual Bridge is created in the host machine to enable at least one virtual machine to connect in Bridge wireless bridging mode with the host machine's network through the virtual Bridge in order to enable communication between the at least one virtual machine and the host machine.
It is worth mentioning that the host machine has a kernel-level network card interface, and the network card interface is used for communicating with the external network. For example, the configuration file Ifcfg-br0 of the kernel network card includes the following data:
DEVICE="br0";
NM_CONTROLLED="yes";
TYPE=Bridge;
BOOTPROTO="static";
ONBOOT="yes";
IPADDR=192.168.0.5;
NETMASK=255.255.255.0。
in some embodiments of the present application, as shown in fig. 2, a specific entity alignment scheme is provided, in S10, that is, a virtual bridge is created in a host, which specifically includes the following steps:
s11: acquiring a configuration file;
the configuration file includes routing parameters (e.g., network mask, whether to activate, network configuration parameters), network type, name, and other information.
S11: and at the network layer of the OSI network model of the host, creating a virtual bridge according to the configuration file.
Specifically, the OSI (Open System Interconnection) network model divides a computer network architecture (architecture) into the following seven layers:
(1) The Physical Layer (Physical Layer), which converts data into electrical signals that can be transmitted over a Physical medium, determines the type of network connection (end-to-end or multi-end connection) and the Physical topology.
(2) The Data Link layer (Data Link even) is used to decide the way to access the network medium. It is possible to establish a data link connection between two hosts, transmit data signals to the physical layer, and process the signals for error-free and reasonable transmission.
(3) And the Network Layer (Network Layer) is used for promoting data transmission between two different networks and can perform routing functions such as selecting a proper path and performing congestion control.
(4) And the transport Layer (Transfer Layer) is used for providing a reliable connection from a terminal to a terminal (End-to-End) and shielding the data communication details of the lower Layer.
(5) Session Layer (Session Layer) for communication between two Session processes, i.e. the exchange of information between two Session Layer entities, manages the exchange of data, allowing a user to establish a connection using a simple and easy to remember name.
(6) A Presentation Layer (Presentation Layer) for negotiating a data exchange format, such as encryption and decryption of data, compression and restoration of data.
(7) An Application Layer (Application Layer), i.e. an interface between a user's Application and a network, is used for keeping data records required by establishing connection between the applications, and can be based on protocols such as NetBEUI, IPX/SPX, TCP/IP, and the like.
In this embodiment, a virtual bridge for connecting virtual machines is created at the network layer according to a configuration file set by a user. The host machine can set up a plurality of virtual machines, the intercommunication between the virtual machines and an internal network or an external network at a network layer is realized, and the communication intensity of a VPC network is enhanced.
Specifically, for example, establishing the bridge configuration file Ifcfg-br0:0 includes the following data:
DEVICE="br0";
NM_CONTROLLED="yes";
TYPE=Bridge;
BOOTPROTO="static";
ONBOOT="yes";
IPADDR=192.168.1.1;
NETMASK=255.255.255.0。
route-br0:
default via 192.168.0.5 dev br0 table 1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1 table 1。
after the bridge configuration file is completed, the network or br0 is restarted to create a virtual bridge.
S20: configuring a virtual gateway of a virtualized network segment for a virtual network bridge;
in this embodiment, a virtual gateway is created on the host where the virtual bridge is located, which may be considered a private gateway for at least one virtual machine. Thereby realizing two network interconnections with different high-level protocols at the network layer by using the virtual gateway.
It is understood that if multiple virtual machines are mounted on the same host, only one virtual bridge is created.
In some embodiments of the present application, as shown in fig. 3, a specific entity alignment scheme is provided, in S20, that is, a virtual gateway configuring a virtualized network segment for a virtual bridge, specifically including the following steps:
s21: creating a VPC network interface on a host machine;
the VPC network interface is connected with a network card interface of a host machine;
s22: any available IP address in the virtualized network segment is allocated to a VPC network interface;
s23: the VPC network interface is connected to a virtual bridge.
In this embodiment, a kernel network card interface is created on the host by using an open virtual switch standard (OVS) instruction, and a VPC network interface directly connected to the kernel network card interface is created. Any available IP address in the virtualized network segment is used as the IP address of the VPC network interface, and meanwhile, the IP address of the virtual machine and the host machine can be in the same network segment. And enabling the created VPC network interface, and connecting the VPC network interface to the virtual bridge, wherein the VPC network interface is a virtual gateway special for the virtual machine.
S30: bridging a gateway of at least one virtual machine to a virtual bridge;
s40: and responding to the communication instruction, at least one virtual machine communicates with the external network through the virtual gateway and the network card of the host machine, and/or at least one virtual machine communicates with the internal network through the virtual gateway.
In this embodiment, the host is used as a switch between the at least one virtual machine and the internal network and the external network, so that the at least one virtual machine can communicate with the external network through the virtual gateway and the network card of the host, and the at least one virtual machine can communicate with the internal network through the virtual gateway. Furthermore, a kvm virtualization scheme based on the virtual private cloud service is realized, and the ip of different network segments of the host machine and the virtual machine can be accessed and communicated mutually. Meanwhile, the network intercommunication between the virtual machines and the container or among the virtual machines is solved, so that the services deployed on the virtual machines can be mutually communicated and accessed, and the aim of smoothly processing the mutual communication between the virtual machines and the container or among the virtual machines can be fulfilled without transforming service codes.
In an actual application scenario, the virtual machine of kvm accesses to external pod or vm and other data packets through the above configuration to realize normal interactive communication, as shown in fig. 7.
In some embodiments of the present application, as shown in fig. 4, S40, that is, at least one virtual machine communicates with an external network through network cards of a virtual gateway and a host, specifically includes:
s411: under the condition that any virtual machine accesses an external network through the network card of any virtual machine, any virtual machine sends a first data acquisition request corresponding to a communication instruction to the ip address of the virtual gateway through the network card of any virtual machine;
the first data acquisition request is used for acquiring first data of an external network. In a possible implementation manner, the first data may be medical data, such as data of a personal health record, a prescription, an examination report, and the like, or financial data, such as data of transaction content, a payment record, and the like, so as to implement interaction between the virtual machine and the external network for the first data, and the first data is not specifically limited in the embodiment of the present application.
Specifically, the external network, i.e. the environment network where the host is located, may include an LXC (linux c ontainer) cluster, a k8s (kubernets) cluster and/or an internet device, and in the LXC cluster or the k8s cluster, the container (Pod) is the basis of all the service types and is also the minimum unit level of cluster management, and the cluster is a combination of one or more containers.
S412: the virtual gateway forwards the first data acquisition request to an ip address of a network card of the host machine;
s413: sending a first data acquisition request to an external network according to a network protocol of a VPC (virtual private network) network through an ip address of a network card of a host machine;
s414: and the host machine sends the data packet fed back by the external network to the ip address of the network card of any virtual machine.
In this embodiment, if the communication instruction indicates that the virtual machine needs to communicate with the external network, any virtual machine generates a first data acquisition request by using identification information of first data that needs to be acquired from the external network and is carried by the instruction, then sends the first data acquisition request to an ip address of the virtual gateway through a network card of any virtual machine, and the virtual gateway forwards the first data acquisition request to the ip address of the network card of the host. And sending the first data acquisition request to the external network by using an ip address of a core network card of the host machine through a network protocol between the host machine and the external network so as to realize that the virtual machine accesses a container (Pod) of the external network service through the respective network card. After receiving the request, the container of the extranet service returns the data packets corresponding to the request in sequence according to the route and the network protocol, and finally the data packets are sent to the network card of the corresponding virtual machine, so that the virtual machine can obtain the related data packets. And then, a service code is not required to be modified, communication between at least one virtual machine and an external network is completed, the access success rate of PVC is improved, and the failure of influencing the VPN cloud service is effectively reduced.
The extranet service refers to various services based on software programs, such as web service, mail service, SSH remote login service, and the like.
In some embodiments of the present application, as shown in fig. 5, S40, that is, at least one virtual machine communicates with an intranet through a virtual gateway, specifically includes:
s421: under the condition that any virtual machine accesses the intranet through the network card of any virtual machine, any virtual machine sends a second data acquisition request corresponding to the communication instruction to the ip address of the virtual gateway through the network card of any virtual machine;
the intranet section used for creating the virtual machine and setting IP for the virtual machine comprises at least one virtual machine.
Specifically, the second data obtaining request is used for obtaining second data of the intranet. In a possible implementation manner, the second data may be medical data, such as personal health records, prescriptions, examination reports, and the like, or financial data, such as transaction contents, payment records, and the like, so as to implement interaction between the virtual machine and the external network for the second data, and the second data is not specifically limited in the embodiment of the present application.
S422: sending a second data acquisition request to the intranet through the virtual gateway;
s423: and the host machine sends the data packet fed back by the intranet to the ip address of the network card of any virtual machine.
In this embodiment, if the communication instruction indicates that the virtual machine needs to communicate with the intranet, any virtual machine generates a second data acquisition request by using the identification information of the second data that needs to be acquired from the intranet and is carried by the instruction, and then sends the second data acquisition request to the ip address of the virtual gateway through the network card of any virtual machine. And sending the second data acquisition request to other virtual machines in the intranet through the virtual gateway. And the virtual machines access the virtual machine of the intranet service through respective network cards. After receiving the request, the virtual machine in the intranet returns the data packets corresponding to the request in sequence according to the route, and finally the data packets arrive at the network card of the corresponding virtual machine, so that the virtual machine can obtain the relevant data packets. Therefore, the host machine is used as a switch between at least one virtual machine and the intranet, and any virtual machine can communicate with other virtual machines in the intranet through the virtual gateway. The method not only realizes the kvm virtualized ip self-established by the user in the VPC network, but also can meet the requirement of mutual access and communication of the ip of different network segments of the host machine and the virtual machine.
In a specific embodiment, as shown in fig. 6, a VPC network deploys 3 virtual machines, which are respectively VM-Guest1, VM-Guest2, VM-Guest3, and ethernet card ip addresses of the 3 virtual machines are respectively 192.168.1.11, 192.168.1.12, and 192.168.1.13. 192.168.0.5 is the ip address of the host network card, and 192.168.1.1 is the gateway ip address of the virtual machine vm on the host. Taking 3 vm virtual machines accessing the external network through their own eth0 network cards as an example, the eth0 network cards of the 3 vm virtual machines transfer the data packets to the virtual gateway br0:192.168.1.1. the virtual gateway br0 forwards the data packet to the host network card ip address br0:192.168.0.5. the data packet arrives at the gateway through the host machine network card ip address 192.168.0.5, and then arrives at the external internet to request data. And the requested data packets are sequentially returned according to the route and the network protocol, and finally the data packets reach eth0 corresponding to the vm virtual machine, so that the related data packets are obtained. Therefore, based on the kvm virtualization scheme, the mutual ip access and communication between the host and different network segments of the vm are realized, the network intercommunication between the virtual machines and the container or a plurality of virtual machines is solved, the mutual communication access between the services deployed on the virtual machines can be realized, and the technical effect of smoothly processing the mutual communication between the virtual machines and the container or between the virtual machines can be realized without modifying service codes.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In one embodiment, a communication device based on a VPC network is provided, and the communication device based on a VPC network corresponds to the communication method based on a VPC network in the above embodiment one to one. As shown in fig. 8, the communication device based on VPC network includes a creation module 801, a configuration module 802, and a communication module 803. The functional modules are explained in detail as follows:
a creating module 801, configured to create a virtual bridge in a host;
a configuration module 802, configured to configure a virtual gateway of a virtualized network segment for a virtual network bridge;
a communication module 803 for bridging a gateway of at least one virtual machine to a virtual bridge; and responding to the communication instruction, the at least one virtual machine is communicated with the external network through the virtual gateway and the network card of the host machine, and/or the at least one virtual machine is communicated with the internal network through the virtual gateway.
In one embodiment, the communication device based on VPC network further includes: an obtaining module (not shown in the figure) for obtaining the configuration file; the creating module 801 is specifically configured to create a virtual bridge at a network layer of the OSI network model of the host according to the configuration file.
In an embodiment, the creating module 801 is further configured to create a VPC network interface on a host, where the VPC network interface is connected to a network card interface of the host; a configuration module 802, specifically configured to allocate any available IP address in the virtualized network segment to a VPC network interface; and connecting the VPC network interface to the virtual bridge.
In an embodiment, the communication module 803 is specifically configured to, when any virtual machine accesses an external network through a network card of any virtual machine, send a first data acquisition request corresponding to a communication instruction to an ip address of a virtual gateway through the network card of any virtual machine; the virtual gateway forwards the first data acquisition request to an ip address of a network card of the host machine; sending a first data acquisition request to an external network according to a network protocol of a VPC (virtual private network) network through an ip address of a network card of a host machine; and the host machine sends the data packet fed back by the external network to the ip address of the network card of any virtual machine.
In an embodiment, the communication module 803 is specifically configured to, when any virtual machine accesses an intranet through a network card of any virtual machine, send a second data acquisition request corresponding to the communication instruction to an ip address of the virtual gateway through the network card of any virtual machine; sending a second data acquisition request to the intranet through the virtual gateway; and the host machine sends the data packet fed back by the intranet to the ip address of the network card of any virtual machine.
In one embodiment, the intranet includes at least one virtual machine; the external network comprises an LXC cluster, a k8s cluster, and/or an Internet appliance.
In one embodiment, the virtual bridge comprises a linux bridge or an OVS bridge.
The application provides a communication device based on a VPC network, which creates a virtual bridge in a host machine so that at least one virtual machine (vm) can be bridged with the network of the host machine through the virtual bridge. And configuring a virtual gateway of a virtualized network segment for the virtual network bridge, and arranging at least one virtual machine virtualized ip communication gateway on the virtual network bridge. Therefore, through the construction of the virtual network bridge and the virtual gateway, the host machine is used as a switch between the at least one virtual machine and the internal network and the external network, so that the at least one virtual machine can communicate with the external network through the virtual gateway and the network card of the host machine, and the at least one virtual machine can communicate with the internal network through the virtual gateway. Furthermore, a kvm virtualization scheme based on the virtual private cloud service and mutual ip access and communication of different network segments of the host machine and the virtual machine are realized. Meanwhile, the network intercommunication between the virtual machine and the container or a plurality of virtual machines is solved, so that the services deployed on the virtual machine can be mutually communicated and accessed, and the aim of smoothly processing the mutual communication between the virtual machine and the container or among the virtual machines without transforming service codes is fulfilled.
For specific definitions of communication devices based on VPC network, see the above definitions of communication methods based on VPC network, and will not be described herein. The respective modules in the communication apparatus based on the VPC network described above may be wholly or partially implemented by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
in one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: creating a virtual bridge in a host; configuring a virtual gateway of a virtualization network segment for a virtual network bridge; and bridging the gateway of at least one virtual machine to the virtual bridge so that the at least one virtual machine communicates with the external network through the network cards of the virtual gateway and the host machine, and/or the at least one virtual machine communicates with the internal network through the virtual gateway.
In one embodiment, a computer device is provided, which may be a client, and its internal structure is shown in fig. 9. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external server through a network connection. The computer program is executed by a processor to implement functions or steps of a communication method based on a VPC network.
It should be noted that, the functions or steps that can be implemented by the computer-readable storage medium or the computer device may be correspondingly described in the foregoing method embodiments, and for avoiding repetition, the description is not repeated here.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
Although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that various changes and modifications may be made, and equivalents may be substituted for elements thereof without departing from the scope of the present invention; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A VPC network-based communication method, wherein the VPC network serves a host machine and at least one virtual machine, the method comprising:
creating a virtual bridge in the host;
configuring a virtual gateway of a virtualized network segment for the virtual network bridge;
bridging a gateway of the at least one virtual machine to the virtual bridge;
and responding to a communication instruction, the at least one virtual machine communicates with an external network through the virtual gateway and the network card of the host machine, and/or the at least one virtual machine communicates with an internal network through the virtual gateway.
2. A VPC network based communication method according to claim 1, wherein said creating a virtual bridge in the host comprises:
acquiring a configuration file;
and creating the virtual bridge according to the configuration file in a network layer of the OSI network model of the host machine.
3. The VPC network-based communication method according to claim 1, wherein the configuring the virtual gateway of the virtualized network segment for the virtual bridge comprises:
creating a VPC network interface on the host machine, wherein the VPC network interface is connected with a network card interface of the host machine;
allocating any available IP address in the virtualized network segment to the VPC network interface;
connecting the VPC network interface to the virtual bridge.
4. The VPC network-based communication method of claim 1, wherein the at least one virtual machine communicates with an external network through the virtual gateway and the network card of the host machine, and comprises:
under the condition that any virtual machine accesses an external network through the network card of the virtual machine, the virtual machine sends a first data acquisition request corresponding to the communication instruction to the ip address of the virtual gateway through the network card of the virtual machine;
the virtual gateway forwards the first data acquisition request to an ip address of a network card of the host machine;
sending the first data acquisition request to the external network according to the network protocol of the VPC network through the ip address of the network card of the host machine;
and the host machine sends the data packet fed back by the external network to the ip address of the network card of any virtual machine.
5. The communication method according to claim 1, wherein the at least one virtual machine communicates with an intranet through the virtual gateway, and the method comprises:
under the condition that any virtual machine accesses the intranet through the network card of the virtual machine, the virtual machine sends a second data acquisition request corresponding to the communication instruction to the ip address of the virtual gateway through the network card of the virtual machine;
sending the second data acquisition request to the intranet through the virtual gateway;
and the host machine sends the data packet fed back by the intranet to the ip address of the network card of any virtual machine.
6. The VPC network-based communication method of any one of claims 1 to 5,
the intranet includes the at least one virtual machine;
the extranet includes an LXC cluster, a k8s cluster, and/or an Internet appliance.
7. The VPC network-based communication method of any one of claims 1 to 5,
the virtual bridge comprises a linux bridge or an OVS bridge.
8. A VPC network based communication apparatus, wherein the VPC network serves at least one virtual machine and a host, the apparatus comprising:
a creation module for creating a virtual bridge in the host;
a configuration module, configured to configure a virtual gateway of a virtualized network segment for the virtual network bridge;
a communication module for accessing a gateway of the at least one virtual machine to the virtual bridge; and (c) a second step of,
and responding to a communication instruction, the at least one virtual machine communicates with an external network through the virtual gateway and the network card of the host machine, and/or the at least one virtual machine communicates with an internal network through the virtual gateway.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the communication method based on VPC network according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the communication method based on a VPC network according to any one of claims 1 to 7.
CN202211114442.XA 2022-09-14 2022-09-14 Communication method and device based on VPC network, computer equipment and storage medium Pending CN115473816A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211114442.XA CN115473816A (en) 2022-09-14 2022-09-14 Communication method and device based on VPC network, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211114442.XA CN115473816A (en) 2022-09-14 2022-09-14 Communication method and device based on VPC network, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115473816A true CN115473816A (en) 2022-12-13

Family

ID=84332603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211114442.XA Pending CN115473816A (en) 2022-09-14 2022-09-14 Communication method and device based on VPC network, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115473816A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987989A (en) * 2023-03-22 2023-04-18 麒麟软件有限公司 Method for expanding cloud virtual network in common system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721630A (en) * 2016-03-24 2016-06-29 国云科技股份有限公司 Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services
CN112491984A (en) * 2020-11-13 2021-03-12 上海连尚网络科技有限公司 Container editing engine cluster management system based on virtual network bridge

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721630A (en) * 2016-03-24 2016-06-29 国云科技股份有限公司 Method for virtual machines to share IP (Internet Protocol) of host machine to provide outer net services
CN112491984A (en) * 2020-11-13 2021-03-12 上海连尚网络科技有限公司 Container editing engine cluster management system based on virtual network bridge

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987989A (en) * 2023-03-22 2023-04-18 麒麟软件有限公司 Method for expanding cloud virtual network in common system
CN115987989B (en) * 2023-03-22 2023-09-26 麒麟软件有限公司 Method for expanding cloud virtual network in common system

Similar Documents

Publication Publication Date Title
US11777790B2 (en) Communications methods and apparatus for migrating a network interface and/or IP address from one Pod to another Pod in a Kubernetes system
US8015288B2 (en) Virtual system and method in a virtual system
US9407600B2 (en) Service access method and device for conducting the same
CN108062248B (en) Resource management method, system, equipment and storage medium of heterogeneous virtualization platform
CN108304247A (en) The method and apparatus of access camera, server, readable storage medium storing program for executing
EP3343364B1 (en) Accelerator virtualization method and apparatus, and centralized resource manager
US9934057B2 (en) Shadow VNICs for the control and observability of IO virtual functions
US11960430B2 (en) Remote mapping method, apparatus and device for computing resources, and storage medium
EP3291499A1 (en) Method and apparatus for network service capacity expansion
CN108780410A (en) The network virtualization of container in computing system
JP2018530214A (en) Method and apparatus for deploying network services
CN112104754A (en) Network proxy method, system, device, equipment and storage medium
CN112769794B (en) Data conversion method and device
CN105556929A (en) Network element and method of running applications in a cloud computing system
CN115473816A (en) Communication method and device based on VPC network, computer equipment and storage medium
CN107995326B (en) Management method and device of container network
WO2020119342A1 (en) Temporary page data processing method and apparatus, computer device, and storage medium
CN107979627A (en) A kind of processing method and processing device of network request
US20240039923A1 (en) Method and apparatus for deploying network device, device, system, and storage medium
CN111786989B (en) Communication processing method and device and electronic equipment
CN104468696B (en) Method, server and device for performing point-to-point connection
WO2022247575A1 (en) Interaction method and apparatus, and switching chip, medium and multi-node server
JP6591045B2 (en) Method and network service apparatus for migrating network service
CN113839968B (en) Security plane isolation method and system based on channel division
CN115622878A (en) Method and device for realizing k8s network bridge plug-in, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination