CN115599500A - SDN network synchronization-based security container thermal migration method and system - Google Patents
SDN network synchronization-based security container thermal migration method and system Download PDFInfo
- Publication number
- CN115599500A CN115599500A CN202211318334.4A CN202211318334A CN115599500A CN 115599500 A CN115599500 A CN 115599500A CN 202211318334 A CN202211318334 A CN 202211318334A CN 115599500 A CN115599500 A CN 115599500A
- Authority
- CN
- China
- Prior art keywords
- container
- module
- network
- migration
- sdn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013508 migration Methods 0.000 title claims abstract description 114
- 230000005012 migration Effects 0.000 title claims abstract description 114
- 238000000034 method Methods 0.000 title claims abstract description 61
- 230000008569 process Effects 0.000 claims abstract description 26
- 238000012544 monitoring process Methods 0.000 claims abstract description 24
- 230000001360 synchronised effect Effects 0.000 claims abstract description 6
- 230000008859 change Effects 0.000 claims description 18
- 230000006870 function Effects 0.000 claims description 7
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 abstract description 3
- 238000012546 transfer Methods 0.000 abstract description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 11
- 238000007726 management method Methods 0.000 description 9
- 238000012423 maintenance Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003071 parasitic effect Effects 0.000 description 2
- 230000010076 replication Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008014 freezing Effects 0.000 description 1
- 238000007710 freezing Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/485—Task life-cycle, e.g. stopping, restarting, resuming execution
- G06F9/4856—Task life-cycle, e.g. stopping, restarting, resuming execution resumption being on a different machine, e.g. task migration, virtual machine migration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a security container thermal migration method and system based on SDN network synchronization. The system comprises: the system comprises a CMM module, a Redis cache control module, an SDN control switching module and a monitoring backspacing judgment module; the CMM module is used for being responsible for container migration management; the Redis cache control module is used for controlling and managing a cache database; the SDN control switching module is used for being responsible for storing and switching network configuration information of an original container; and the monitoring rollback judgment module is responsible for monitoring service monitoring and rollback in the whole migration process. In a kubernets environment, the system realizes real heat transfer by means of a network synchronous switching method based on SDN and virtual machine characteristics of a safety container, can meet the requirements of a container production environment, and guarantees continuity of a process execution state and service reliability.
Description
Technical Field
The invention belongs to the technical field of networks, and particularly relates to a security container thermal migration method and system based on SDN network synchronization.
Background
Live migration techniques can solve a number of problems: (1) downtime during hardware maintenance. When a system administrator needs to upgrade hardware, the process of moving all customers from one hardware node to another is extremely painful, and many times it is not possible to implement the process without shutting down the computer. (2) unbalanced cluster load. When a hardware node begins to overload, the rebalancing process may require the execution of a particular application mode to narrow the selection of workloads that can run in the cluster. And (3) cloud platform failure. With the scale operation of the platform, the daily work called operation and maintenance, such as the upgrade and maintenance routing inspection of the equipment, is a great problem how to easily migrate the application program from one cloud provider to another provider in most cases.
The hot migration technique of traditional virtual machines (e.g., QEMU/KVM) is an important means to ensure high availability of telecommunication services. However, as telecommunication network elements become increasingly cloud-grown, network element containers are actually orchestrated by kubernets, which employs a migration approach that directly creates new containers and kills old containers. This is very unfriendly for telecommunication applications with large user access and high stability requirements. However, compared with a virtual machine, the current universal container has no independent kernel, lacks a VMM (VM Monitor), and does not have a basis for realizing the live migration of the virtual machine. The secure container is a combination of container technology and virtual machine technology, and enables the container to have the possibility of live migration. However, the secure container still completely adapts to the deployment management mode of kubernets, an independent kernel and a migration manager are lacked, and a hot migration mode is still not a good implementation scheme. Implementing live migration based on secure containers requires further expansion of the current k8s container management functionality.
Cloud-native is a set of ideas, including DevOps, continuous Delivery (Continuous Delivery), micro services (MicroServices), agile Infrastructure (Agile Infrastructure) and other technologies and methods, and micro services, one of the key features of cloud-native, is a method of software "architecture" organization, and develops an application (VNF corresponding to "application" in CT domain) with a set of small services, and the granularity of service division is determined according to needs. Each service has the following characteristics: firstly, running in its own process (running in its own process); secondly, they communicate with each other through lightweight communication mechanisms (HTTP APIs), usually; third, built around business logic and capable of independent deployment (independly deployable). The infrastructure of the network is evolving gradually from traditional virtual machines to container-based lightweight virtualization. The traditional virtual machine is suitable for a production environment facing bottom hardware, has high availability, good manageability and mature technology, but has complex architecture, poor performance and high cost; the light virtualization based on the container is suitable for the environment facing the upper application process, has simple structure and flexible deployment, is suitable for any platform, and has immature manageability, usability, standardization and the like. Whereas software designs based on microservice architecture have been commercialized in the IT domain at scale.
Chinese patent CN202010424330.9 discloses a container thermomigration method for a Shenwei platform, which comprises the following steps: defining a unique identification CID for each container, acquiring basic information of a subprocess and a thread of the container to be migrated from a system file of the container to be migrated according to the CID number, freezing the container process of the container to be migrated, then inserting a compiled binary parasitic code into the container process of the container to be migrated, acquiring process data of the container process by using a service provided by the binary parasitic code, finally unfreezing the container process of the container to be migrated, serializing the acquired process data of the container process, and transmitting the serialized process data to a temporary file of a destination server. However, the method mainly solves the problem of data copying after suspension and is a cold migration method.
The Chinese patent of invention CN202010154292.X discloses a Docker thermomigration implementation method. Although some of the functions related to the hot migration have been supported in the existing CRIU, these functions cannot be directly used for the Docker hot migration, and currently, the official version of Docker does not support the hot migration. The invention realizes the hot migration by utilizing a shared file system NFS, a CRIU and an external script added by the shared file system NFS, the CRIU and the external script added by the CRIU, and in the hot migration process, aiming at the problem that the memory with high dirty page rate is repeatedly copied, a prediction module is added, the probability that the memory page is changed in the future is predicted by utilizing a markov prediction algorithm according to the current changed frequency of the memory page, the memory page is divided into the memory page with high dirty page rate and the memory page with low dirty page rate, and the memory page with low dirty page rate is copied in the early copying process. However, although the migration mechanism can save the execution states of the processes in the container, the execution states are not migrated online, but are started after being interrupted.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a SDN network synchronization-based security container thermal migration method and a system, the method is a network synchronization switching method based on SDN in a kubernets environment, and by means of the virtual machine characteristic of a security container, the real thermal migration is realized, the requirements of a container production environment can be met, and the continuity of a process execution state and the service reliability are ensured.
In order to achieve the purpose, the invention adopts the following technical scheme:
a secure container live migration system based on SDN network synchronization, comprising: the system comprises a CMM module, a Redis cache control module, an SDN control switching module and a monitoring backspacing judging module;
the CMM module is used for being responsible for container migration management; the container Migration management comprises LM Migration control scheduling, target host selection, SDN control switching module cooperation and scheduling, container copy and heartbeat monitoring of an original container;
the Redis cache control module is used for controlling and managing a cache database, managing and storing dirty data and data change after a container copy is established, and synchronizing data and configuration before switching;
the SDN control switching module is used for being responsible for storing and switching network configuration information of an original container; adopting a Virtual Router Redundancy Protocol (VRRP) to maintain and monitor the heartbeat of the original container and the heartbeat of the duplicate container; realizing a virtual IP function, and automatically configuring virtual IP for the container copy before switching and the original container after switching; realizing the rollback of the container network strategy and the caching and switching of the network request;
the monitoring rollback judging module is responsible for monitoring the service in the whole migration process, takes network request processing response delay after SDN network synchronization as a judgment basis, and performs migration task rollback when the network is found to be abnormal after migration.
A security container thermal migration method based on SDN network synchronization is characterized by comprising the following steps:
s11, pre-configuring a container thermal migration task;
s12, controlling and scheduling by LM Migration;
and S13, synchronously switching the SDN network.
As a further illustration of the SDN network synchronization based secure container live migration method of the present invention, the pre-configuration of the container live migration task includes the following steps:
s21, determining a target host based on network conditions;
s22, applying a cache resource to the Redis cache control module by the CMM module;
s23, applying temporary network resources and pre-configuration information to the SDN control switching module by the CMM module;
and S24, defining a CMM Task API and a Task template according to the obtained resources and information.
The cache resource comprises an Id and a configuration; the temporary network resource comprises service network information and temporary network information; the CMM Task API is responsible for the communication of a program with other software, providing standardized live migration, which is essentially a predefined function.
As a further description of the secure container live Migration method based on SDN network synchronization of the present invention, the LM Migration control scheduling includes the following steps:
s31, the CMM module monitors and receives a container thermal migration scheduling task initiated by a system or a user;
s32, creating a new container on the target node by the copy controller, and controlling the state of the original container through shim;
s33, creating a migration Job and taking charge of copying the container configuration information to a new container;
and S34, starting dirty data and data change record to a Redis cache module by the CMM module.
S35, completing network and service switching within a time threshold, if the network and service switching is completed, executing S36, and if the network and service switching is not completed, executing S37;
s36, the copy container acquires dirty data and data change records from the Redis cache module and executes change;
and S37, ending the migration control task.
Shim is an intermediate process that can remain operational during live migration, thus not affecting the containers already in operation.
As a further description of the security container live migration method based on SDN network synchronization of the present invention, the SDN network synchronization switching includes the following steps:
s41, monitoring the running states of the original container and the new container by the CMM module;
s42, copying the network configuration information of the original container to a new container and a corresponding control interface by the SDN control switching module;
s43, configuring the original container network into a virtual IP, and controlling and caching new network request information of the original container;
s44, reading starting configuration from the file by the new container and configuring the starting configuration into network information of the new container;
s45, the SDN control switching module completes switching of the cached network request to a new container;
s46, monitoring the operation state of the new container service by a monitoring rollback judgment module, if the operation state of the new container service is normal, executing S47, and if the operation state of the new container service is abnormal, executing S48;
s47, deleting network configuration information of the original container, adding the new container into the application copy set, acquiring dirty data and data change records from Redis by the copy container, executing change and finishing migration;
and S48, the SDN controls the switching module to switch to the original container, a new container copy network is configured into a temporary IP, network switching is carried out back, and the original container takes over the service.
As a further description of the SDN network synchronization-based secure container live migration method of the present invention, the target host is managed by the same SDN control switching module and provides a target host in the same subnet.
As a further description of the SDN network synchronization-based security container live migration method of the present invention, the Redis cache module performs cache backup according to a set time interval or a set dirty data size and according to a frequency.
The invention mainly aims at the problems that a container has no independent kernel, a bottom platform required by VMM (virtual machine monitor) and the like in migration, provides a live migration method and a live migration system which are based on safe container copy reconstruction and are switched in real time through an SDN (software defined network), realizes live migration of a cloud native container of a telecommunication network element under the condition that service is not influenced, can effectively enhance high availability and flexibility of resource scheduling of the cloud native network element, meets service requirements of high-reliability guarantee of service of the network element container, online upgrade of bottom infrastructure and the like, and solves the problems that interruption influence is caused on service by container migration and copy management and the like. On one hand, a thermal migration API is newly added in a container arranging and scheduling system kubernets, a CMM resource is newly added based on the existing kubernets system, a standardized thermal migration API is provided, and a user or a resource scheduling system initiates thermal migration of a safe container; on the other hand, a method based on SDN controller network synchronization is introduced to switch copy containers, a CMM module and the copy controller schedule and complete container reconstruction of a migration object, and then the CMM module and the SDN control switching module cooperate to complete synchronous switching of network information such as network policies, network addresses and the like of the migration object, so that smooth migration of services is realized; moreover, a network redundancy strategy is utilized to realize the service heartbeat monitoring of the container, a Virtual Router Redundancy Protocol (VRRP) is adopted to maintain and monitor the heartbeat of the original container and the duplicate container, a container thermal migration scheduling migration mechanism based on a safety container in a whole set of k8s environment is designed, and the mechanism is realized by newly establishing an LM controller, a thermal migration Job and other modes.
Drawings
Fig. 1 is an overall framework diagram of the security container thermal migration system based on SDN network synchronization according to the present invention.
Fig. 2 is a flowchart of an overall scheme of the security container live migration method based on SDN network synchronization according to the present invention.
Fig. 3 is a flow chart of task pre-configuration scheduling in fig. 2.
FIG. 4 is a flowchart of LM Migration control scheduling in FIG. 2.
Fig. 5 is a flowchart illustrating synchronous handover of the SDN network in fig. 2.
Fig. 6 is a flowchart of a conventional scheme.
Fig. 7 is a flow chart of a modified embodiment.
Detailed Description
The invention will be further described with reference to the accompanying drawings.
Example 1
As shown in fig. 1, a secure container live migration system based on SDN network synchronization includes: the system comprises a CMM module, a Redis cache control module, an SDN control switching module and a monitoring backspacing judging module; wherein:
the CMM module is used for being responsible for container Migration management, and specifically comprises LM Migration control scheduling, target host selection, SDN control switching module cooperation and scheduling, and container copy and original container heartbeat monitoring;
the Redis cache control module is used for controlling and managing a cache database, and mainly used for managing and storing dirty data and data change after a container copy is established, and synchronizing data and configuration before switching;
the SDN control switching module is used for being responsible for storing and switching network configuration information of an original container; adopting a Virtual Router Redundancy Protocol (VRRP) to maintain and monitor the heartbeat of the original container and the heartbeat of the duplicate container; realizing the virtual IP function, and automatically configuring virtual IP for the container copy before switching and the original container after switching; realizing the rollback of the container network strategy and the caching and switching of the network request;
and the monitoring rollback judging module is responsible for monitoring the service in the whole process of migration, takes the network request processing response delay after SDN network synchronization as a judging basis, and performs migration task rollback when the network is found to be abnormal after migration.
Example 2
The embodiment is a security container live migration method based on SDN network synchronization provided by the system described in embodiment 1, and a flowchart of an overall scheme of the method is shown in fig. 2, which specifically includes the following steps:
s11, pre-configuring a container thermal migration task;
s12, controlling and scheduling by LM Migration;
and S13, synchronously switching the SDN.
Further, as shown in fig. 3, the pre-configuration of the container live migration task specifically includes the following steps:
s21, firstly, determining a target host based on network conditions, selecting the same SDN to control the switching module to manage, providing the target host of the same subnet, and ensuring that all network configurations before migration can be continuously used on the migrated host to realize online hot migration of a safety container without causing influences such as interruption on services;
s22, applying for cache resources from a controller of the Redis cache control module by the CMM module;
s23, applying temporary network resources and pre-configuration information to the SDN control switching module by the CMM module;
s24, according to the obtained resources and information, including a target host, a cache resource ID and configuration, and service network information and temporary network information provided by an SDN control switching module, a CMM Task API and a Task template are further defined;
the CMM Task API is responsible for the communication between a program and other software and provides standardized heat migration, and the CMM Task API is a predefined function in nature; a thermal migration API is newly added in a container arranging and scheduling system kubernets, a standardized thermal migration API is provided based on a CMM resource newly added in the existing kubernets system, and a user or a resource scheduling system initiates thermal migration of a safety container.
Further, as shown in fig. 4, the LM Migration control scheduling specifically includes the following steps:
s31, firstly, a CMM module monitors and receives a container thermal migration scheduling task initiated by a system or a user;
s32, after receiving the task, creating a new container on the target node by the copy controller, and controlling the state of the original container through shim; the shim is an intermediate process which can be kept running during live migration, so that the running container is not influenced; scheduling, by the CMM module and the copy controller, completion of container reconstruction of the migrated object;
s33, creating a migration Job and taking charge of copying the container configuration information to a new container;
s34, after the copying is completed, the CMM module starts dirty data and data change records to the Redis cache module; the cache can be backed up according to a set time interval or a set dirty data size and frequency;
s35, completing network and service switching within a time threshold, if the network and service switching is completed, executing S36, and if the network and service switching is not completed, executing S37;
s36, after the SDN control switching module completes network switching, the new container enters a normal operation state, and the duplicate container acquires dirty data and data change records from the Redis cache module and executes change;
and S37, ending the migration control task.
Further, as shown in fig. 5, in the SDN network synchronous switching, after the security container basically completes container replication and dirty data caching, the CMM and the SDN control switching module perform network switching, so as to implement seamless service switching. The method specifically comprises the following steps:
s41, the CMM module monitors the running state of the original container and the new container;
s42, copying the network configuration information of the original container to a new container and a corresponding control interface by the SDN control switching module;
s43, configuring the original container network into a virtual IP, and controlling and caching new network request information of the original container;
s44, reading starting configuration from the file by the new container and configuring the starting configuration into network information of the new container;
s45, the SDN control switching module completes switching of the cached network request to a new container;
s46, after the switching is completed, monitoring the operation state of the new container service by using a monitoring rollback judgment module, if the operation state of the new container service is normal, executing S47, and if the operation state of the new container service is abnormal, executing S48;
s47, after the service switching is normally finished, deleting the network configuration information of the original container, adding the new container into the application copy set, and acquiring dirty data and data change records from Redis by the copy container, executing the change and finishing the migration;
and S48, entering a network rollback flow, switching to the original container by the SDN control switching module, configuring a new container copy network as a temporary IP, switching to rollback by the network, and taking over the service by the original container.
As shown in fig. 6, the conventional container scheduling migration scheme specifically includes the following steps:
s51, releasing the node container to be migrated, and directly deleting the container;
s52, the copy controller creates a new container;
and S53, deleting the original container and starting the new container after copying.
The main drawbacks of this solution are:
the container is directly deleted, and the running state is interrupted, so that the application service is interrupted; and the nodes to be scheduled are randomly selected by the replica controller according to the historical information, and the nodes to be scheduled cannot be customized.
As shown in fig. 7, compared with the conventional scheme, the main flow of the improvement scheme of the present invention comprises the following steps:
s61, creating a new container copy and synchronizing state data;
s62, starting the REDIS cache to complete the quick synchronization of the dirty data;
and S63, the SDN control switching module performs full replication of the container network copy, performs route switching, and stops and deletes the original container.
In the embodiment, a container thermal migration scheduling migration mechanism based on a safety container in a whole set of k8s environment is designed, and synchronous switching of network information such as a network policy, a network address and the like of a migration object is completed by adopting the CMM and the SDN module in a coordinated manner, so that smooth migration of services is realized; providing a standardized live migration API, and initiating the live migration of the safety container by a user or a resource scheduling system; and adopting a Virtual Router Redundancy Protocol (VRRP) to maintain and monitor the heartbeat of the original container and the heartbeat of the duplicate container. By the method, the high availability and the flexibility of resource scheduling of the cloud native network element can be effectively enhanced, the service requirements of high service reliability guarantee of the network element container, online upgrading of the underlying infrastructure and the like are met, and the problems that the service is interrupted and influenced by container migration and copy management are solved.
The NFV network element operation and maintenance management based on the container is suitable for the environment facing the upper application process based on the light virtualization of the container, has simple structure and flexible deployment, is suitable for any platform, and provides flexible scheduling support for future network infrastructure. The requirements of heat transfer and high reliability of the container-based telecommunication network element are particularly met, and the container deployment and the large-scale operation and maintenance management of the telecommunication network element are facilitated.
The above embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and the scope of the present invention is defined by the claims. Various modifications and equivalents may be made thereto by those skilled in the art within the spirit and scope of the present invention, and such modifications and equivalents should be considered as falling within the scope of the present invention.
Claims (7)
1. A secure container live migration system based on SDN network synchronization, comprising: the system comprises a CMM module, a Redis cache control module, an SDN control switching module and a monitoring backspacing judging module;
the CMM module is a Container Migration Monitor for being in charge of Container Migration management; the container Migration management comprises LM Migration control scheduling, target host selection, SDN control switching module cooperation and scheduling, container copy and heartbeat monitoring of an original container;
the Redis cache control module is used for controlling and managing a cache database, managing and storing dirty data and data change after a container copy is established, and synchronizing data and configuration before switching;
the SDN control switching module is used for being responsible for storing and switching network configuration information of an original container; adopting a Virtual Router Redundancy Protocol (VRRP) to maintain and monitor the heartbeat of the original container and the heartbeat of the duplicate container; realizing the virtual IP function, and automatically configuring virtual IP for the container copy before switching and the original container after switching; realizing the rollback of the container network strategy and the caching and switching of the network request;
the monitoring rollback judging module is responsible for monitoring the service in the whole process of migration, takes the network request processing response delay after SDN network synchronization as a judging basis, and performs migration task rollback when the network is found to be abnormal after migration.
2. The SDN network synchronization-based security container thermal migration method according to claim 1, comprising the following steps:
s11, pre-configuring a container thermal migration task;
s12, controlling and scheduling by LM Migration;
and S13, synchronously switching the SDN.
3. The SDN network synchronization-based security container live migration method according to claim 2, wherein: the container thermomigration task pre-configuration comprises the following steps:
s21, determining a target host based on network conditions;
s22, applying a cache resource to the Redis cache control module by the CMM module;
s23, applying temporary network resources and pre-configuration information to the SDN control switching module by the CMM module;
and S24, defining the CMM Task API and the Task template according to the obtained resources and information.
4. The SDN network synchronization-based security container live migration method of claim 3, wherein: the LM Migration control scheduling comprises the following steps:
s31, the CMM module monitors and receives a container thermal migration scheduling task initiated by a system or a user;
s32, creating a new container on the target node by the copy controller, and controlling the state of the original container through shim;
s33, creating a migration Job and taking charge of copying the container configuration information to a new container;
s34, starting dirty data and data change records to a Redis cache module by the CMM module;
s35, completing network and service switching within a time threshold, if the network and service switching is completed, executing S36, and if the network and service switching is not completed, executing S37;
s36, the copy container acquires dirty data and data change records from the Redis cache module and executes change;
and S37, ending the migration control task.
5. The SDN network synchronization-based security container live migration method of claim 4, wherein; the SDN network synchronous switching comprises the following steps:
s41, the CMM module monitors the running state of the original container and the new container;
s42, copying the network configuration information of the original container to a new container and a corresponding control interface by the SDN control switching module;
s43, configuring the original container network as a virtual IP, and controlling to cache new network request information of the original container;
s44, reading starting configuration from the file by the new container and configuring the starting configuration into network information of the new container;
s45, the SDN control switching module switches the cached network request to a new container;
s46, monitoring the operation state of the new container service by a monitoring rollback judgment module, if the operation state of the new container service is normal, executing S47, and if the operation state of the new container service is abnormal, executing S48;
s47, deleting network configuration information of the original container, adding the new container into the application copy set, acquiring dirty data and data change records from Redis by the copy container, executing change and finishing migration;
and S48, switching to the original container by the SDN control switching module, configuring a new container copy network into a temporary IP, switching back the network, and taking over the service by the original container.
6. The SDN synchronization-based security container thermal migration method of claim 3, wherein: the target host is managed by the same SDN control switching module and provides the target host of the same subnet.
7. The SDN network synchronization-based security container thermal migration method of claim 4, wherein: and the Redis cache module performs cache backup according to a set time interval or a set dirty data size and frequency.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211318334.4A CN115599500A (en) | 2022-10-26 | 2022-10-26 | SDN network synchronization-based security container thermal migration method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211318334.4A CN115599500A (en) | 2022-10-26 | 2022-10-26 | SDN network synchronization-based security container thermal migration method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115599500A true CN115599500A (en) | 2023-01-13 |
Family
ID=84850260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211318334.4A Pending CN115599500A (en) | 2022-10-26 | 2022-10-26 | SDN network synchronization-based security container thermal migration method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115599500A (en) |
-
2022
- 2022-10-26 CN CN202211318334.4A patent/CN115599500A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831500B (en) | Synchronization method for configuration file and Pod in Kubernetes cluster | |
| EP3252608B1 (en) | Node system, server device, scaling control method, and program | |
| CN114946166B (en) | Method and system for dynamic resource movement in heterogeneous computing environments including cloud edge locations | |
| CN111385114B (en) | VNF service instantiation method and device | |
| CN102246152B (en) | Saving program execution state | |
| Ahmad et al. | A survey on virtual machine migration and server consolidation frameworks for cloud data centers | |
| CN113196237B (en) | Container migration in a computing system | |
| US8769478B2 (en) | Aggregation of multiple headless computer entities into a single computer entity group | |
| EP2944070B1 (en) | Service migration across cluster boundaries | |
| CN111917571B (en) | Policy management method, device and system | |
| JP2011530748A (en) | Realization of reliable access to non-local block data storage by executing programs | |
| US11461123B1 (en) | Dynamic pre-copy and post-copy determination for live migration between cloud regions and edge locations | |
| CN111935244B (en) | Service request processing system and super-integration all-in-one machine | |
| Doan et al. | Follow me, if you can: A framework for seamless migration in mobile edge cloud | |
| US12013750B2 (en) | Network service management apparatus and network service management method | |
| US11573839B1 (en) | Dynamic scheduling for live migration between cloud regions and edge locations | |
| CN116724543A (en) | Container cluster management method and device | |
| CN115599500A (en) | SDN network synchronization-based security container thermal migration method and system | |
| WO2022172060A1 (en) | Network service management apparatus and network service management method | |
| CN112015515A (en) | Virtual network function instantiation method and device | |
| CN112965790B (en) | PXE protocol-based virtual machine starting method and electronic equipment | |
| WO2022172061A1 (en) | Network service management apparatus and network service management method | |
| US20240036905A1 (en) | Network service management apparatus and network service management method | |
| WO2024190043A1 (en) | Program, information processing method, and information processing device | |
| CN112948348B (en) | Operation and maintenance control method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |