CN115834410B - Method and device for replacing Linux virtual machine of network target range with container - Google Patents

Method and device for replacing Linux virtual machine of network target range with container Download PDF

Info

Publication number
CN115834410B
CN115834410B CN202211699446.9A CN202211699446A CN115834410B CN 115834410 B CN115834410 B CN 115834410B CN 202211699446 A CN202211699446 A CN 202211699446A CN 115834410 B CN115834410 B CN 115834410B
Authority
CN
China
Prior art keywords
virtual machine
network
container
linux virtual
replaced
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211699446.9A
Other languages
Chinese (zh)
Other versions
CN115834410A (en
Inventor
于雷
卢鹏
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Antiy Technology Group Co Ltd
Original Assignee
Antiy Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Antiy Technology Group Co Ltd filed Critical Antiy Technology Group Co Ltd
Priority to CN202211699446.9A priority Critical patent/CN115834410B/en
Publication of CN115834410A publication Critical patent/CN115834410A/en
Application granted granted Critical
Publication of CN115834410B publication Critical patent/CN115834410B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to the technical field of network shooting ranges, and discloses a method and a device for replacing a Linux virtual machine of a network shooting range with a container, wherein the method comprises the following steps: determining the MAC address of a network card of the Linux virtual machine to be replaced in the network shooting range and a network bridge connected with the network card; creating and starting a container corresponding to the Linux virtual machine to be replaced; adding a network card for the container, and designating an MAC address for the network card of the container, wherein the MAC address of the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced; connecting the network card of the container to a network bridge connected with the network card of the Linux virtual machine to be replaced; deleting the Linux virtual machine to be replaced. The Linux virtual machine in the network target range can be quickly replaced by a container, so that the consumption of the network target range to the physical server resource is reduced, and the construction starting speed of the network target range environment is improved.

Description

Method and device for replacing Linux virtual machine of network target range with container
Technical Field
The application relates to the technical field of network shooting ranges, in particular to a method and a device for replacing a Linux virtual machine of a network shooting range with a container.
Background
The Linux virtual machine is a simulation of a computer system, can realize the operation tasks of simulating a plurality of computers on one physical computer, and the operating system and the application share one or more host hardware resources. A hypervisor (hypervisor) is responsible for creating and running a Linux virtual machine, which connects hardware resources and the Linux virtual machine, completing the virtualization of computing resources. Currently, linux virtual machines are mostly used in a network target range to simulate a real network environment, and a large amount of physical server resources are required to be occupied.
Disclosure of Invention
The embodiment of the application provides a method, a device, electronic equipment and a storage medium for replacing a Linux virtual machine of a network target range with a container, which can quickly replace the Linux virtual machine in the network target range with the container, thereby reducing the consumption of the network target range to physical server resources and improving the construction starting speed of the network target range environment.
In a first aspect, an embodiment of the present application provides a method for replacing a Linux virtual machine of a network target range with a container, including:
determining the MAC address of a network card of the Linux virtual machine to be replaced in the network shooting range and a network bridge connected with the network card;
creating and starting a container corresponding to the Linux virtual machine to be replaced;
A network card is added to the container, and assigns a MAC address to the network card of the container, the MAC address of the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced;
Connecting the network card of the container to a network bridge connected with the network card of the Linux virtual machine to be replaced;
And deleting the Linux virtual machine to be replaced.
Optionally, the method further comprises:
And verifying whether the container can normally execute the service, if so, executing the step of deleting the Linux virtual machine to be replaced, otherwise, not executing the step of deleting the Linux virtual machine to be replaced.
Optionally, each Linux virtual machine in the network target range corresponds to a unique node ID, and the MAC address of the Linux virtual machine is generated according to the node ID of the Linux virtual machine.
Optionally, the fourth and fifth data of the MAC address of the Linux virtual machine are node IDs of the Linux virtual machine
Optionally, the aging time of the bridge is set to 0, so that the bridge transmits the message in a broadcast mode.
Optionally, the method further comprises:
And detecting the residual server resources of the network target range, and if the residual server resources are smaller than a resource threshold value, screening the Linux virtual machine to be replaced from the Linux virtual machines of the network target range.
In a second aspect, an embodiment of the present application provides an apparatus for replacing a Linux virtual machine of a network target range with a container, including:
The information acquisition module is used for determining the MAC address of the network card of the Linux virtual machine to be replaced in the network shooting range and the network bridge connected with the network card;
the container creation module is used for creating and starting a container corresponding to the Linux virtual machine to be replaced;
The container configuration module is used for adding a network card to the container and designating an MAC address for the network card of the container, wherein the MAC address of the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced;
the connecting module is used for connecting the network card of the container to a network bridge connected with the network card of the Linux virtual machine to be replaced;
And the deleting module is used for deleting the Linux virtual machine to be replaced.
Optionally, the device further includes a verification module, configured to verify whether the container can normally execute the service, if so, execute the function of the deletion module, and otherwise, not execute the function of the deletion module.
Optionally, each Linux virtual machine in the network target range corresponds to a unique node ID, and the MAC address of the Linux virtual machine is generated according to the node ID of the Linux virtual machine.
Optionally, the fourth and fifth data of the MAC address of the Linux virtual machine is a node ID of the Linux virtual machine.
Optionally, the aging time of the bridge is set to 0, so that the bridge transmits the message in a broadcast mode.
Optionally, the device further includes a resource detection module, configured to detect a remaining server resource of the network target range, and if the remaining server resource is smaller than a resource threshold, screen a Linux virtual machine to be replaced from Linux virtual machines of the network target range.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of any of the methods described above when the processor executes the computer program.
In a fourth aspect, an embodiment of the application provides a computer readable storage medium having stored thereon computer program instructions which when executed by a processor perform the steps of any of the methods described above.
In a fifth aspect, an embodiment of the present application provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from a computer-readable storage medium by a processor of a computer device, and executed by the processor, cause the computer device to perform the methods provided in various alternative implementations of control of any of the TCP transmission capabilities described above.
According to the method, the device, the electronic equipment and the storage medium for replacing the Linux virtual machine in the network target range, which are provided by the embodiment of the application, the Linux virtual machine in the network target range is replaced by the container with light body weight and high starting speed, so that the requirement of the network target range on physical server resources is reduced, and the starting speed of the network target range is obviously accelerated; when the Linux virtual machine is replaced by the container, the container multiplexes the MAC address of the Linux virtual machine, so that the strategy of relying on the MAC address to work in the network target range is ensured not to be adjusted and changed, and the replacement difficulty is reduced; under the condition that a network shooting range is not closed and corresponding service of the Linux virtual machine is suspended, hot replacement can be performed on the Linux virtual machine, so that service use of a user side is not affected in the whole replacement process.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for replacing a Linux virtual machine of a network target range with a container according to an embodiment of the present application;
fig. 2 is a schematic diagram of a connection relationship between a Switch-1 and a virtual machine Linux-1 in a network target range according to an embodiment of the present application;
Fig. 3 is a schematic diagram of a connection relationship between a Switch-1 and a container Docker-1 in a network target field according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application.
For convenience of understanding, the terms involved in the embodiments of the present application are explained below:
network Range (Cyber Range): the network space attack and defense combat environment is simulated by combining the virtual environment with the real equipment, so that the combat capability research and network weapon equipment verification test platform can be supported.
Virtual Machine (Virtual Machine): refers to a special piece of software that creates an environment between a computer platform and an end user, who operates the software based on the environment created by the software. In computer science, a virtual machine refers to a software implementation of a computer that can run a program like a real machine. For example, a KVM virtual machine (Kernel-based Virtual Machine) was integrated in each major release version of Linux since Linux2.6.20, which was managed using Linux's own scheduler with little core source code.
A container: i.e., a Docker Container (Docker Container), is an open-source application Container engine that allows developers to package their applications and rely on packages into a portable Container in a unified manner and then publish them to any server (including popular Linux machines, windows machines) that has a Docker engine installed, and also virtualize them. Containers are completely sandboxed mechanisms that do not have any interfaces to each other, have little performance overhead, and can be easily run in machines and data centers, and most importantly, they do not rely on any language, framework, including systems. The container runs on the host operating system, the kernel of the shared operating system, library files and the like, the shared components are read-only, and the computing resources required by the reproduction operating system can be reduced by sharing the operating system resources, which means that one host can run a plurality of container tasks only by installing the operating system. The container is lightweight, occupies less space, and can be actuated in the order of seconds. Compared with a container, the Linux virtual machine has longer starting time and occupies larger disk space. Compared with the Linux virtual machine, the container can run the application only by an operating system, a supporting program and library files, which means that the same host machine can start up a plurality of times more containers than the Linux virtual machine, and the starting speed of the containers is faster.
Bridge (Bridge): is a kernel module that behaves like a network switch, forwarding packets between interfaces connected to it. Bridges are typically used to forward data packets between a Linux virtual machine and a network namespace on a router, gateway or on a host.
Veth pair: the generic term Virtual ETHERNET PAIR is a pair of ports, and all packets coming in from one end of the pair will come out the other end, and vice versa. Because of its nature, it is often used to build virtual network topologies. Such as connecting two different network namespaces (netns), connecting a docker container, connecting a bridge (Linux bridge), etc.
Aging time: is a parameter that affects the switch learning process. Each port in the switch has a function of automatically learning an address, and a source address (source MAC address, switch port number) of a frame transmitted and received through the port is stored in an address table. During the MAC address aging time, if MAC addresses are not used, these MAC addresses will be deleted from the dynamic forwarding address table (by the source MAC address, destination MAC address, and their corresponding port numbers of the switch).
Referring to fig. 1, an embodiment of the present application provides a method for replacing a Linux virtual machine of a network target range with a container, including the following steps:
s101, determining the MAC address of a network card of the Linux virtual machine to be replaced in the network shooting range and a network bridge connected with the network card.
In the implementation, the position of any node in the network can be determined by analyzing the network connection topology of the network target range, and each virtual device in the network target range corresponds to a node, and the virtual devices include, but are not limited to, linux virtual machines, switches and the like. Specifically, a topology configuration file corresponding to the network target range may be obtained, where the topology configuration file includes: the network bridge connected with the network card of the node can be determined by analyzing the topology configuration file, such as the node ID of each node, the number of network cards owned by each node, the network bridge identifier of the network bridge connected with each network card, and the like. By checking the process of the node, the information such as the network card name, the MAC address and the like of the network card owned by the node can be obtained.
Referring to fig. 2, which shows a connection relationship between a Switch-1 and a virtual machine Linux-1 in a network target, a node ID of the Switch-1 in the target is 1, a node ID of the Linux-1 in the target is 2, a topology configuration file corresponding to the target environment shown in fig. 2 is obtained, it is known that, by analyzing the topology configuration file, both the Switch-1 and the Linux-1 have an interface (network card), which means that both the Switch-1 and the Linux-1 have a network card, and both the Switch-1 and the Linux-1 have an attribute network_id= '1', which means that both the network cards of the Switch-1 and the Linux-1 are connected to a bridge of the network_id= '1'. By looking at the process of Linux-1, one network card can be seen, the network card name is vunl0_2_0, corresponding to e0 in FIG. 2, the MAC address of the network card is 00:50:00:00:02:00, and the "00:02" in the MAC address is the node ID of Linux-1. By looking at the progress of Switch-1, it can be seen that there are 8 network cards, the first network card is vunl0_1_0, corresponding to Gi0/0 in FIG. 2, the MAC address of the network card is 00:50:00:00:01:00, and "00:01" in the MAC address is the node ID of Switch-1. Using brctl show commands to view the bridge's configuration file, it can be seen that Switch-1's network card vunl0_1_0 and Linux-1's network card vunl0_2_0 are connected to bridge vnet0_1, respectively, to connect the networks. By performing the following steps: brctl SETAGEING VNET _ 10 sets the aging time of bridge vnet0_1 to 0, causing bridge vnet0 _0_1 to operate like a hub, broadcasting all network messages received by the bridge.
In some embodiments, the physical server resources used by the network target range can be dynamically monitored, the remaining server resources of the network target range are calculated, if the remaining server resources are smaller than a resource threshold, the Linux virtual machine to be replaced is screened out from the Linux virtual machines of the network target range, and the Linux virtual machine to be replaced is replaced by a corresponding container. When physical server resources reach the bottleneck and more instances cannot be created, the Linux virtual machine is replaced by the container, so that some physical server resources can be released for creating more instances, and a larger network target range environment is built.
S102, creating and starting a container corresponding to the Linux virtual machine to be replaced.
It should be noted that, the existing tool may be used to convert the Linux virtual machine to be replaced into a container, and the created container and the Linux virtual machine to be replaced have a one-to-one mapping relationship.
S103, adding a network card for the container, and assigning an MAC address for the network card of the container.
In specific implementation mode, the MAC address appointed for the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced.
It should be noted that, some policies (such as firewall policies) preset in the network target range are all related to MAC addresses, and if the MAC address of the replaced container is different from the replaced Linux virtual machine, the related policies need to be rewritten, so that the process is tedious and error-prone. When the container is used for replacing the Linux virtual machine, the container multiplexes the MAC address of the Linux virtual machine, so that the strategy of relying on the MAC address to work in the network target range is ensured not to be adjusted and changed, and the replacement difficulty is reduced.
In some embodiments, each Linux virtual machine in the network target range corresponds to a unique node ID, and the MAC address of the Linux virtual machine is generated according to the node ID of the Linux virtual machine. When the Linux virtual machine is replaced by the container, the container multiplexes the node ID and the MAC address of the Linux virtual machine, and the MAC address of the replaced container is ensured to be consistent with the Linux virtual machine.
In specific implementation, the fourth and fifth bits of data of the MAC address of the Linux virtual machine are set as the node IDs of the Linux virtual machine, so that the available node IDs are 65535. For example, the MAC address of the Linux virtual machine is 00:50:00:00:02:00, wherein the fourth and fifth bit data "00:02" represents the node ID of the Linux virtual machine in the network target.
S104, connecting the network card of the container to a bridge connected with the network card of the Linux virtual machine to be replaced.
In the implementation, a configuration file of a network bridge connected with a network card of the Linux virtual machine to be replaced is obtained, and the network card name of the network card of the container is added in the configuration file.
In some implementations, after step S104 is performed, the method provided by the embodiment of the present application further includes the following steps: verifying whether the container can normally execute the service; if the container can normally execute the service, step S105 is executed, otherwise step S105 is not executed. And firstly, carrying out service verification on the replaced container, and deleting the Linux virtual machine after the verification is passed, so as to ensure the normal execution of the replaced service.
In practice, the aging time of the bridge is set to 0. It should be noted that the aging time of the bridge is set to 0, so that the bridge will not record the MAC address table of the access device, so that the bridge is in the broadcast mode, and for this purpose, the bridge may broadcast all network data packets to all interfaces connected to the bridge like a hub. When the Linux virtual machine is replaced by the container, the container is accessed to the network bridge, the switch broadcasts the received message through the network bridge, and the container and the Linux virtual machine connected to the network bridge can obtain the message sent by the switch, so that the container and the Linux virtual machine can execute the same service at the same time, and the Linux virtual machine is disconnected and deleted after the container is confirmed to run without errors, thereby guaranteeing the seamless connection of the Linux virtual machine and the container. Therefore, the Linux virtual machine can be subjected to hot replacement under the conditions of not closing a network shooting range and suspending the corresponding service of the Linux virtual machine, so that the service use of a user side is not influenced in the whole replacement process.
S105, deleting the Linux virtual machine to be replaced.
In the implementation, the configuration file of the bridge connected with the network card of the Linux virtual machine to be replaced is obtained, the network card name of the network card of the Linux virtual machine to be replaced is deleted from the configuration file, and the connection between the Linux virtual machine to be replaced and the bridge can be disconnected, so that the virtual machine to be replaced is disconnected, and at the moment, the consumption of CPU and memory resources in a network target can be reduced due to the fact that the Linux virtual machine is replaced by a container. And then deleting the configuration files related to the Linux virtual machine to be replaced, namely thoroughly deleting the Linux virtual machine to be replaced in the network shooting range, so as to release the hard disk storage resources occupied by the replaced Linux virtual machine.
Taking the Switch-1 and the virtual machine Linux-1 shown in fig. 2 as an example, after the container Docker-1 is used to replace Linux-1, the topology connection relationship between the Switch-1 and the Docker-1 refers to fig. 3, and it can be seen from looking at the topology configuration file: node 2 changed from previous Linux-1 to Docker-1, with the interface configuration unchanged. Looking at the configuration of bridge vnet0_1, the previous vunl0_2_0 interface of Linux-1 became the vnet0_2_0 interface of Docker-1. At this time, docker-1 has completely replaced Linux-1 to become a node with node ID=2 in the network range, and the MAC address of Docker-1 network card is checked to be 00:50:00:00:02:00, which is consistent with the previous MAC address of Linux-1.
According to the method for replacing the Linux virtual machine of the network target range with the container, which is provided by the embodiment of the application, the Linux virtual machine in the network target range is replaced with the container with light weight and high starting speed, so that the requirement of the network target range on physical server resources is reduced, and the starting speed of the network target range is obviously accelerated; when the Linux virtual machine is replaced by the container, the container multiplexes the MAC address of the Linux virtual machine, so that the strategy of relying on the MAC address to work in the network target range is ensured not to be adjusted and changed, and the replacement difficulty is reduced; under the condition that a network shooting range is not closed and corresponding service of the Linux virtual machine is suspended, hot replacement can be performed on the Linux virtual machine, so that service use of a user side is not affected in the whole replacement process.
Based on the same inventive concept as the method for replacing the Linux virtual machine of the network target range with the container, the embodiment of the application further provides a device for replacing the Linux virtual machine of the network target range with the container, which comprises:
the information acquisition module is used for determining the MAC address of the network card of the Linux virtual machine to be replaced in the network shooting range and the network bridge connected with the network card, and the aging time of the network bridge is set to be 0;
the container creation module is used for creating and starting a container corresponding to the Linux virtual machine to be replaced;
The container configuration module is used for adding a network card to the container and designating an MAC address for the network card of the container, wherein the MAC address of the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced;
the connecting module is used for connecting the network card of the container to a network bridge connected with the network card of the Linux virtual machine to be replaced;
And the deleting module is used for deleting the Linux virtual machine to be replaced.
Optionally, the device further includes a verification module, configured to verify whether the container can normally execute the service, if so, execute the function of the deletion module, and otherwise, not execute the function of the deletion module.
Optionally, each Linux virtual machine in the network target range corresponds to a unique node ID, and the MAC address of the Linux virtual machine is generated according to the node ID of the Linux virtual machine.
Optionally, the fourth and fifth data of the MAC address of the Linux virtual machine are node IDs of the Linux virtual machine
Optionally, the aging time of the bridge is set to 0, so that the bridge transmits the message in a broadcast mode.
Optionally, the device further includes a resource detection module, configured to detect a remaining server resource of the network target range, and if the remaining server resource is smaller than a resource threshold, screen a Linux virtual machine to be replaced from Linux virtual machines of the network target range.
The device for replacing the Linux virtual machine of the network target range with the container and the method for replacing the Linux virtual machine of the network target range with the container provided by the embodiment of the application adopt the same inventive concept, can achieve the same beneficial effects, and are not described in detail herein.
Based on the same inventive concept as the method for replacing the Linux virtual machine of the network target range with the container, the embodiment of the application also provides electronic equipment, which can be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA), a server and the like. The electronic device may include a processor and a memory.
The Processor may be a general purpose Processor such as a Central Processing Unit (CPU), digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field programmable gate array (Field Programmable GATE ARRAY, FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution.
The memory is used as a non-volatile computer readable storage medium for storing non-volatile software programs, non-volatile computer executable programs, and modules. The Memory may include at least one type of storage medium, which may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), magnetic Memory, magnetic disk, optical disk, and the like. The memory is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory in embodiments of the present application may also be circuitry or any other device capable of performing memory functions for storing program instructions and/or data.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; such computer storage media can be any available media or data storage device that can be accessed by a computer including, but not limited to: various media that can store program code, such as a mobile storage device, a random access memory (RAM, random Access Memory), a magnetic memory (e.g., a floppy disk, a hard disk, a magnetic tape, a magneto-optical disk (MO), etc.), an optical memory (e.g., CD, DVD, BD, HVD, etc.), and a semiconductor memory (e.g., ROM, EPROM, EEPROM, a nonvolatile memory (NAND FLASH), a Solid State Disk (SSD)), etc.
Or the above-described integrated units of the application may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media that can store program code, such as a mobile storage device, a random access memory (RAM, random Access Memory), a magnetic memory (e.g., a floppy disk, a hard disk, a magnetic tape, a magneto-optical disk (MO), etc.), an optical memory (e.g., CD, DVD, BD, HVD, etc.), and a semiconductor memory (e.g., ROM, EPROM, EEPROM, a nonvolatile memory (NAND FLASH), a Solid State Disk (SSD)), etc.
The foregoing embodiments are only used for describing the technical scheme of the present application in detail, but the descriptions of the foregoing embodiments are only used for helping to understand the method of the embodiments of the present application, and should not be construed as limiting the embodiments of the present application. Variations or alternatives readily apparent to those skilled in the art are intended to be encompassed within the scope of the embodiments of the present application.

Claims (10)

1. A method for replacing a Linux virtual machine of a network target range with a container, comprising:
determining the MAC address of a network card of the Linux virtual machine to be replaced in the network shooting range and a network bridge connected with the network card;
creating and starting a container corresponding to the Linux virtual machine to be replaced;
A network card is added to the container, and assigns a MAC address to the network card of the container, the MAC address of the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced;
Connecting the network card of the container to a network bridge connected with the network card of the Linux virtual machine to be replaced;
And deleting the Linux virtual machine to be replaced.
2. The method according to claim 1, wherein the method further comprises:
And verifying whether the container can normally execute the service, if so, executing the step of deleting the Linux virtual machine to be replaced, otherwise, not executing the step of deleting the Linux virtual machine to be replaced.
3. The method of claim 1, wherein each Linux virtual machine in the network target is associated with a unique node ID, and wherein the MAC address of the Linux virtual machine is generated from the node IDs of the Linux virtual machines.
4. A method according to claim 3, wherein the fourth and fifth bits of data of the MAC address of the Linux virtual machine are node IDs of the Linux virtual machine.
5. The method according to any of claims 1 to 4, wherein the ageing time of the bridge is set to 0, such that the bridge transmits messages in broadcast mode.
6. The method according to any one of claims 1 to 4, further comprising:
detecting remaining server resources of the network range;
And if the residual server resources are smaller than the resource threshold, screening the Linux virtual machine to be replaced from the Linux virtual machines in the network target range.
7. An apparatus for replacing a Linux virtual machine of a network target range with a container, comprising:
The information acquisition module is used for determining the MAC address of the network card of the Linux virtual machine to be replaced in the network shooting range and the network bridge connected with the network card;
the container creation module is used for creating and starting a container corresponding to the Linux virtual machine to be replaced;
The container configuration module is used for adding a network card to the container and designating an MAC address for the network card of the container, wherein the MAC address of the network card of the container is consistent with the MAC address of the network card of the Linux virtual machine to be replaced;
the connecting module is used for connecting the network card of the container to a network bridge connected with the network card of the Linux virtual machine to be replaced;
And the deleting module is used for deleting the Linux virtual machine to be replaced.
8. The apparatus of claim 7, further comprising a verification module configured to verify whether the container is capable of executing the service normally, and if so, to execute the function of the deletion module, and otherwise, not to execute the function of the deletion module.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 6 when the computer program is executed by the processor.
10. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the steps of the method of any of claims 1 to 6.
CN202211699446.9A 2022-12-28 2022-12-28 Method and device for replacing Linux virtual machine of network target range with container Active CN115834410B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211699446.9A CN115834410B (en) 2022-12-28 2022-12-28 Method and device for replacing Linux virtual machine of network target range with container

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211699446.9A CN115834410B (en) 2022-12-28 2022-12-28 Method and device for replacing Linux virtual machine of network target range with container

Publications (2)

Publication Number Publication Date
CN115834410A CN115834410A (en) 2023-03-21
CN115834410B true CN115834410B (en) 2024-08-02

Family

ID=85518994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211699446.9A Active CN115834410B (en) 2022-12-28 2022-12-28 Method and device for replacing Linux virtual machine of network target range with container

Country Status (1)

Country Link
CN (1) CN115834410B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109147447A (en) * 2017-06-16 2019-01-04 云南电网有限责任公司信息中心 A kind of network-combination yarn target range actual combat system based on virtualization technology
CN109587281A (en) * 2017-09-29 2019-04-05 华为技术有限公司 Container configuration method and calculate node

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190347127A1 (en) * 2018-05-09 2019-11-14 Red Hat, Inc. Service provisioning and orchestration for virtual machine to container migration
CN112311816B (en) * 2020-12-30 2021-03-30 博智安全科技股份有限公司 Initialization method and reset method for virtual and real combined network target range environment
CN113312142B (en) * 2021-02-26 2023-12-26 阿里巴巴集团控股有限公司 Virtualized processing system, method, device and equipment
CN114640597B (en) * 2022-02-24 2023-08-15 烽台科技(北京)有限公司 Network target range configuration migration method, device, computer equipment and medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109147447A (en) * 2017-06-16 2019-01-04 云南电网有限责任公司信息中心 A kind of network-combination yarn target range actual combat system based on virtualization technology
CN109587281A (en) * 2017-09-29 2019-04-05 华为技术有限公司 Container configuration method and calculate node

Also Published As

Publication number Publication date
CN115834410A (en) 2023-03-21

Similar Documents

Publication Publication Date Title
US11968110B2 (en) Cloud network reachability analysis for virtual private clouds
US9632914B2 (en) Error diagnostic in a production environment
Cotroneo et al. Network function virtualization: Challenges and directions for reliability assurance
EP2979180B1 (en) Methods, systems, and computer readable media for emulating virtualization resources
Wolf et al. Virtualization: from the desktop to the enterprise
US9602334B2 (en) Independent network interfaces for virtual network environments
US20170149838A1 (en) Techniques to deliver security and network policies to a virtual network function
US9256463B2 (en) Method and apparatus to replicate stateful virtual machines between clouds
US11301350B1 (en) Automated testing of systems and applications
US20220100599A1 (en) Automated testing of systems and applications
US11983100B2 (en) Automated testing of systems and applications
US20210288885A1 (en) Simulation and testing of infrastucture as a service scale using a container orchestration engine
JP2017199367A (en) Method and system for analyzing record and use of post package repair
US10084652B2 (en) Customizing network configuration of virtual machines using subnet mapping rules
US8793688B1 (en) Systems and methods for double hulled virtualization operations
US11036543B1 (en) Integrated reliability, availability, and serviceability state machine for central processing units
US11546224B2 (en) Virtual network layer for distributed systems
US10628198B2 (en) Hypervisor management of migration notification and response messages for virtual machines
US20180054357A1 (en) Discovering Changes of Network Interface Controller Names
US10904167B2 (en) Incoming packet processing for a computer system
Azab et al. Towards proactive SDN-controller attack and failure resilience
Malik et al. A measurement study of open source SDN layers in OpenStack under network perturbation
US20230021723A1 (en) Automated migration of monolithic applications to container platforms
US11070629B2 (en) Migration notification and response messages for virtual machines
CN115834410B (en) Method and device for replacing Linux virtual machine of network target range with container

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant