CN116436727B - Virtual machine container mixed arrangement system and IPv6 network implementation method thereof - Google Patents

Virtual machine container mixed arrangement system and IPv6 network implementation method thereof Download PDF

Info

Publication number
CN116436727B
CN116436727B CN202310418192.7A CN202310418192A CN116436727B CN 116436727 B CN116436727 B CN 116436727B CN 202310418192 A CN202310418192 A CN 202310418192A CN 116436727 B CN116436727 B CN 116436727B
Authority
CN
China
Prior art keywords
ipv6
address
network card
original
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310418192.7A
Other languages
Chinese (zh)
Other versions
CN116436727A (en
Inventor
张凯航
徐文豪
王弘毅
张凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SmartX Inc
Original Assignee
SmartX Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SmartX Inc filed Critical SmartX Inc
Priority to CN202310418192.7A priority Critical patent/CN116436727B/en
Publication of CN116436727A publication Critical patent/CN116436727A/en
Application granted granted Critical
Publication of CN116436727B publication Critical patent/CN116436727B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses

Abstract

The invention provides a virtual machine container mixing arrangement system and an IPv6 network implementation method thereof, wherein the IPv6 network implementation method is used for the virtual machine container mixing arrangement system, and the virtual machine container mixing arrangement system comprises a container and a virtual machine arranged in the container; the IPv6 network implementation method comprises the following steps: creating a bridge device in the container; creating tap equipment connected with the network bridge equipment in the container, wherein the tap equipment is used for connecting the network bridge equipment with the virtual machine; the IPv6 address and the MAC address of the original network card in the container are acquired, and the IPv6 address and the MAC address of the original network card are endowed to the virtual machine; resetting the original network card, and adding the reset original network card to the network bridge equipment. The technical scheme of the invention can solve the problems that the prior art occupies a large amount of calculation resources and increases network delay.

Description

Virtual machine container mixed arrangement system and IPv6 network implementation method thereof
Technical Field
The invention relates to the technical field of virtualization, in particular to a virtual machine container mixed arrangement system and an IPv6 network implementation method thereof.
Background
In the currently mainstream virtualization technology, virtual machines and containers are the most commonly used two ways. The virtual machine is a complete computer system which is simulated by software, has the function of a complete hardware system and operates in a complete isolation environment; the container is a sandbox technology in which applications can be run and isolated from the outside world. Each virtual machine has its own independent guest operating system, which is not interfered with each other, and on each guest operating system, independent software and applications can be run. The container is directly run on the operating system of the host machine, and multiple containers can share the same host machine operating system.
How to realize the mixed deployment of the virtual machine and the container is an important research direction of the current virtualization technology. In order to uniformly manage the virtual machines and the containers, the open source community currently provides a thought that virtual machine processes run in the containers, and a representative project is a mixed orchestration system Kubevirt developed by Redhat corporation. By using Kubevirt, a user can start a virtual machine in a container creating manner, so that the aim of uniformly managing and organizing resources can be achieved by only using a resource organizing system Kubernetes. In Kubevit, which is the mainstream at present, IPv6 network support of virtual machines is realized through a Masquerade network mode. Referring to fig. 1, fig. 1 is a schematic structural diagram of a Masquerade network mode in Kubevirt. The network card ens in the virtual machine is connected to the bridge br-eth0 located in the container through the tap device, and forms a network path from the virtual machine to the container. After the IPv6 network flow sent from the virtual machine reaches the network bridge br-eth0, SNAT operation is needed to be performed once (namely, the original address is changed) so as to modify the IPv6 address in the data packet, and the data packet can be sent to the outside of the container by the network card eth0 in the container; also, IPv6 network traffic sent from outside the container to network card eth0 needs to do a DNAT operation (i.e. change destination address) to modify the destination IPv6 address of the packet, so that it can be sent by bridge br-eth0 to network card ens inside the virtual machine.
However, both IPv6 network traffic sent from within the virtual machine to outside the container and from outside the container to within the virtual machine require NAT operations to modify the data packets, and network traffic is routed once, which takes up significant computing resources and increases network latency. In addition, the user accesses the virtual machine by accessing the IPv6 address of the corresponding container, and when the IPv6 address of the virtual machine is different from the IPv6 address of the corresponding container, the user is bothered, and the user experience is affected.
Disclosure of Invention
The invention provides a virtual machine container mixing arrangement system and an IPv6 network implementation scheme thereof, aiming at solving the problems that the prior art occupies a large amount of computing resources and increases network delay.
To solve the above problems, according to a first aspect of the present invention, an IPv6 network implementation method of a virtual machine container hybrid orchestration system is provided, for a virtual machine container hybrid orchestration system, where the virtual machine container hybrid orchestration system includes a container, and a virtual machine disposed in the container; the IPv6 network implementation method comprises the following steps:
creating a bridge device in the container;
creating tap equipment connected with the network bridge equipment in the container, wherein the tap equipment is used for connecting the network bridge equipment with the virtual machine;
The IPv6 address and the MAC address of the original network card in the container are acquired, and the IPv6 address and the MAC address of the original network card are endowed to the virtual machine;
resetting the original network card, and adding the reset original network card to the network bridge equipment.
Preferably, in the above method for implementing an IPv6 network, the step of resetting the original network card and adding the reset original network card to the bridge device includes:
closing the original network card in the container and renaming the original network card;
removing the IPv6 address of the original network card and resetting the MAC address of the original network card;
after resetting the MAC address of the original network card, starting the original network card;
and adding the IPv6 address of the renamed original network card into the network bridge equipment.
Preferably, in the above method for implementing an IPv6 network, the step of resetting the MAC address of the original network card further includes:
creating a virtual network card in the container;
setting the name of the virtual network card as the name of the original network card before renaming;
and giving the original IPv6 address of the original network card to the virtual network card.
Preferably, in the above IPv6 network implementation method, after the step of adding the reset original network card to the bridge device, the method further includes:
acquiring an original IPv6 address and an original MAC address of an original network card;
Starting a DHCPv6 server in the container, and monitoring the DHCPv6 server at the network bridge equipment;
when the DHCPv6 server monitors the IPv6 address acquisition request from the client corresponding to the MAC address, the client is allocated with the original IPv6 address of the original network card.
Preferably, the above method for implementing an IPv6 network further includes, before the step of allocating an IPv6 address of an original network card to a client:
the client sends a route request message to the multicast address in the link so as to enable the route notification server in the link to return the route notification message;
the client sets the routing information of the IPv6 network stack according to the routing notification message.
Preferably, the above-mentioned IPv6 network implementation method further includes, after the step of adding the reset original network card to the bridge device:
acquiring original IPv6 routing information and an original MAC address of an original network card;
judging whether the original IPv6 routing information comprises an IPv6 default routing address of the original network card or not;
if the original IPv6 routing information comprises the IPv6 default routing address of the original network card, acquiring a link local address of the default routing in the link according to the IPv6 default routing address of the original network card;
adding a link local address of a default route in the link to the bridge device;
Constructing a route notification message by using the original IPv6 route information of the original network card, and setting a head source address of the route notification message as the link local address;
a route advertisement server is started within the container, and route advertisements are periodically sent to the virtual machines using the route advertisement server.
Preferably, the above method for implementing an IPv6 network further includes, after the step of determining whether the IPv6 routing information includes an IPv6 default routing address of an original network card:
if the IPv6 routing information does not comprise the IPv6 default routing address of the original network card, constructing a routing notification message by using the IPv6 routing information of the original network card, setting the head source address of the routing notification message to be null, and setting the effective life cycle to be 0;
and starting a route notification server in the container, monitoring the route notification server at the network bridge device, and periodically sending the route notification to the virtual machine by using the route notification server.
Preferably, the above method for implementing an IPv6 network further includes, after the step of obtaining a link local address of a default route in a link:
closing the IPv6 address conflict detection function of the network bridge equipment;
setting an IPv6 firewall in the container, wherein the IPv6 firewall is used for rejecting all the local address neighbor discovery requests of the default routing link sent to the network bridge equipment;
Static neighbor entries are added within the container to the link local address of the virtual machine.
According to a second aspect of the present invention, there is also provided a virtual machine container mix orchestration system comprising: a container and a virtual machine disposed within the container; the virtual machine container mix orchestration system further comprises:
a bridge creation module for creating a bridge device in the container;
the device creation module is used for creating tap devices connected with the network bridge devices in the container, wherein the tap devices are used for connecting the network bridge devices with the virtual machines;
the first address acquisition module is used for acquiring the IPv6 address and the MAC address of the original network card;
the address giving module is used for giving the IPv6 address and the MAC address of the original network card to the virtual machine;
the network card resetting module is used for resetting the original network card and adding the reset original network card to the network bridge equipment.
Preferably, the above-mentioned virtual machine container mixing arrangement system further comprises:
the information acquisition module is used for acquiring the original IPv6 routing information and the original MAC address of the original network card;
the information judging module is used for judging whether the IPv6 routing information comprises an IPv6 default routing address of the original network card;
the second address acquisition module is used for acquiring a link local address of a default route in the link according to the IPv6 default route address of the original network card if the original IPv6 route information comprises the IPv6 default route address of the original network card;
An address adding module, configured to add a link local address of a default route in a link to the bridge device;
the message construction module is used for constructing a route notification message by using the original IPv6 route information of the original network card, and setting the head source address of the route notification message as a link local address;
and the server starting module is used for starting a route notification server in the container and periodically sending route notifications to the virtual machine by using the route notification server.
In summary, the virtual machine container mixed arranging system and the IPv6 realizing method thereof provided by the invention are characterized in that the bridge equipment is created in the container, then the bridge equipment is connected with the virtual machine by using the tap equipment, thus, the virtual machine can receive and transmit the IPv6 network traffic of the virtual machine by reading and writing character ends of the tap equipment, thus, the network path from the virtual machine to the container is formed, then the IPv6 address and the MAC address of the original network card in the container are acquired to be endowed to the virtual machine, the virtual machine is provided with the IPv6 address and the MAC address of the container, then the original network card is reset, the reset original network card is added to the bridge equipment, thus, the bridge equipment is connected to the original network card in the container, the network path from the bridge equipment to the outside of the container is formed, the network path from the bridge equipment to the outside of the container is realized by using the bridge equipment as the two-layer exchanger, the virtual machine can directly communicate with other containers or the virtual machine in the cluster by means of the link, thus, the IPv6 address of the container is not required to be transmitted from the inside the virtual machine to the outside of the container, and the user is not required to be influenced by the IPv6 address of the container, and the user is not required to be operated at the same time, and the user is not influenced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the structures shown in these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a Masquerade network mode in Kubevirt provided in the prior art;
FIG. 2 is a schematic diagram of a first virtual machine container mixing arrangement system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an in-container IPv6 network management device according to an embodiment of the present invention;
fig. 4 is a flow chart of an IPv6 network implementation method of the first virtual machine container hybrid orchestration system according to the embodiment of the present invention;
fig. 5 is a flow chart of an adding method of an original network card provided by the embodiment shown in fig. 4;
fig. 6 is a flowchart of a method for resetting a MAC address of an original network card according to the embodiment shown in fig. 5;
fig. 7 is a flow chart of an IPv6 network implementation method of the second virtual machine container hybrid orchestration system according to the embodiment of the present invention;
Fig. 8 is a flow chart of an IPv6 network implementation method of a third virtual machine container hybrid orchestration system according to an embodiment of the present invention;
fig. 9 is a flow chart of an IPv6 network implementation method of a fourth virtual machine container hybrid orchestration system according to an embodiment of the present invention;
fig. 10 is a flow chart of an IPv6 network implementation method of a fifth virtual machine container hybrid orchestration system according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of a second virtual machine container mix orchestration system according to embodiments of the present invention;
fig. 12 is a schematic structural diagram of a third virtual machine container mixing arrangement system according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
The device comprises a container-container, a VM-virtual machine, a ens 4-virtual machine internal network card, a tap0-tap device, a br-eth 0-bridge device, an eth 0-original network card and an external device of the container.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The technical problems mainly solved by the embodiment of the invention are as follows:
the mixed orchestration system Kubevirt provided by the prior art needs to perform NAT operation for modifying the data packet no matter the mixed orchestration system Kubevirt is sent from the inside of the virtual machine to the outside of the container or from the outside of the container to the inside of the virtual machine, and meanwhile, the network traffic needs to undergo one routing, which occupies a large amount of computing resources and increases network delay. In addition, the user accesses the virtual machine by accessing the IPv6 address of the corresponding container, and when the IPv6 address of the virtual machine is different from the IPv6 address of the corresponding container, the user is bothered, and the user experience is affected.
In order to solve the above-mentioned problem, the following embodiments of the present invention provide a virtual machine container hybrid arrangement system and an IPv6 network implementation method thereof, by assigning an IP address and a MAC address of an original network card in a container to a virtual machine, so that a network card ens in the virtual machine is connected to a bridge device br-eth0 located in the container through a tap device to form a network path from the virtual machine to the container; the in-container network card eth0 is connected to the bridge devices br-eth0 to form a network path from the bridge devices to the outside of the container. The network bridge device acts as a two-layer switch, so that NAT operation is not needed for data exchange between the virtual machine and the outside of the container, and the problem that different IPv6 addresses of the virtual machine and corresponding containers cause trouble to users and influence user experience is solved.
In order to achieve the above objective, referring to fig. 4, fig. 4 is a flow chart of an IPv6 network implementation method of a virtual machine container hybrid orchestration system according to the present invention. As shown in fig. 4, the method is used for a virtual machine container mixing orchestration system, which includes a container, and a virtual machine disposed within the container; the IPv6 network implementation method comprises the following steps:
S110: a bridge device is created in the container. In connection with the system shown in fig. 2, the bridge device br-eth0 acts as a two-layer switch, implementing virtual machine to bridge, and bridge to network path outside the container.
S120: and creating a tap device connected with the network bridge device in the container, wherein the tap device is used for connecting the network bridge device and the virtual machine. As shown in fig. 2, the tap device is used to connect the network card ens in the virtual machine with the bridge device br-eth0 in the container, and the virtual machine management program can implement receiving and sending of the IPv6 network traffic of the virtual machine by reading and writing the character end of the tap device. The virtual machine and the network bridge equipment are connected through the tap equipment, so that a network path from the virtual machine to the container is formed.
S130: and acquiring the IPv6 address and the MAC address of the original network card in the container, and endowing the IPv6 address and the MAC address of the original network card to the virtual machine.
In connection with the apparatus shown in fig. 3, an IPv6 network management apparatus capable of setting up a virtual machine container hybrid orchestration system in an in-container network stack includes a network link module 100, an IPv6 address management module 200, and an IPv6 route management module 300. In the virtual machine container mixed arrangement system, the realization of the bridge mode IPv6 network is realized by utilizing an IPv6 network management device in a container to realize the communication of a data link layer from a virtual machine to the outside of the container, and simultaneously, an IPv6 address is provided for the virtual machine by utilizing an IPv6 address management module 200, and IPv6 routing information is provided for the virtual machine by an IPv6 routing management module 300. The IPv6 address and the MAC address of the original network card in the container are endowed to the virtual machine, so that the virtual machine network card ens4 has the IPv6 address and the MAC address of the container, and the IPv6 address and the MAC address of the container are convenient to communicate with the network outside the container.
S140: resetting the original network card, and adding the reset original network card to the network bridge equipment. Because the IPv6 address and the MAC address of the original network card are given to the virtual machine, the original network card needs to be reset, including resetting the MAC address of the original network card, renaming the original network card, and so on, so that the renamed original network card is added to the bridge device br-eth0, thereby implementing the network path between the bridge device and the container external device outlide.
In summary, the virtual machine container mixed arranging system and the IPv6 implementing method provided by the embodiments of the present invention create a bridge device in a container, and then use a tap device to connect the bridge device with a virtual machine, so that the virtual machine can implement receiving and sending of IPv6 network traffic of the virtual machine by reading and writing character ends of the tap device, thus forming a network path from the virtual machine to the container, then acquire an IPv6 address and an MAC address of an original network card in the container to give the virtual machine, so that the virtual machine has the IPv6 address and the MAC address of the container, then reset the original network card, add the reset original network card to the bridge device, thus the bridge device acts as a two-layer switch, the bridge device is connected to the original network path from the container, so that the bridge device is used as a two-layer switch to implement network path from the virtual machine to the outside of the container, and the virtual machine can directly communicate with other containers or the virtual machine by means of the link, thus the IPv6 is not required to be sent from the container to the original network machine, and the network address of the container is not required to be affected by the user, and the user experience of the container is not required to be affected.
Because the original network card of the container does not necessarily have an IPv6 address, for example, an additional network card added to the container through a Multus network plug-in, the original network card eth0 in the container may be directly added to the bridge device. If the original network card in the container has the IPv6 address, the original network card needs to be reset.
Specifically, as a preferred embodiment, as shown in fig. 5, step S140 described above: resetting the original network card, adding the reset original network card to the network bridge equipment, and specifically comprising:
s141: closing the original network card in the container and renaming the original network card. The IPv6 address of the original network card needs to be removed, and the IPv6 address is then given to the virtual machine by the IPv6 address management module 200.
S142: and removing the IPv6 address of the original network card and resetting the MAC address of the original network card. Resetting the MAC address of the original network card, since the MAC address is used by the virtual machine later, it is necessary to avoid that two communication nodes have the same MAC address in the same network link.
S143: after resetting the MAC address of the original network card, restarting the original network card;
s144: and adding the renamed original network card into the network bridge equipment. The renamed container network cards eth0-nic need to be added to the bridge devices br-eth0 to realize a network access between the virtual machine and the external device outlide of the container, and the virtual machine can perform two-layer communication with other containers or virtual machines in the cluster by means of the link.
According to the technical scheme provided by the embodiment of the invention, the original network card is closed, then the original network card is renamed, the IPv6 address of the original network card is removed, and the MAC address of the original network card is reset, so that two communication nodes in the same network link are prevented from having the same MAC address. And adding the renamed original network card into the network bridge equipment, so that a network link from the network bridge equipment to the outside of the container is formed through the original network card, and the virtual machine and other containers or virtual machines in the cluster realize two-layer communication.
Because some network plug-ins can periodically check the IPv6 address of the original network card in the container, if the existence of the IPv6 address of the original network card is not detected for a long time, the container state can be set as failure. To avoid the above situation, as a preferred embodiment, as shown in fig. 6, in the above-mentioned IPv6 network implementation method, step S142: the step of resetting the MAC address of the original network card further includes:
s1421: a virtual network card is created within the container.
S1422: setting the name of the virtual network card as the name of the original network card before renaming.
S1423: and assigning the IPv6 address of the original network card to the virtual network card.
According to the technical scheme provided by the embodiment of the invention, the original network card in the container is closed, however, because some network plug-ins can periodically check the IPv6 address of the original network card in the container, if the existence of the IPv6 address of the original network card is not detected for a long time, the container state can be set as failure. To avoid this, a virtual dummy type network card with the same name needs to be added into the container, and the IPv6 address of the container is added to pass the detection. The virtual network card is not added into a network link, so that the IPv6 communication of the virtual machine is not affected.
The network link module 100 implements a link path from the inside of the virtual machine to the outside of the container, and the IPv6 address management module 200 in the container is required to provide an IPv6 address for the virtual machine. Specifically, as a preferred embodiment, as shown in fig. 7, the above-mentioned IPv6 network implementation method, step S140: the step of adding the reset original network card to the network bridge device further comprises the following steps:
s210: and acquiring the original IPv6 address and the original MAC address of the original network card. It should be noted that the original network card eth0 is a container network card before renaming, and is not a virtual dummy type network card.
S220: starting a DHCPv6 server in the container, and monitoring the DHCPv6 server at the network bridge device. The DHCPv6 server responds only to the client IPv6 address acquisition request from the MAC address described above, and assigns the client an IPv6 address of the container.
In addition, because the original network card in the container does not necessarily have an IPv6 address, for example, an additional network card added to the container through a Multus network plug-in, it is not necessary to start the HDCPv6 server at this time, and the virtual machine can acquire the IPv6 address through other DHCPv6 servers deployed on the network link.
S230: when the DHCPv6 server monitors the IPv6 address acquisition request of the client corresponding to the MAC address, the IPv6 address of the original network card is allocated to the client.
Through the IPv6 address management module 200 in fig. 3, the IPv6 address of the container can be allocated to a virtual machine running inside the container, and it should be understood by those skilled in the art that, in order for the virtual machine to communicate with other network nodes, routing information of the target IPv6 address needs to exist in the virtual machine, and inform the network stack of the next hop address of the corresponding data packet, if the data packet in the same link can be directly sent to the destination node through two-layer communication, for the data packet in different links, it needs to be sent to the router first, and then the router selects a path to send the data packet.
The routing information of the IPv6 network in the virtual machine can be obtained through the routing discovery, namely the client sends a routing request message to the multicast address ff00 in the link, the router in the link returns a routing notification message, the client sets the routing information of the IPv6 network stack through the received routing notification message, and the router in the link can also send the routing notification message to the specific client under the condition that the routing request message is not received.
Specifically, as a preferred embodiment, as shown in fig. 8, the above-mentioned IPv6 network implementation method, step S230: before the step of distributing the IPv6 address of the original network card to the client, the method further includes:
S310: the client sends a route request message to the intra-link multicast address to cause the intra-link route advertisement server to return a route advertisement message.
S320: the client sets the routing information of the IPv6 network stack according to the routing notification message.
According to the technical scheme provided by the embodiment of the invention, the virtual machine is required to be communicated with other network nodes, the virtual machine needs to have the route information of the target IPv6 address, the next hop address of the data packet corresponding to the network stack is informed, if the data packet in the same link can be directly transmitted to the target node through two-layer communication, the data packets in different links need to be transmitted to the router first, and then the router selects a path to transmit the data packet. The routing information of the IPv6 network in the virtual machine can be obtained through the routing discovery, namely the client sends a routing request message to the multicast address ff00 in the link, the router in the link returns a routing notification message, the client sets the routing information of the IPv6 network stack through the received routing notification message, and the router in the link can also send the routing notification message to the specific client under the condition that the routing request message is not received.
It should be noted that routing and routing advertisement are two distinct functions and that routing advertisement is not necessarily a capability that a router has, e.g., some CNI plugins supporting IPv6 network functions only have IPv6 routing capabilities. Therefore, the IPv6 route management module 300 of the embodiment of the present invention will deploy a route advertisement server that listens on the bridge device br-eth0 in the container, and periodically send a route advertisement message to the virtual machine, so as to help the virtual machine to correctly set the IPv6 route information.
As a preferred embodiment, as shown in fig. 9, the above-mentioned IPv6 network implementation method, in step S140: the step of adding the reset original network card to the network bridge device further comprises the following steps:
s410: and acquiring the original IPv6 routing information and the original MAC address of the original network card. The IPv6 routing information may include an IPv6 default routing address, through which a link local address of a default route within the link can be obtained. Thereby adding to the bridge device and periodically sending route advertisements to the virtual machine by the route advertisement server.
S420: judging whether the IPv6 routing information comprises the IPv6 default routing address of the original network card.
S430: if the IPv6 routing information comprises the IPv6 default routing address of the original network card, acquiring a link local address of the default routing in the link according to the IPv6 default routing address of the original network card. If the default route address is a link local address, the step is not needed to be executed, and the link local address of the default route in the link is directly added to the bridge equipment; otherwise, it is necessary to learn the default routed MAC address within the link and generate the default routed link local address from the MAC address.
S440: the link local address of the default route within the link is added to the bridge device.
S450: and constructing a route notification message by using the IPv6 route information of the original network card, and setting the head source address of the route notification message as the link local address of the default route. The link local address of the link default route will be used to set the default route source address of the route advertisement message header, as will be appreciated by those skilled in the art, the type of source address of the route advertisement message header must be the link local address.
S460: a route advertisement server is started within the container, and route advertisements are periodically sent to the virtual machines using the route advertisement server.
In the technical scheme provided by the embodiment of the invention, the constructed route notification message is sent to the virtual machine by the server, and a person skilled in the art can understand that the route information in the virtual machine may be removed due to expiration of the life cycle and the like, so that the route notification server needs to periodically send the route notification message to the virtual machine to help the virtual machine update the IPv6 route information.
In addition, the original network card eth0 in the container may not have an IPv6 address and corresponding routing information, for example, an additional network card added to the container through a Multus network plug-in, and the subsequent steps need not to be executed at this time, so that the routing notification server can provide the routing information for the virtual machine in the network link. In addition, the network card eth0 in the container may not have an IPv6 default route, for example, an additional network card is added to the container through a Multus network plug-in, and at this time, the routing advertisement message can be directly constructed by using the routing information of the original network card in the container, and the source address of the header of the routing advertisement message is set to be null and the effective life cycle is set to be 0.
Specifically, as a preferred embodiment, as shown in fig. 9, the technical solution of the present invention further includes, after the step of determining whether the IPv6 routing information includes the IPv6 default routing address of the original network card:
s470: if the IPv6 routing information does not include the IPv6 default routing address of the original network card, constructing a routing notification message by using the IPv6 routing information of the original network card, setting the source address of the header of the routing notification message to be null, and setting the effective life cycle to be 0.
S480: and starting a route notification server in the container, monitoring the route notification server at the network bridge device, and periodically sending the route notification to the virtual machine by using the route notification server.
In the technical scheme provided by the embodiment of the invention, the constructed route notification message is sent to the virtual machine by the route notification server, and because the route information in the virtual machine is possibly removed due to expiration of the life cycle and the like, the route notification server needs to send the route notification message to the virtual machine regularly to help the virtual machine update the IPv6 route information.
In addition, as a preferred embodiment, as shown in fig. 10, the method for implementing an IPv6 network according to the embodiment of the present invention is shown in step S430: the step of obtaining the link local address of the default route in the link further comprises the following steps:
S510: the IPv6 address collision detection function of the bridge device is turned off. The default routing address added to the bridge device br-eth0 in the link cannot be validated due to the existence of the address collision detection function of IPv6, and therefore the address collision detection function of IPv6 needs to be turned off. In addition, the default route link local address is added to the bridge because the header source address type of the route advertisement message in the above step must be the link local address, and the source address must be located on the interface (bridge device br-eth 0) from which the path advertisement message is sent.
S520: and setting an IPv6 firewall in the container, wherein the IPv6 firewall is used for rejecting all default route link local address neighbor discovery requests sent to the network bridge equipment. Because the IPv6 neighbor discovery function is configured to learn the MAC address corresponding to a certain address, two-layer communication may be performed by using the learned MAC address, if the in-container bridge device br-eth0 replies to the link local address neighbor discovery request for learning the default route, the client will set the default route MAC to the MAC address of the in-container bridge device br-eth0 in error, and finally, the IPv6 network communication will be failed, so that an IPv6 firewall needs to be set in the container, and all the link local address neighbor discovery requests sent to the in-container bridge device in default route are rejected.
S530: static neighbor entries are added within the container to the link local address of the virtual machine. The method comprises the steps that a route notification server monitoring on bridge equipment br-eth0 must know the MAC address of a virtual machine before sending a route notification message to the virtual machine, and the MAC address of the virtual machine cannot be obtained through neighbor discovery because the firewall is set to prohibit neighbor discovery requests, and the method can be solved by adding a static neighbor entry, wherein the neighbor entry sets the mapping relation between the link local address of the virtual machine and the MAC address; the mapping relation can enable the route notification server to discover the MAC address of the virtual machine.
In addition, based on the same concept of the above method embodiment, the embodiment of the present invention further provides a virtual machine container mixing arrangement system for implementing the above method of the present invention, and since the principle and method for solving the problem in the system embodiment are similar, at least all the beneficial effects brought by the technical solution of the above embodiment are provided, and will not be described in detail herein.
Referring to fig. 11, fig. 11 is a schematic structural diagram of a virtual machine container mixing arrangement system provided by the present invention. As shown in fig. 11, the virtual machine container mixing orchestration system includes: a container and a virtual machine disposed within the container; the virtual machine container mix orchestration system further comprises:
A bridge creation module 110 for creating a bridge device in the container;
the device creation module 120 is configured to create, in the container, a tap device connected to the bridge device, where the tap device is configured to connect the bridge device with the virtual machine;
a first address obtaining module 130, configured to obtain an IPv6 address and an MAC address of an original network card;
the address giving module 140 is configured to give the IPv6 address and the MAC address of the original network card to the virtual machine;
the network card resetting module 150 is configured to reset the original network card, and add the reset original network card to the bridge device.
In summary, the virtual machine container mixed arranging system and the IPv6 implementing system provided in the embodiments of the present invention create a bridge device in a container through the bridge creation module 110, then the device creation module 120 uses a tap device to connect the bridge device with a virtual machine, so that the virtual machine can implement receiving and sending of the IPv6 network traffic of the virtual machine by reading and writing character ends of the tap device, a network path from the virtual machine to the container is formed, then the first address acquisition module 130 acquires the IPv6 address and the MAC address of an original network card in the container, the address assignment module 140 assigns the IPv6 address and the MAC address to the virtual machine, so that the virtual machine has the IPv6 address and the MAC address of the container, then the network card reset module 150 resets the original network card, adds the reset original network card to the bridge device, so that the bridge device acts as a two-layer switch, the bridge device is connected to the original network path from the bridge device to the outside of the container, the network path from the virtual machine to the outside of the container is implemented by using the bridge device as the two-layer switch, the virtual machine can directly communicate with the container by means of the IPv6 or the two-layer switch, and the virtual machine can not directly affect the communication with the container from the other virtual machine to the outside of the container, thus the user's 6 is not needed to be affected by the communication with the container, and the user's network traffic is not needed to be directly from the container's inside or the container's network device.
As a preferred embodiment, the network card resetting module 150 is specifically configured to close the original network card in the container and rename the original network card; removing the IPv6 address of the original network card and resetting the MAC address of the original network card; after resetting the MAC address of the original network card, starting the original network card; and adding the renamed original network card into the network bridge equipment.
As a preferred embodiment, the above IPv6 network implementation system further includes: the virtual network card creation module is used for creating a virtual network card in the container; the network card name setting module is used for setting the name of the virtual network card to be the name of the original network card before renaming; and the IPv6 address giving module is used for giving the original IPv6 address of the original network card to the virtual network card.
As a preferred embodiment, as shown in fig. 12, the above IPv6 network implementation system further includes:
an information obtaining module 210, configured to obtain original IPv6 routing information and an original MAC address of an original network card;
the information judging module 220 is configured to judge whether the original IPv6 routing information includes an IPv6 default routing address of the original network card;
the second address obtaining module 230 is configured to obtain, if the original IPv6 routing information includes an IPv6 default routing address of the original network card, a link local address of a default route in the link according to the IPv6 default routing address of the original network card;
An address adding module 240, configured to add a link local address of a default route in a link to the bridge device;
the message construction module 250 is configured to construct a route advertisement message by using original IPv6 routing information of an original network card, and set a header source address of the route advertisement message as a link local address of a default route;
the server startup module 260 is configured to start a route advertisement server in the container, and periodically send a route advertisement to the virtual machine using the route advertisement server.
As a preferred embodiment, the above IPv6 network implementation system further includes: the route information and address acquisition module is used for acquiring the original IPv6 route information and the original MAC address of the original network card;
the routing information and address judging module is used for judging whether the original IPv6 routing information comprises an IPv6 default routing address of the original network card;
the link local address acquisition module is used for acquiring the link local address of the default route in the link according to the IPv6 default route address of the original network card if the original IPv6 route information comprises the IPv6 default route address of the original network card;
the link local address adding module is used for adding the link local address of the default route in the link to the network bridge equipment;
The head source address setting module is used for constructing a route notification message by using the original IPv6 route information of the original network card, and setting the head source address of the route notification message as a link local address;
and the route notification periodic sending module is used for starting a route notification server in the container and periodically sending the route notification to the virtual machine by using the route notification server.
According to the embodiment of the invention, a network path from the inside of the virtual machine to the outside of the container under the virtual machine container mixed arrangement system is constructed in a bridge network (bridge mode), and an IPv6 address management and routing management module is utilized to provide an IPv6 address and routing information for a virtual machine network card, so that a complete IPv6 network communication function under the mixed arrangement system is realized. Compared with other orchestration systems (Kubevirt), the invention avoids multiple NAT and routing operations in the container under the original masquerade mode through the bridging network, saves CPU computing resources, reduces IPv6 network communication delay to a certain extent, and improves network performance; in addition, the invention transfers the IPv6 address of the container network card to the inside of the virtual machine, which is more friendly and easy to understand for users.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (10)

1. An IPv6 network implementation method of a virtual machine container mixing arrangement system is characterized by being used for the virtual machine container mixing arrangement system, wherein the virtual machine container mixing arrangement system comprises a container and a virtual machine arranged in the container; the IPv6 network implementation method comprises the following steps:
creating a bridge device in the container;
creating a tap device connected with the bridge device in the container, wherein the tap device is used for connecting the bridge device and the virtual machine;
the IPv6 address and the MAC address of the original network card in the container are acquired, and the IPv6 address and the MAC address of the original network card are endowed to the virtual machine;
Resetting the original network card, and adding the reset original network card to the network bridge equipment.
2. The IPv6 network implementation method according to claim 1, wherein the step of resetting the original network card and adding the reset original network card to the bridge device includes:
closing the original network card in the container and renaming the original network card;
removing the IPv6 address of the original network card and resetting the MAC address of the original network card;
after resetting the MAC address of the original network card, starting the original network card;
and adding the renamed original network card into the network bridge equipment.
3. The IPv6 network implementation method according to claim 2, wherein after the step of resetting the MAC address of the original network card, the method further comprises:
creating a virtual network card in the container;
setting the name of the virtual network card as the name of the original network card before renaming;
and giving the original IPv6 address of the original network card to the virtual network card.
4. The IPv6 network implementation method according to claim 1, wherein after the step of adding the reset original network card to the bridge device, the method further comprises:
Acquiring an original IPv6 address and an original MAC address of the original network card;
starting a DHCPv6 server in the container, and monitoring the DHCPv6 server at the network bridge equipment;
when the DHCPv6 server monitors an IPv6 address acquisition request from the client corresponding to the MAC address, the client is allocated with the original IPv6 address of the original network card.
5. The method according to claim 4, wherein before the step of allocating the original IPv6 address of the original network card to the client, the method further comprises:
the client sends a route request message to the multicast address in the link so as to enable the route notification server in the link to return the route notification message;
and the client sets the routing information of the IPv6 network stack according to the routing notification message.
6. The IPv6 network implementation method according to claim 1, wherein after the step of adding the reset original network card to the bridge device, the method further comprises:
acquiring original IPv6 routing information and an original MAC address of the original network card;
judging whether the original IPv6 routing information comprises an IPv6 default routing address of the original network card or not;
If the original IPv6 routing information comprises the IPv6 default routing address of the original network card, acquiring a link local address of a default routing in a link according to the IPv6 default routing address of the original network card;
adding a link local address of a default route in the link to the bridge device;
constructing a route notification message by using the original IPv6 route information of the original network card, and setting a head source address of the route notification message as the link local address;
and starting a route notification server in the container, and periodically sending route notifications to the virtual machine by using the route notification server.
7. The method for implementing an IPv6 network according to claim 6, wherein after the step of determining whether the IPv6 routing information includes an IPv6 default routing address of the original network card, the method further includes:
if the IPv6 routing information does not comprise the IPv6 default routing address of the original network card, constructing the routing notification message by using the IPv6 routing information of the original network card, setting the head source address of the routing notification message to be null, and setting the effective life cycle to be 0;
and starting a route notification server in the container, monitoring the route notification server at the network bridge equipment, and periodically sending route notifications to the virtual machine by using the route notification server.
8. The method according to claim 6, wherein after the step of obtaining the link local address of the default route in the link, the method further comprises:
closing an IPv6 address conflict detection function of the network bridge equipment;
setting an IPv6 firewall in the container, wherein the IPv6 firewall is used for rejecting all the neighbor discovery requests of the local address of the default routing link sent to the network bridge equipment;
static neighbor entries are added within the container to link local addresses of the virtual machines.
9. A virtual machine container mix orchestration system, comprising: a container and a virtual machine disposed within the container; the system further comprises:
a bridge creation module for creating a bridge device in the container;
the device creation module is used for creating tap devices connected with the network bridge devices in the container, and the tap devices are used for connecting the network bridge devices with the virtual machines;
the first address acquisition module is used for acquiring the IPv6 address and the MAC address of the original network card;
the address giving module is used for giving the IPv6 address and the MAC address of the original network card to the virtual machine;
And the network card resetting module is used for resetting the original network card and adding the reset original network card to the network bridge equipment.
10. The virtual machine container mix orchestration system according to claim 9, further comprising:
the information acquisition module is used for acquiring the original IPv6 routing information and the original MAC address of the original network card;
the information judging module is used for judging whether the original IPv6 routing information comprises an IPv6 default routing address of the original network card or not;
the second address acquisition module is used for acquiring a link local address of a default route in a link according to the IPv6 default route address of the original network card if the original IPv6 route information comprises the IPv6 default route address of the original network card;
an address adding module, configured to add a link local address of a default route in the link to the bridge device;
the message construction module is used for constructing a route notification message by using the original IPv6 route information of the original network card, and setting a head source address of the route notification message as the link local address;
and the server starting module is used for starting a route notification server in the container and periodically sending route notifications to the virtual machine by using the route notification server.
CN202310418192.7A 2023-04-19 2023-04-19 Virtual machine container mixed arrangement system and IPv6 network implementation method thereof Active CN116436727B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310418192.7A CN116436727B (en) 2023-04-19 2023-04-19 Virtual machine container mixed arrangement system and IPv6 network implementation method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310418192.7A CN116436727B (en) 2023-04-19 2023-04-19 Virtual machine container mixed arrangement system and IPv6 network implementation method thereof

Publications (2)

Publication Number Publication Date
CN116436727A CN116436727A (en) 2023-07-14
CN116436727B true CN116436727B (en) 2023-12-05

Family

ID=87094107

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310418192.7A Active CN116436727B (en) 2023-04-19 2023-04-19 Virtual machine container mixed arrangement system and IPv6 network implementation method thereof

Country Status (1)

Country Link
CN (1) CN116436727B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9276816B1 (en) * 2011-01-17 2016-03-01 Cisco Technology, Inc. Resource management tools to create network containers and virtual machine associations
CN105812222A (en) * 2016-03-10 2016-07-27 汉柏科技有限公司 Multi-tenant virtual network and realization method based on virtual machine and container
CN113114552A (en) * 2020-01-13 2021-07-13 上海云轴信息科技有限公司 Method and equipment for providing network for virtual machine and container in cloud platform
CN114301868A (en) * 2021-12-30 2022-04-08 上海观安信息技术股份有限公司 Method for quickly generating floating IP of virtual container and method and device for network direct connection
CN115617456A (en) * 2022-10-17 2023-01-17 北京知道未来信息技术有限公司 Method and device for hybrid operation of virtual machine and container, electronic equipment and readable storage medium
CN115695374A (en) * 2022-10-27 2023-02-03 中国联合网络通信集团有限公司 IPv6 subnet prefix advertisement implementation method, device, equipment and storage medium
CN115904626A (en) * 2022-12-02 2023-04-04 深圳市联合欣业科技有限公司 Method and system for deploying cloud resource pool architecture

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9276816B1 (en) * 2011-01-17 2016-03-01 Cisco Technology, Inc. Resource management tools to create network containers and virtual machine associations
CN105812222A (en) * 2016-03-10 2016-07-27 汉柏科技有限公司 Multi-tenant virtual network and realization method based on virtual machine and container
CN113114552A (en) * 2020-01-13 2021-07-13 上海云轴信息科技有限公司 Method and equipment for providing network for virtual machine and container in cloud platform
CN114301868A (en) * 2021-12-30 2022-04-08 上海观安信息技术股份有限公司 Method for quickly generating floating IP of virtual container and method and device for network direct connection
CN115617456A (en) * 2022-10-17 2023-01-17 北京知道未来信息技术有限公司 Method and device for hybrid operation of virtual machine and container, electronic equipment and readable storage medium
CN115695374A (en) * 2022-10-27 2023-02-03 中国联合网络通信集团有限公司 IPv6 subnet prefix advertisement implementation method, device, equipment and storage medium
CN115904626A (en) * 2022-12-02 2023-04-04 深圳市联合欣业科技有限公司 Method and system for deploying cloud resource pool architecture

Also Published As

Publication number Publication date
CN116436727A (en) 2023-07-14

Similar Documents

Publication Publication Date Title
CN106412142B (en) Resource equipment address obtaining method and device
US8812723B2 (en) Assignment of network addresses
US8792502B2 (en) Duplicate MAC address detection
CN111404753B (en) Flat network configuration method, computer equipment and storage medium
US20150295884A1 (en) Method and System for Managing IPv6 Address Conflict Automatically
WO2019165775A1 (en) Local area network equipment searching method and searching system
EP3787232A1 (en) Network configuration method, device, and system
US9450914B2 (en) Distributed proxy addressing operations
JP2010531602A (en) Method and apparatus for communication of diagnostic data in a real-time communication network
CN112910685A (en) Method and device for realizing unified management of container network
CN117083843A (en) Discovering hosts using multicast listener discovery
JP2010124129A (en) Virtual computer transmission method, system, management device, and program
CN113676564B (en) Data transmission method, device and storage medium
CN111629059B (en) Cluster communication method, system, equipment and computer readable storage medium
US10050932B2 (en) Method, user node and remote access server for releasing address
CN116436727B (en) Virtual machine container mixed arrangement system and IPv6 network implementation method thereof
CN116094923B (en) Gateway updating method and device after cloud instance migration and electronic equipment
CN110636149B (en) Remote access method, device, router and storage medium
CN110247778B (en) Operating system installation method and device, electronic equipment and storage medium
CN109842692B (en) VxLAN switch, system and method for obtaining host information in physical network
WO2022057487A1 (en) Path identifier allocation method, system, apparatus and device, and storage medium
CN102577249A (en) Connected instance group of dynamically addressed hosts
CN108141704B (en) Location identification of previous network message processors
CN110995502B (en) Network configuration management method, device, switching equipment and readable storage medium
CN114172853A (en) Flow forwarding and bare computer server configuration method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant