CN117880048A - Network communication method and device for container and computer equipment - Google Patents
Network communication method and device for container and computer equipment Download PDFInfo
- Publication number
- CN117880048A CN117880048A CN202311695652.7A CN202311695652A CN117880048A CN 117880048 A CN117880048 A CN 117880048A CN 202311695652 A CN202311695652 A CN 202311695652A CN 117880048 A CN117880048 A CN 117880048A
- Authority
- CN
- China
- Prior art keywords
- container
- network
- host
- data packet
- transmitting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims description 37
- 238000004590 computer program Methods 0.000 claims description 13
- 244000035744 Hura crepitans Species 0.000 claims description 6
- 238000009826 distribution Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 8
- 238000003860 storage Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012546 transfer Methods 0.000 description 3
- 230000006378 damage Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 241000322338 Loeseliastrum Species 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network communication method, a device and computer equipment of a container, and relates to the technical field of container management, wherein the method comprises the following steps: receiving a communication service request; the communication service request indicates that a data packet to be transmitted is transmitted from a first container positioned at a first host to a fourth container positioned at a second host, and the first host and the second host are positioned in different network segments; a physical network card for transmitting the data packet from the first container to the first host; invoking virtual private cloud service to transmit a data packet from a physical network card of a first host to a physical network card of a second host through simulated routing addressing; and transmitting the data packet from the physical network card of the host II to the container IV. The invention can realize the efficient cross-host access of containers with different address fields.
Description
Technical Field
The present invention relates to the field of container management technologies, and in particular, to a method, an apparatus, and a computer device for network communication of a container.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In recent years, with development of cloud computing and cloud services, container technology has been widely applied, and a container is a lightweight virtualization technology, so that developers can package application programs and dependent items thereof into a separate container for deployment and operation in different environments. A container network refers to a network solution for containerized applications. The goal of the container network is to provide network connectivity for the containers so that they can communicate with each other and with external services.
The existing container network schemes mainly comprise two kinds of container network schemes, namely a route-based container network scheme and a tunnel-based container network scheme, wherein the container and a host are required to be under the same two-layer network, and container groups on hosts of different network segments cannot be directly communicated, so that the total number of ips available for the containers is further limited, and in addition, as the number of the containers rises, the host routing table expands to reduce the performance; tunnel-based container network schemes can span physical subnets, and because of the packet unpacking involved in the addressing process, they have significant bandwidth consumption and poor performance.
In summary, how to realize the efficient access of containers with different address fields across hosts is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The embodiment of the invention provides a network communication method of a container, which is used for realizing the cross-host efficient access of containers with different address segments, and comprises the following steps:
receiving a communication service request; the communication service request indicates that a data packet to be transmitted is transmitted from a first container located in a first host to a fourth container located in a second host, and the first host and the second host are located in different network segments;
transmitting the data packet from the first container to a physical network card of the first host;
invoking a virtual private cloud service to transmit the data packet from the physical network card of the first host to the physical network card of the second host through simulated routing addressing;
and transmitting the data packet from the physical network card of the second host to the fourth container.
Optionally, the physical network card for transmitting the data packet from the first container to the first host includes:
transmitting the data packet from the first container to a network protocol stack of the first host through a virtual network device interface pair, and then transmitting the data packet to a physical network card of the first host according to a route;
transmitting the data packet from the physical network card of the second host to the fourth container, including:
and transmitting the data packet from the physical network card of the second host to the network protocol stack of the second host according to the routing policy management tool and the routing, and transmitting the data packet to the fourth container through a virtual network equipment interface and the routing.
Optionally, before the receiving the communication service request, the method further includes: and calling a plug-in of a container network interface to perform network creation for the container I and the container IV.
Optionally, the plug-in for calling a container network interface performs network creation for the first container and the fourth container, including:
calling a node management component to monitor a creation request of the container network;
if the creation request is monitored, a container engine is called to create a sandboxed container and a network naming space;
and calling a container network configuration plug-in to allocate ips for the first container and the fourth container, binding the returned ips with a container group, and configuring routing and routing policy management tools for the first container and the fourth container.
Optionally, the calling a container network configuration plugin allocates ip for the container one and the container four, including:
the node management component invokes a container network configuration plug-in to allocate ip for the first container and the fourth container;
after the container network configuration plug-in receives the call request, the ip is distributed through the call proxy plug-in;
after receiving the call request, the proxy plugin calls the service plugin to distribute ip through the http request;
and after receiving the call request, the service plug-in calls the cloud service distribution ip through the http request.
A network communication device of a container, comprising:
the request receiving module is used for receiving a communication service request; the communication service request indicates that a data packet to be transmitted is transmitted from a first container located in a first host to a fourth container located in a second host, and the first host and the second host are located in different network segments;
the first stand-alone transmission module is used for transmitting the data packet from the first container to the physical network card of the first host;
the cross-network transmission module is used for calling the virtual private cloud service to transmit the data packet from the physical network card of the first host to the physical network card of the second host through the simulated routing addressing;
and the second single-machine transmission module is used for transmitting the data packet from the physical network card of the second host to the fourth container.
Optionally, the first stand-alone transmission module is specifically configured to: transmitting the data packet from the first container to a network protocol stack of the first host through a virtual network device interface pair, and then transmitting the data packet to a physical network card of the first host according to a route;
the second stand-alone transmission module is specifically configured to: and transmitting the data packet from the physical network card of the second host to the network protocol stack of the second host according to the routing policy management tool and the routing, and transmitting the data packet to the fourth container through a virtual network equipment interface and the routing.
Optionally, the network communication device of the container further includes: and the network creation module is used for calling a plug-in of a container network interface to perform network creation for the first container and the fourth container.
Optionally, the network creation module includes:
the monitoring submodule is used for calling the node management assembly to monitor the creation request of the container network; if the creation request is monitored, triggering a creation sub-module;
the creation sub-module is used for calling a container engine to create a sandbox container and a network naming space;
and the allocation submodule is used for calling a container network configuration plug-in to allocate the ip for the first container and the fourth container, binding the returned ip with a container group, and configuring a routing and routing policy management tool for the first container and the fourth container.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a network communication method of the container when the computer program is executed.
In the embodiment of the invention, for a communication service request from a first container to a fourth container of a cross-host, after a data packet to be transmitted is transmitted from the first container to a physical network card of the first host, a virtual private cloud service is called, the data packet is transmitted from the physical network card of the first host to a physical network card of the second host of the fourth container through an analog route addressing, addressing logic is uniformly placed in the virtual private cloud service to be processed through the analog route addressing mode, unpacking and unpacking actions of the data packet are not involved when the cross-host addressing is carried out by an open source scheme, performance loss in the cross-host addressing aspect is reduced while cross-network section communication is considered, transmission efficiency is improved, and finally, the data packet is transmitted from the physical network card of the second host to the fourth container in a single machine aspect, so that the efficient communication service between the containers of the cross-host is realized.
In addition, in another embodiment of the present invention, after the data packet is transmitted to the network protocol stack of the host through the virtual network device interface pair in the single-machine layer of the host, the data packet is transmitted to the physical network card of the host according to the route, and only the virtual network device interface pair, the route and the route policy management tool are used to realize the communication between the container and the host, so that the complexity of the overall architecture is sufficiently low, the performance and the transmission loss caused by the circulation and the addressing of the data packet in the host are reduced, and the overall transmission performance is further improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Attached at
In the figure:
FIG. 1 is a flow chart of a method of network communication for providing a container in an embodiment of the present invention;
FIG. 2 is a schematic diagram of an addressing process according to an embodiment of the present invention;
FIG. 3 is a flow chart of a network configuration process of a container according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a hierarchical structure of a plug-in module according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a network communication device of a container according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a computer device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present invention and their descriptions herein are for the purpose of explaining the present invention, but are not to be construed as limiting the invention.
The data acquisition, storage, use, processing and the like in the technical scheme meet the relevant regulations of national laws and regulations.
The term "and/or" is used herein to describe only one relationship, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
In the description of the present specification, the terms "comprising," "including," "having," "containing," and the like are open-ended terms, meaning including, but not limited to. Reference to the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. The sequence of steps involved in the embodiments is used to schematically illustrate the practice of the present application, and is not limited thereto and may be appropriately adjusted as desired.
First, the related terms of art referred to in the present invention are explained as follows:
a host (host), a computer entity in a computer network that provides computing and communication capabilities;
a container (container) that binds an application with all its necessary files to a technology in a runtime environment;
routing, which refers to the process of determining the transfer of a data packet from a source address to a destination address
Network protocol stack: is a hierarchy of rules and protocols for implementing communications in a computer network. These protocols and rules define the manner in which communications between a computer and a network device, and how data is transmitted over the network;
a virtual network device interface pair (vethpair) that can be used to create virtual network connections between different namespaces of the same host, typically used in container technologies such as Docker, to create virtual network connections between containers or between a container and a host;
virtual private cloud (vpc), a network virtualization technology in cloud computing that allows creation of an isolated, virtual network environment in the cloud, similar to a Local Area Network (LAN) created in a traditional network;
the container network interface (Container Network Interface, cni) is a specification and interface for a container network. It defines a standard set of interfaces and plug-ins for establishing network connections between the container and the host. Through cni, the container may run using a variety of different network solutions, such as a VXLAN, IPSec, calico, flannel based container network;
a container network configuration plug-in (cni-plug ins) for configuring a container network interface plug-in of network resources for the container;
a proxy plug-in (cni-agent) responsible for node plug in initialization (network configuration file, plug in binary file download) in the container network interface;
a service plug-in (cni-server), a service plug-in the container network interface;
a configuration storage plug-in (cni-config), which is responsible for storing configuration information of interaction of the proxy plug-in with apiserver, plugin and the service plug-in and the plug-in of the running configuration thereof in the container network interface;
a key plug-in (cni-secret) in the container network interface that is responsible for storing key information for interaction with the service plug-in;
kubernetes, k8s for short, an open-source application for managing containerization on multiple hosts in a cloud platform;
a node management component (kubrelet), a component in the Kubernetes cluster responsible for managing containers and container groups on nodes;
a container engine (dock), which is an open source tool for creating, managing and running containerized applications, encapsulates the applications and their dependent items in containers for deployment in a variety of environments;
sandboxed containers (sadbox containers), in Kubernetes, each container group has a special container called a sadbox, which is the parent of all other containers in the container group. The sadbox takes the role of network and storage isolation in the container group, and is responsible for creating a network namespace and mounting storage volumes for all other containers, creating a network namespace by the sadbox through the cni plugin in Kubernetes, and then adding the other containers to this namespace;
a network namespace (network namespace), a mechanism provided by the Linux kernel to isolate networks. It can create multiple independent network stacks, each having independent network devices, IP addresses, routing tables, network flow control, firewalls and other network configurations, thereby implementing network isolation on the same host;
a container manager (container), an open source container runtime for managing container lifecycles, providing a standardized container runtime interface, and a set of core functions for creating, running, and managing containers;
cloud service (closed service)
Hypertext transfer protocol (http)
A group of containers (pod), the smallest deployable unit created and managed in Kubernetes;
a routing policy management tool (iprule), a command line tool for managing routing policies in Linux operating systems, for configuring and looking up routing policy rules to control routing decisions for packets, in Linux, which are typically based on destination IP addresses, the system looks up the routing table to determine to which interface or next hop the packet should be sent.
As shown in fig. 1, an embodiment of the present invention provides a network communication method of a container, including:
s101: receiving a communication service request;
the communication service request indicates that the data packet to be transmitted is transmitted from the first container located at the first host to the fourth container located at the second host, in this embodiment, the addressing procedure from the first container located at the first host to the fourth container located at the second host in fig. 2 is described, where host01 refers to the first host, host02 refers to the second host, container01 refers to the first container, container04 refers to the fourth container, eth refers to the physical network card, and veth refers to the network protocol stack.
Wherein, host one and host two are located different network segments. It should be noted that, the host one and the host two may be hosts with any different network segments, and the types of the container one and the container four are not limited, and the numbers are used for distinguishing without practical meaning.
S102: a physical network card for transmitting the data packet from the first container to the first host;
the specific implementation step of the data packet transmission in the single-machine layer in the first host is not limited in this embodiment, and a suitable single-machine internal transmission mode, such as a routing implementation, can be selected according to the needs of the actual application scenario.
S103: invoking virtual private cloud service to transmit a data packet from a physical network card of a first host to a physical network card of a second host through simulated routing addressing;
the transmission from the first physical network card to the second physical network card is cross-host cross-network section transmission, in this embodiment, the virtual private cloud service is invoked to implement the cross-host cross-network section transmission, and the virtual private cloud service internal addressing is used to learn that according to the five-tuple information (communication protocol, source port, source ip, destination port, destination ip) of the data packet, it is judged that the data packet needs to be forwarded to the second host, and the data packet is forwarded to the ip of the second host through the virtual private cloud service.
In the method, the addressing logic is uniformly placed in the virtual private cloud service, unpacking and unpacking actions of the data packet are not involved in the cross-host addressing of the traditional open source scheme, namely unpacking and analyzing of the data packet are not needed, the performance loss in the cross-host addressing aspect is reduced, and efficient cross-network segment communication is realized.
S104: and transmitting the data packet from the physical network card of the host II to the container IV.
The step of transmitting the data packet from the physical network card of the host two to the single internal transmission of the container four is described with reference to step S102, and is not limited in this embodiment. It should be noted that the transmission modes of the data packets in different hosts may be the same, or may be adjusted correspondingly according to different hosts, and may be set according to actual usage scenarios.
Based on the above description, in the network communication method of the container provided in this embodiment, for the communication service request from the first container to the fourth container across the host, after the data packet to be transmitted is transmitted from the first container to the physical network card of the first host, the virtual private cloud service is invoked to transmit the data packet from the physical network card of the first host to the physical network card of the second host to which the fourth container belongs through the analog routing addressing, the addressing logic is uniformly placed in the virtual private cloud service to be processed through the analog routing addressing mode, and the unpacking and unpacking actions of the data packet are involved when the source scheme is used for addressing across the host are not involved.
In the above embodiment, the transmission method of the data packet in the single unit, that is, the specific transmission steps of steps S102 and S104 are not limited, and in order to improve the transmission efficiency, an efficient single unit transmission method is provided in this embodiment.
Step S102 of transmitting the data packet from the first container to the first physical network card of the first host may be implemented according to the following steps: and after the data packet is transmitted to the network protocol stack of the host one from the container one through the virtual network equipment interface pair, the data packet is transmitted to the physical network card of the host one according to the route.
Taking the connection relationship between the host and the container as shown in fig. 2 as an example, the transmission of the data packet from the container one to the network protocol stack of the host one is implemented through a virtual network device interface pair, one end of which is connected to the container one of the host one (i.e. eth0 of the container one), and the other end of which is connected to the network protocol stack (vethA) of the host one; whereas the transfer from the host-network protocol stack (vethA) to the host-physical network card (eth 0) is accomplished by routing, the request to 10.10.62.0/24 is known from the route (10.10.62.0/24dev eth0 proto kernel scope link src 10.10.75.231) to be forwarded to the physical network card (eth 0).
Correspondingly, the same stand-alone internal transmission mode can be set in the second host, and the step S104 of transmitting the data packet from the physical network card of the second host to the fourth container can be implemented according to the following steps: and transmitting the data packet from the physical network card of the second host to the network protocol stack of the second host according to the routing policy management tool and the routing, and transmitting the data packet to the fourth container through the virtual network equipment interface and the routing.
The transmission from the second physical network card of the host to the second network protocol stack of the host is realized by configuring a routing policy management tool and a route, and according to the routing policy management tool (from all to 10.10.62.206lookup main), all requests for accessing 10.10.62.206 are required to be sent to a main routing table preferentially and enter the second network protocol stack of the host; the transmission from the second network protocol stack of the host to the fourth container is realized through the route and the virtual network device interface pair, and the route (10.10.62.206/32dev eth0 proto kernel scope link src 192.168.1.2) can know that the data packet needs to be sent to 192.168.1.2, and the other end of the virtual network device interface pair where 192.168.1.2 is positioned is the fourth container, so the data packet is sent to the fourth container for processing.
According to the data packet transmission method at the single machine level in the host, after the data packet is transmitted to the network protocol stack of the host from the container through the virtual network device interface pair, the data packet is transmitted to the physical network card of the host according to the route, and communication between the container and the host is realized only by using the virtual network device interface pair, the route and the route policy management tool, so that the complexity of the whole architecture is low enough, the performance and the transmission loss caused by the circulation and the addressing of the data packet in the host are reduced, and the whole transmission performance is further improved.
Further, in order to ensure that the container can normally communicate with the host protocol stack and the virtual private cloud service, before the communication transmission of the data packet, network creation needs to be performed for each container of the data packet to be transmitted, in order to ensure the stability of network creation, in this embodiment, a method is provided for invoking a plug-in of a container network interface to perform network creation for the container one and the container four, where the container network interface is a specification and standard for the container network, and defines how the container runtime interacts with the underlying network and how to configure the container network, and invoking a plug-in of the container network interface performs network creation to configure the container network (to allocate the container IP address, set the route, create the virtual network interface, etc. and also support that the container is connected to multiple networks, for example, the container may be connected to the public internet, the internal service network, and the external database network to meet different communication requirements, and also ensure that the container can communicate across different hosts.
Optionally, a specific implementation step of calling a plug-in of the container network interface to create a network for the first container and the fourth container is as follows:
(1) Calling a node management component to monitor a creation request of the container network;
(2) If the creation request is monitored, a container engine is called to create a sandboxed container and a network naming space;
(3) And calling a container network configuration plug-in to allocate ips for the first container and the fourth container, binding the returned ips with the container group, and configuring a routing and routing policy management tool for the first container and the fourth container.
The step (3) calls a container network configuration plug-in to allocate ip for the first container and the fourth container, and the specific implementation steps are as follows:
(3.1) the node management component invokes the container network configuration plug-in to allocate ip for container one and container four;
(3.2) after the container network configuration plug-in receives the call request, the ip is distributed through the call proxy plug-in;
(3.3) after receiving the call request, the proxy plugin calls the service plugin to distribute ip through the http request;
and (3.4) after receiving the call request, the service plug-in calls the cloud service distribution ip through the http request.
To enhance understanding of the container network configuration method provided in this embodiment, a configuration step in a specific implementation is introduced herein, fig. 3 is a schematic flow chart of a network configuration process of a container, numbers beside each arrow in the figure correspond to the following step numbers, and fig. 4 is a hierarchical structure schematic diagram of a called container network configuration plug-in, proxy plug-in and service plug-in a k8s virtual network, which aims to show a relationship between a k8s component and a container network interface, where in a k8s cluster side, a k8s master is responsible for management (creation, scheduling and deletion) of a life cycle of a container group; kubelet: k8s of agent, which is responsible for creating and destroying the container group; container engine: container management, which is responsible for the creation and destruction of containers and Network Namespace in a container group; cni-plugins: cni plug-in, responsible for creation and destruction (IP application, routing, iprule setup) of container group container network; cni-agent: responsible for node plugin initialization (network configuration file, plugins binary file download); cni-config: storing the interactive configuration information of the proxy plugin, apiserver, plugin and the service plugin and the self operation configuration; cni-secret: storing key information interacted with the service plugin; cni-server: the ip application request of the responsible accepting agent plug-in is forwarded to the private cloud vpc for carrying out real ip application; private cloud vpc: responsible for the container ip allocation and addressing k8s.
Fig. 3, fig. 4 and the following steps can be seen with each other, and the working process of the network configuration plug-in, proxy plug-in and service plug-in for the container will be specifically explained in the network configuration process of one container.
1. The node management component monitors a container creation request, sends an http request to the container engine to create a sandbox container, and the container engine completes the creation of a container structure and sends the http request to the container engine to start the sandbox container;
2. the container engine creates a network namespace used by the container;
3. the container engine creates and calls a container manager to start a sandbox container in a grpc socket mode;
4. the container manager creates and starts the container through conniocershim;
5. the node management component invokes the container network configuration plug-in a cmd mode to allocate ip to the container;
6. the container network configuration plug-in distributes ip by calling the proxy plug-in;
7. the proxy plugin calls the service plugin to distribute ip through an http request;
8. the service plugin calls cloud service distribution ip through an http request;
9. the container network configuration plug-in binds the returned ip with the container group, and configures a routing and routing policy management tool for the container, so that the container can be ensured to normally communicate with a host protocol stack and a virtual private cloud service.
The embodiment of the invention also provides a network communication device of the container, and the network communication device is as follows. Since the principle of the device for solving the problem is similar to that of the network communication method of the container, the implementation of the device can refer to the implementation of the network communication method of the container, and the repetition is omitted.
As shown in fig. 5, a schematic diagram of a network communication device of a container according to an embodiment of the present invention includes:
the request receiving module 110 is mainly configured to receive a communication service request; the communication service request indicates that a data packet to be transmitted is transmitted from a first container positioned at a first host to a fourth container positioned at a second host, and the first host and the second host are positioned in different network segments;
the first stand-alone transmission module 120 is mainly used for transmitting the data packet from the first container to the first physical network card of the host;
the cross-network transmission module 130 is mainly used for calling the virtual private cloud service to transmit the data packet from the physical network card of the first host to the physical network card of the second host through the simulated routing addressing;
the second stand-alone transmission module 140 is mainly used for transmitting the data packet from the physical network card of the second host to the fourth container.
In one implementation, the first stand-alone transmission module 120 is specifically configured to: transmitting the data packet from the first container to the first host through the virtual network equipment interface pair, and then transmitting the data packet to the first host physical network card according to the route;
the second stand-alone transmission module 130 is specifically configured to: and transmitting the data packet from the physical network card of the second host to the network protocol stack of the second host according to the routing policy management tool and the routing, and transmitting the data packet to the fourth container through the virtual network equipment interface and the routing.
In one implementation, the network communication device of the container further includes: and the network creation module is used for calling the plug-in of the container network interface to perform network creation for the first container and the fourth container.
In one implementation, the network creation module includes:
the monitoring submodule is used for calling the node management assembly to monitor the creation request of the container network; if the creation request is monitored, triggering a creation sub-module;
the creation sub-module is used for calling the container engine to create a sandbox container and a network naming space;
and the allocation submodule is used for calling the container network configuration plug-in to allocate the ips for the first container and the fourth container, binding the returned ips with the container group, and configuring a routing and routing policy management tool for the first container and the fourth container.
Based on the foregoing inventive concept, as shown in fig. 6, the present invention further proposes a computer device 1100, including a memory 1110, a processor 1120, and a computer program 1130 stored on the memory 1110 and executable on the processor 1120, the processor 1120 implementing a network communication method of the foregoing container when executing the computer program 1130.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A method of network communication for a container, comprising:
receiving a communication service request; the communication service request indicates that a data packet to be transmitted is transmitted from a first container located in a first host to a fourth container located in a second host, and the first host and the second host are located in different network segments;
transmitting the data packet from the first container to a physical network card of the first host;
invoking a virtual private cloud service to transmit the data packet from the physical network card of the first host to the physical network card of the second host through simulated routing addressing;
and transmitting the data packet from the physical network card of the second host to the fourth container.
2. The method of network communication of a container of claim 1, wherein transmitting the data packet from the container one to the host one physical network card comprises:
transmitting the data packet from the first container to a network protocol stack of the first host through a virtual network device interface pair, and then transmitting the data packet to a physical network card of the first host according to a route;
transmitting the data packet from the physical network card of the second host to the fourth container, including:
and transmitting the data packet from the physical network card of the second host to the network protocol stack of the second host according to the routing policy management tool and the routing, and transmitting the data packet to the fourth container through a virtual network equipment interface and the routing.
3. The method of network communication of a container of claim 1, further comprising, prior to said receiving a communication service request: and calling a plug-in of a container network interface to perform network creation for the container I and the container IV.
4. A method of network communication of containers as claimed in claim 3, wherein said calling a plug-in of a container network interface performs network creation for said first container and said fourth container, comprising:
calling a node management component to monitor a creation request of the container network;
if the creation request is monitored, a container engine is called to create a sandboxed container and a network naming space;
and calling a container network configuration plug-in to allocate ips for the first container and the fourth container, binding the returned ips with a container group, and configuring routing and routing policy management tools for the first container and the fourth container.
5. The method of network communication for a container according to claim 4, wherein said invoking a container network configuration plug-in assigns ip to said container one and said container four, comprising:
the node management component invokes a container network configuration plug-in to allocate ip for the first container and the fourth container;
after the container network configuration plug-in receives the call request, the ip is distributed through the call proxy plug-in;
after receiving the call request, the proxy plugin calls the service plugin to distribute ip through the http request;
and after receiving the call request, the service plug-in calls the cloud service distribution ip through the http request.
6. A network communication device for a container, comprising:
the request receiving module is used for receiving a communication service request; the communication service request indicates that a data packet to be transmitted is transmitted from a first container located in a first host to a fourth container located in a second host, and the first host and the second host are located in different network segments;
the first stand-alone transmission module is used for transmitting the data packet from the first container to the physical network card of the first host;
the cross-network transmission module is used for calling the virtual private cloud service to transmit the data packet from the physical network card of the first host to the physical network card of the second host through the simulated routing addressing;
and the second single-machine transmission module is used for transmitting the data packet from the physical network card of the second host to the fourth container.
7. The network communication device of claim 6, wherein the first stand-alone transmission module is specifically configured to: transmitting the data packet from the first container to a network protocol stack of the first host through a virtual network device interface pair, and then transmitting the data packet to a physical network card of the first host according to a route;
the second stand-alone transmission module is specifically configured to: and transmitting the data packet from the physical network card of the second host to the network protocol stack of the second host according to the routing policy management tool and the routing, and transmitting the data packet to the fourth container through a virtual network equipment interface and the routing.
8. The network communication device of the container of claim 6, further comprising: and the network creation module is used for calling a plug-in of a container network interface to perform network creation for the first container and the fourth container.
9. The network communication device of the container of claim 8, wherein the network creation module comprises:
the monitoring submodule is used for calling the node management assembly to monitor the creation request of the container network; if the creation request is monitored, triggering a creation sub-module;
the creation sub-module is used for calling a container engine to create a sandbox container and a network naming space;
and the allocation submodule is used for calling a container network configuration plug-in to allocate the ip for the first container and the fourth container, binding the returned ip with a container group, and configuring a routing and routing policy management tool for the first container and the fourth container.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 5 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311695652.7A CN117880048A (en) | 2023-12-11 | 2023-12-11 | Network communication method and device for container and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311695652.7A CN117880048A (en) | 2023-12-11 | 2023-12-11 | Network communication method and device for container and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117880048A true CN117880048A (en) | 2024-04-12 |
Family
ID=90585586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311695652.7A Pending CN117880048A (en) | 2023-12-11 | 2023-12-11 | Network communication method and device for container and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117880048A (en) |
-
2023
- 2023-12-11 CN CN202311695652.7A patent/CN117880048A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10944691B1 (en) | Container-based network policy configuration in software-defined networking (SDN) environments | |
| US11792126B2 (en) | Configuring service load balancers with specified backend virtual networks | |
| US11102079B2 (en) | Cross-regional virtual network peering | |
| US11190424B2 (en) | Container-based connectivity check in software-defined networking (SDN) environments | |
| US9391801B2 (en) | Virtual private networks distributed across multiple cloud-computing facilities | |
| CN109561171B (en) | Configuration method and device of virtual private cloud service | |
| CA2914802C (en) | Distributed lock management in a cloud computing environment | |
| CN109194502B (en) | Management method of multi-tenant container cloud computing system | |
| US11269673B2 (en) | Client-defined rules in provider network environments | |
| WO2019195003A1 (en) | Virtual rdma switching for containerized applications | |
| CN115001962A (en) | Container network interface with multiple types of interfaces | |
| US10191762B2 (en) | Transparent deployment of intermediary manager into guest operating system network traffic | |
| US10237235B1 (en) | System for network address translation | |
| US10652213B2 (en) | Agent-less micro-segmentation of a network | |
| EP4141666A1 (en) | Dual user space-kernel space datapaths for packet processing operations | |
| CN115086166A (en) | Computing system, container network configuration method, and storage medium | |
| CN114448978A (en) | Network access method, device, electronic equipment and storage medium | |
| US20230138867A1 (en) | Methods for application deployment across multiple computing domains and devices thereof | |
| CN117880048A (en) | Network communication method and device for container and computer equipment | |
| US10558482B1 (en) | Client network instances for resources in provider network environments | |
| Ewais et al. | A framework integrating FPGAs in VNF networks | |
| Di Giovanna | Designing an ebpf-based disaggregated network provider for kubernetes | |
| US20240179085A1 (en) | Methods, systems and computer readable media for emulating physical layer impairments in a cloud computing environment | |
| US10848418B1 (en) | Packet processing service extensions at remote premises | |
| CN117880190A (en) | Network intercommunication method and system for heterogeneous SDN resource pools |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |