阅读说明：本技术 容器报文发送和接收的方法及存储介质、容器通信系统 (Method for transmitting and receiving container message, storage medium and container communication system ) 是由 张丽晖 于 2020-06-05 设计创作，主要内容包括：本发明实施例提供了一种容器报文发送、接收的方法、系统及计算机存储介质,该方法,包括：容器报文从eth0接口发出,eth0接口的地址为网络设备操作系统NOS接口地址；代理服务模块在宿主机操作系统上创建套接字Socket,Socket用于捕获容器发出的容器报文；代理服务模块将容器报文转发给所述NOS,NOS将容器报文发出。通过本发明,实现了容器在现有设备的基础上与外部设备进行通信,并且不占用额外资源的技术效果。(The embodiment of the invention provides a method, a system and a computer storage medium for sending and receiving container messages, wherein the method comprises the following steps: the container message is sent from an eth0 interface, and the address of the eth0 interface is the address of an NOS interface of the network equipment operating system; the proxy service module creates a Socket on the host operating system, wherein the Socket is used for capturing a container message sent by a container; the agent service module forwards the container message to the NOS, and the NOS sends the container message. The invention realizes the technical effects that the container communicates with the external equipment on the basis of the existing equipment and does not occupy additional resources.)

1. A method for sending a container message comprises the following steps:

the container message is sent from an eth0 interface, and the address of the eth0 interface is the interface address of an operating system NOS of the network equipment;

the proxy service module creates a Socket on a host operating system, wherein the Socket is used for capturing the container message sent by the container;

and the agent service module forwards the captured container message to the NOS, and the NOS sends the container message.

2. The method according to claim 1, before the container packet is sent out from the eth0 interface, further comprising:

the container is hung to the host operating system through a virtual Ethernet to a veth pair, and the eth0 interface is one interface in the veth pair.

3. The method of claim 1, comprising:

and the proxy service module registers a Transmission Control Protocol (TCP) port interval and/or a User Datagram Protocol (UDP) port interval of the container.

4. The method according to claim 1, before the container message is sent out from the eth0 interface, comprising:

the container sends an ARP (address resolution protocol) response-substituting request to a destination address;

and the Socket captures the ARP answering request and uses the NOS interface address to complete ARP answering.

5. The method of claim 1, wherein the NOS messaging the container, comprising:

when the destination address of the container message is the IP address of the NOS, the container message is processed locally by the NOS;

or, when the address of the container message is not the IP address of the NOS, the container message is sent to the external device by the NOS finding route.

6. A receiving method of a container message comprises the following steps:

the NOS receives a container message and forwards the container message to an agent service module, wherein the address of the container message is an interface address of the NOS;

and the proxy service module creates a Socket on the host operating system, and the Socket forwards the container message to a container.

7. The method of claim 6, comprising:

and the proxy service module registers a Transmission Control Protocol (TCP) port interval and/or a User Datagram Protocol (UDP) port interval of the container.

8. The method of claim 7, comprising:

and the NOS sends the container message to the proxy service module according to the TCP port interval and/or UDP port interval pair.

9. A container communication system comprising:

the container establishes an eth0 interface, the address of the eth0 interface is the address of an NOS interface of a network equipment operating system, and a container message is sent through the eth0 interface;

the agent service module creates a Socket on a host operating system, the Socket is used for capturing a container message sent by the container, and the agent service module forwards the container message to the NOS;

and the NOS is used for sending the container message.

10. A computer-readable storage medium storing computer-executable instructions for performing a method for implementing the container packet receiving or sending according to any one of claims 1 to 8.

Technical Field

The embodiment of the invention relates to a method for transmitting and receiving a container message, a storage medium and a container communication system.

Background

With the rapid development of internet and cloud computing, the construction scale of a data center is larger and larger, and the complexity of a system is higher and higher, which brings great challenges to the operation and maintenance of network equipment. It has become a trend of future technology development to let network devices provide more openness. There are two major aspects to achieving the openness of a network: on one hand, by using a management tool, the management level of network automation is improved, and a wide automation characteristic is supported; another aspect is the ability to support network device programmability.

With the increasing size of networks, especially in virtualized environments, manual configuration becomes an almost impossible task. There is a trend towards the automated deployment of services to network devices through the use of management tools. The network has the programmable capability, the network complexity can be reduced, the network requirements of virtualization and cloud computing are met, and a novel network system capable of providing an open programmable interface is required to be constructed in future network development.

Generally, there are several methods for providing basic openness capability of network devices, mainly from the technical point of view: first, the network device operating system is directly based on the native Linux kernel protocol stack, and in this way, the original network device system can be regarded as an open system, and there is no need to separately provide open capability support. The network equipment operating system provides an open architecture by loading a third-party container system through integrated deployment based on user state NOS (network operating system) provided by equipment. But is limited by the operating system capability of the network device, and is not suitable for the network device adopting the user mode protocol stack operating system, and in addition, the method has great challenge on the security of the device.

Second, the container communicates with the outside by means of the network device NOS, but the container needs to be individually assigned an external communication IP address. The container communicates with the outside by means of the network device NOS, and requires resource monopolizing the IP address of the network device or the interface of the network device, and notifying this address to the external system as the communication address of the container. The method is presented in a dual-system mode on the external presentation, different addresses need to be independently allocated to the original network equipment operating system and the container system, and the deployment cost is high.

Disclosure of Invention

In order to solve the technical problems, the invention provides a method and a system for sending and receiving a container message, which solve the problems that the container is not high in openness in the communication with an external network, is not compatible with the existing equipment, and needs to occupy interface address resources independently.

According to an embodiment of the present invention, a method for sending a container packet is provided, including: the container message is sent from an eth0 interface, and the address of the eth0 interface is the address of an NOS interface of a network equipment operating system; the proxy service module creates a Socket on a host operating system, wherein the Socket is used for capturing a container message sent by the container; and the agent service module forwards the container message to the NOS, and the NOS sends the container message.

According to another embodiment of the present invention, a method for receiving a container packet is provided, including: the NOS receives a container message, wherein the address of the container message is the interface address of the NOS, and the container message is forwarded to an agent service module; and the proxy service module creates a Socket on the host operating system, and the Socket forwards the container message to a container.

According to another embodiment of the present invention, there is provided a container communication system including: the container establishes an eth0 interface, the address of the eth0 interface is the address of an NOS interface of a network equipment operating system, and a container message is sent through the eth0 interface; the agent service module creates a Socket on a host operating system, the Socket is used for capturing a container message sent by the container, and the agent service module forwards the container message to the NOS; and the NOS is used for sending the container message.

According to another embodiment of the present invention, an apparatus for implementing container packet receiving or sending is provided, including: the device comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that the processor realizes the implementation method of receiving or sending the container message when executing the program.

According to another embodiment of the present invention, a computer-readable storage medium is provided, which stores computer-executable instructions for performing an implementation method of the container packet receiving or sending.

According to the method and the device, the agent module serves as a bridge, the container message is transmitted through the agent module and finally sent or received by the network equipment, and the container shares the interface address of the operating system NOS of the network equipment, so that the technical effect that the container can be communicated with the outside through the existing equipment is achieved, meanwhile, the container does not need to additionally occupy interface resources, the problems that the container communication is incompatible with the existing equipment and the extra interface resources need to be occupied in the prior art are solved, and the resource utilization efficiency is improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

FIG. 1 is a flowchart of a method for sending container packets according to an embodiment of the present invention

FIG. 2 is a flow chart of creating a container communication network according to an embodiment of the present invention

FIG. 3 is a data flow diagram of the container communicating with the outside according to the embodiment of the present invention

FIG. 4 is a data flow diagram of internal communication between a container and a network device NOS according to an embodiment of the present invention

FIG. 5 is a block diagram of a container communication system according to an embodiment of the present invention

Detailed Description

The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.

Example one

In this embodiment, a method for sending a container packet is provided, and fig. 1 is a flowchart of the method for sending a container packet according to the embodiment of the present invention, as shown in fig. 1, the flowchart includes the following steps:

step S101, a container message is sent from an eth0 interface, and the address of the eth0 interface is the address of an NOS interface of a network equipment operating system;

in step S101, the container is attached to the operating system of the host through a virtual ethernet pair veth pair (the virtual ethernet pair is a pair of ports, all the data packets entering from one end of the pair of ports will come out from the other end, and vice versa), and eth0 is the interface on the container side in the veth pair. The agent module registers a Transmission Control Protocol (TCP) port interval and/or a User Datagram Protocol (UDP) port interval of the container.

Step S102, the proxy service module creates a Socket on the host operating system, and the Socket is used for capturing a container message sent by the container;

before a container message is sent out from an eth0 interface, the container sends an address resolution protocol response request (ARP request) to a message destination address; the Socket captures the ARP response-substituting request and uses the interface address of the network equipment operating system to complete the ARP response-substituting.

Step S013, the agent service module forwards the container message to NOS, and NOS sends out the container message.

In step S103, when the destination address of the container packet is the IP address of NOS, the container packet is processed locally by NOS; when the address of the container message is not the IP address of the NOS, the container message is sent to the external equipment by the NOS searching route.

Example two

In this embodiment, a method for creating a container communication system is provided, and fig. 2 is a flowchart of creating a container communication network according to an embodiment of the present invention, as shown in fig. 2, the flowchart includes the following steps:

step S201, firstly, through a basic bridge network mode of a container, the container is connected to a host OS through a virtual Ethernet;

in step S201, one eth0 interface of the veth pair is an interface in the container, and the other interface of the veth pair is accessed in the bridge of the host. In general, this creation may be performed by the container network, and when the container network is specified to be in bridge mode, it is in connection mode of the veth pair.

Step S202, an lo interface is created for the container, and the interface address inherits the interface address of the NOS;

in step S202, the container lo interface inherits the interface address of NOS for the purpose of multiplexing the NOS interface address with external communication. After the network device and the external communication interface are configured with the IP address, the address is synchronously configured to the lo interface of the container through the proxy service module.

Step S203, a default route is created for the container, the route points to an eth0 interface in the path _ pair, and the communication source address adopts an lo interface address;

in step S203, the lo interface address is an interface address of the multiplexing network device. In specific implementation, after the network device and the external communication interface configure the IP address, the address is synchronously configured on the lo interface of the container through the proxy service module.

Step S204, creating a Socket based on the host system, and binding an interface for capturing a message sent by a container;

in step S204, the proxy module creates a Socket based on the host operating system, where the Socket is bound to a side of the veth pair host, and is connected to a port of the host, and is used to capture a packet sent from the container, and for a packet sent from the outside to the container, the packet is also distributed to the container through the Socket.

In order to realize the proxy between the container and the network device NOS, the Socket is created by the host operating system, and the Socket binds the path pair to the internet access of the host to capture the packet, so that the packet sent by the container can be captured.

Step S205, a communication pipeline between the agent module and the NOS is established;

in step S205, a communication channel between the agent module and the NOS is created based on the interface provided by the NOS, and for the packet captured and sent out from the container, the packet is sent to the NOS through the channel, and finally sent out by the NOS for external communication. Likewise, messages sent externally to the container are also received through this communication pipe.

Step S206, the registration of the TCP/UDP port interval of the container system is completed.

In step S206, the registration of the TCP/UDP port interval of the container is completed, so that the container and the network device share the IP address resource.

EXAMPLE III

In this embodiment, a method for creating a container communication system is provided, and fig. 3 is a data flow diagram of a container communicating with the outside according to an embodiment of the present invention, as shown in fig. 3, the data flow includes the following steps:

step 301, when the container system communicates with the outside, according to the route of the container system, a message is sent from an eth0 interface, an interface IP _ NOS address of NOS is used as a source address, and according to the link type of the route, an ARP request is firstly triggered to a destination address of the communication;

step 302, the proxy service module creates a Socket based on the host OS, binds to a docker0 interface, captures an ARP request sent from the container, uses an interface address of NOS to implement ARP response, and captures subsequent IP messages sent from the container system after finishing the ARP response learning process of the container system;

step 303, the agent service module forwards the captured container outgoing message to the NOS for processing through a communication channel between the agent service module and the NOS;

step 304, the NOS receives the message forwarded by the agent service module, normally processes the NOS, and sends the message from the NOS network interface to the external device by searching the route;

step 305, the NOS receives the message sent to the container by the external device through the interface of the network device;

step 306, the network equipment NOS system processes the received message, the destination address of the message is the interface address IP _ NOS of the equipment, the message is distributed for the TCP/UDP port interval registered by the container system according to the proxy service module, and the message sent to the container is distributed to the proxy service module;

step 307, the proxy service module distributes the message to a Bridge (Docker0) on a Bridge connected with the container and the host through a Socket of the host operating system;

the Docker0 here communicates with other physical or virtual network cards at the kernel level, putting all containers and local hosts in the same physical network.

Step 308, using the two-layer forwarding (MAC forwarding) of Bridge to distribute the message to the container system;

example four

In this embodiment, a method for creating a container communication system is provided, and fig. 4 is a data flow diagram of internal communication between a container and a network device NOS according to an embodiment of the present invention, as shown in fig. 4, a data flow includes the following steps:

step 401: when the container system is communicated with the NOS internally, the message is sent out from an eth0 interface according to the route of the container message, the IP _ NOS address of the NOS is used as a source address, and the destination address is an equipment interface address IP _ NOS 2;

step 402: the proxy service module completes the ARP learning process of the container system, and subsequent IP messages sent out from the container system are captured and sent out by the Socket;

step 403: the agent service module transmits the captured container outgoing message to the NOS for processing through a communication channel with the NOS;

step 404: and the NOS receives the message forwarded by the proxy service module, normally performs NOS processing, searches for route local termination, and forwards the NOS for service processing. Meanwhile, for the message which is sent by NOS and the destination address of which is IP _ NOS, routing local processing is carried out;

step 405: the NOS judges whether the message is to be sent to the container according to the port interval registered for the container system by the agent service module, and if so, the message is distributed to the agent service module;

step 406: the proxy service module distributes the message to a bridge (Docker0) connected with the container and the host machine through a Socket of the host machine operating system;

step 407: this message is distributed to the container system for reception using Bridge's layer two forwarding (MAC forwarding).

EXAMPLE five

In this embodiment, a method for creating a container communication system is provided, and fig. 5 is a block diagram of a structure of the container communication system according to an embodiment of the present invention, and as shown in fig. 5, the system includes the following modules:

network equipment host operating system module: providing an equipment host machine operating system, carrying and supporting the operating system of the network equipment, and taking the operating system as a host machine system for carrying a container;

network device operating system module: the main operating system of the service provided by the network equipment works in a user mode protocol stack and provides a software routing operating system for the network equipment through the network equipment operating system;

a container system module: the container system is integrated in the network equipment and provides open capability support for the network equipment;

the proxy service module: the method comprises the steps of realizing intercommunication among a host machine operating system, a network equipment operating system and a container, establishing a Socket on the host machine, capturing a message sent by the container by using the Socket, forwarding the message to the network equipment operating system, and sending the message by the network equipment operating system; or receiving the message sent to the container by the network equipment and transferring the message to the container.

According to another embodiment of the present invention, an apparatus for implementing container packet receiving or sending is provided, including: the device comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and is characterized in that the processor realizes the implementation method of receiving or sending the container message when executing the program.

According to another embodiment of the present invention, a computer-readable storage medium is provided, which stores computer-executable instructions for performing an implementation method of the container packet receiving or sending.

In this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.

It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.