技术领域technical field
本申请涉及通信技术领域,尤其涉及一种通信方法及装置。The present application relates to the technical field of communication, and in particular to a communication method and device.
背景技术Background technique
容器技术,尤其是开源容器工具docker,目前已在部分数据中心内广泛应用。容器技术通过对软件及其依赖环境进行标准化打包,实现了应用之间的相互隔离,并且容器可运行在多数主流操作系统中。Container technology, especially the open source container tool docker, has been widely used in some data centers. Container technology realizes mutual isolation between applications through standardized packaging of software and its dependent environments, and containers can run on most mainstream operating systems.
在建设容器云平台时,容器的网络和安全实现成为容器云平台建设最主要的挑战,当企业开始将重要的企业核心应用迁移至容器平台时,缺乏足够的网络和安全管控将会为业务上线带来潜在的巨大威胁。When building a container cloud platform, the network and security implementation of the container becomes the main challenge in the construction of the container cloud platform. When the enterprise starts to migrate important enterprise core applications to the container platform, the lack of sufficient network and security control will make the business go online Potentially huge threat.
Flannel是CoreOS提出的用于解决容器集群跨主机通信的网络解决方案。Flannel实质是一种覆盖网络Overlay network,也即是,将TCP数据包封装在另一种网络数据包内进行路由转发和通信。Flannel现已支持UDP、VXLAN、AWS VPC、GCE路由等数据转发方式,其中以VXLAN技术最为流行,大部分数据中心在引入容器时,也考虑将网络切换至Flannel的VXLAN网络实现。Flannel is a network solution proposed by CoreOS to solve cross-host communication of container clusters. Flannel is essentially an Overlay network, that is, a TCP data packet is encapsulated in another network data packet for routing, forwarding and communication. Flannel now supports data forwarding methods such as UDP, VXLAN, AWS VPC, and GCE routing. Among them, VXLAN technology is the most popular. When most data centers introduce containers, they also consider switching the network to Flannel's VXLAN network implementation.
Flannel为每个主机分配一个subnet,容器可从此subnet内分配IP地址,分配的IP地址可在主机间路由,容器间无需进行NAT、端口映射就可实现跨主机通信。Flannel支持的VXLAN技术可与SDN很好地结合起来,值得整个网络实现自动化部署,智能化运维和管理,适合于新建数据中心网络部署。Flannel assigns a subnet to each host, and the container can assign an IP address from this subnet, and the assigned IP address can be routed between hosts, and cross-host communication can be realized without NAT and port mapping between containers. The VXLAN technology supported by Flannel can be well combined with SDN, which is worthy of automatic deployment, intelligent operation and maintenance and management of the entire network, and is suitable for new data center network deployment.
但是,在采用Flannel实现容器集群跨主机通信时,也暴露出下述缺陷:1)数据转发过程中,需引入Overlay封装技术,如此产生大量的封装、解封装工作,导致CPU压力较大,转发效率低;2)在组网时,仍需考虑地址规划Overlay与Underlay的组网等复杂的网络问题,部署复杂困难;3)与云/SDN融合度低,目前没有整体的云融合安全隔离管控方案。However, when Flannel is used to realize cross-host communication of container clusters, the following defects are also exposed: 1) In the process of data forwarding, Overlay encapsulation technology needs to be introduced. Low efficiency; 2) Complex network issues such as address planning Overlay and Underlay networking still need to be considered during networking, making deployment complex and difficult; 3) Low integration with cloud/SDN, and currently there is no overall cloud integration security isolation control plan.
发明内容Contents of the invention
有鉴于此,本申请提供了一种通信方法及装置,用以解决现有采用Flannel实现容器集群跨主机通信过程中,产生大量的封装、解封装工作,导致CPU压力较大,转发效率低、组网部署复杂以及与云/SDN融合度低,目前没有整体的云融合安全隔离管控方案的问题。In view of this, the present application provides a communication method and device to solve the problem of a large number of encapsulation and decapsulation tasks in the process of using Flannel to realize cross-host communication of container clusters, resulting in high CPU pressure, low forwarding efficiency, The network deployment is complex and the degree of integration with the cloud/SDN is low. At present, there is no overall cloud integration security isolation control solution.
第一方面,本申请提供了一种通信方法,所述方法应用于第一主机,所述第一主机包括第一容器,所述第一容器具有第一流标签,所述方法包括:In a first aspect, the present application provides a communication method, the method is applied to a first host, the first host includes a first container, the first container has a first flow label, and the method includes:
获取第二容器的第二流标签;Obtain the second stream label of the second container;
根据所述第二流标签,从标签转发表中获取匹配的第一标签转发表项,所述第一标签转发表项包括所述第二容器所在的第二主机的IP地址以及所述第二主机的MAC地址;According to the second flow label, obtain the matching first label forwarding entry from the label forwarding table, and the first label forwarding entry includes the IP address of the second host where the second container is located and the second The MAC address of the host;
向第二主机发送第一报文,所述第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,所述目的地址字段内存储所述第二主机的IP地址,所述目的MAC地址字段内存储所述第二主机的MAC地址,所述流标签字段内存储所述第二流标签,以使得所述第二主机接收到所述第一报文后,根据所述第二流标签,向所述第二容器发送所述第一报文。Send a first message to the second host, the first message includes a destination address field, a destination MAC address field, and a flow label field, the destination address field stores the IP address of the second host, and the destination MAC The MAC address of the second host is stored in the address field, and the second flow label is stored in the flow label field, so that after the second host receives the first message, according to the second flow A label, sending the first packet to the second container.
第二方面,本申请提供了一种通信装置,所述装置应用于第一主机,所述第一主机包括第一容器,所述第一容器具有第一流标签,所述装置包括:In a second aspect, the present application provides a communication device, the device is applied to a first host, the first host includes a first container, the first container has a first flow label, and the device includes:
第一获取单元,用于获取第二容器的第二流标签;a first acquiring unit, configured to acquire a second stream label of the second container;
第二获取单元,用于根据所述第二流标签,从标签转发表中获取匹配的第一标签转发表项,所述第一标签转发表项包括所述第二容器所在的第二主机的IP地址以及所述第二主机的MAC地址;The second obtaining unit is configured to obtain a matching first label forwarding entry from a label forwarding table according to the second flow label, where the first label forwarding entry includes the second host where the second container is located an IP address and a MAC address of the second host;
发送单元,用于向第二主机发送第一报文,所述第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,所述目的地址字段内存储所述第二主机的IP地址,所述目的MAC地址字段内存储所述第二主机的MAC地址,所述流标签字段内存储所述第二流标签,以使得所述第二主机接收到所述第一报文后,根据所述第二流标签,向所述第二容器发送所述第一报文。A sending unit, configured to send a first message to a second host, the first message includes a destination address field, a destination MAC address field, and a flow label field, and the destination address field stores the IP address of the second host , the MAC address of the second host is stored in the destination MAC address field, and the second flow label is stored in the flow label field, so that after the second host receives the first message, according to The second flow label sends the first packet to the second container.
第三方面,本申请提供了一种网络设备,包括处理器和机器可读存储介质,机器可读存储介质存储有能够被处理器执行的机器可执行指令,处理器被机器可执行指令促使执行本申请第一方面所提供的方法。In a third aspect, the present application provides a network device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions that can be executed by the processor, and the processor is prompted to execute by the machine-executable instructions The method provided in the first aspect of the present application.
因此,应用本申请提供的通信方法及装置,第一主机获取第二容器的第二流标签;根据第二流标签,第一主机从标签转发表中获取匹配的第一标签转发表项,该第一标签转发表项包括第二容器所在的第二主机的IP地址以及第二主机的MAC地址;第一主机向第二主机发送第一报文,该第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,目的地址字段内存储第二主机的IP地址,流标签字段内存储第二流标签,以使得第二主机接收到第一报文后,根据第二流标签,向第二容器发送第一报文。Therefore, applying the communication method and device provided in this application, the first host obtains the second flow label of the second container; according to the second flow label, the first host obtains the matching first label forwarding entry from the label forwarding table, the The first label forwarding entry includes the IP address of the second host where the second container is located and the MAC address of the second host; the first host sends a first packet to the second host, and the first packet includes a destination address field, a destination The MAC address field and the flow label field, the IP address of the second host is stored in the destination address field, and the second flow label is stored in the flow label field, so that after the second host receives the first message, according to the second flow label, send The second container sends the first packet.
如此,本申请中各主机内的容器可借助容器的流标签实现不同主机内容器间的通信,解决了现有采用Flannel实现容器集群跨主机通信过程中,产生大量的封装、解封装工作,导致CPU压力较大,转发效率低、组网部署复杂以及与云/SDN融合度低,目前没有整体的云融合安全隔离管控方案的问题。提高了转发效率,优化主机性能,也降低了复杂度。In this way, the containers in each host in this application can use the flow labels of the containers to realize the communication between the containers in different hosts, which solves the problem of a large amount of encapsulation and decapsulation work in the process of using Flannel to realize cross-host communication of container clusters, which leads to The CPU pressure is high, the forwarding efficiency is low, the network deployment is complicated, and the degree of integration with the cloud/SDN is low. At present, there is no overall cloud integration security isolation control solution. It improves forwarding efficiency, optimizes host performance, and reduces complexity.
附图说明Description of drawings
图1为本申请实施例提供的通信方法的流程图;FIG. 1 is a flowchart of a communication method provided in an embodiment of the present application;
图2为本申请实施例提供的流标签字段格式图;FIG. 2 is a format diagram of the flow label field provided by the embodiment of the present application;
图3为本申请实施例提供的切换装置结构图;FIG. 3 is a structural diagram of a switching device provided in an embodiment of the present application;
图4为本申请实施例提供的网络设备硬件结构体。FIG. 4 is a hardware structure of a network device provided by an embodiment of the present application.
具体实施方式Detailed ways
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施例并不代表与本申请相一致的所有实施例。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.
在本申请使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相对应的列出项目的任何或所有可能组合。The terminology used in this application is for the purpose of describing particular embodiments only, and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more corresponding listed items.
应当理解,尽管在本申请可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本申请范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of the present application, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to a determination."
下面对本申请实施例提供的通信方法进行详细地说明。参见图1,图1为本申请实施例提供的通信方法的流程图。该方法应用于第一主机,本申请实施例提供的通信方法可包括如下所示步骤。The communication method provided by the embodiment of the present application will be described in detail below. Referring to FIG. 1 , FIG. 1 is a flowchart of a communication method provided by an embodiment of the present application. The method is applied to the first host, and the communication method provided by the embodiment of the present application may include the following steps.
步骤110、获取第二容器的第二流标签;Step 110, acquiring the second flow label of the second container;
具体地,第一主机内包括多个容器,每个容器均具有一个流标签。比如,第一容器具有第一流标签。第二主机内也包括多个容器,每个容器也均具有一个流标签。比如,第二容器具有第二流标签。Specifically, the first host includes multiple containers, and each container has a flow label. For example, a first container has a first flow label. The second host also includes a plurality of containers, and each container also has a flow label. For example, the second container has a second flow label.
第一容器预与第二容器进行交互通信时,第一主机获取第二容器的第二流标签。第一主机可通过本地建立的标签数据库获取第二容器的第二流标签。When the first container pre-interacts with the second container, the first host obtains the second flow label of the second container. The first host may acquire the second stream label of the second container through a locally established label database.
步骤120、根据所述第二流标签,从标签转发表中获取匹配的第一标签转发表项,所述第一标签转发表项包括所述第二容器所在的第二主机的IP地址以及所述第二主机的MAC地址;Step 120: Obtain a matching first label forwarding entry from the label forwarding table according to the second flow label, and the first label forwarding entry includes the IP address of the second host where the second container is located and the IP address of the second container. The MAC address of the second host;
具体地,根据步骤110的描述,第一主机获取到第二容器的第二流标签后,根据第二流标签,第一主机查找本地建立的标签转发表。若标签转发表中存在与第二流标签匹配的第一标签转发表项,则第一主机从第一标签转发表项中获取第二容器所在的第二主机的IP地址以及第二主机的MAC地址。Specifically, according to the description of step 110, after the first host obtains the second flow label of the second container, according to the second flow label, the first host searches a locally established label forwarding table. If there is a first label forwarding entry matching the second flow label in the label forwarding table, the first host obtains the IP address of the second host where the second container is located and the MAC address of the second host from the first label forwarding table entry address.
步骤130、向第二主机发送第一报文,所述第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,所述目的地址字段内存储所述第二主机的IP地址,所述目的MAC地址内存储所述第二主机的MAC地址,所述流标签字段内存储所述第二流标签,以使得所述第二主机接收到所述第一报文后,根据所述第二流标签,向所述第二容器发送所述第一报文。Step 130: Send a first message to the second host, the first message includes a destination address field, a destination MAC address field, and a flow label field, and the destination address field stores the IP address of the second host, so The MAC address of the second host is stored in the destination MAC address, and the second flow label is stored in the flow label field, so that after the second host receives the first message, it A second-stream label, for sending the first packet to the second container.
具体地,根据步骤120的描述,第一主机获取到第二主机的IP地址、第二主机的MAC地址后,生成第一报文。该第一报文包括目的地址字段、目的MAC地址字段以及流标签(Flow-Label)字段。其中,目的地址字段内存储第二主机的IP地址,目的MAC地址字段内存储第二主机的MAC地址,流标签字段内存储第二流标签。Specifically, according to the description of step 120, after the first host obtains the IP address of the second host and the MAC address of the second host, it generates the first packet. The first packet includes a destination address field, a destination MAC address field, and a flow label (Flow-Label) field. Wherein, the IP address of the second host is stored in the destination address field, the MAC address of the second host is stored in the destination MAC address field, and the second flow label is stored in the flow label field.
需要说明的是,第一报文包括IPv6头部以及以太网头部。上述目的地址字段、流标签字段处于IPv6头部内,目的MAC地址字段处于以太网头部内。It should be noted that the first packet includes an IPv6 header and an Ethernet header. The above destination address field and flow label field are in the IPv6 header, and the destination MAC address field is in the Ethernet header.
第二主机接收到第一报文后,先识别目的MAC地址字段内的MAC地址是否为自身的MAC地址。若是,则识别目的地址字段内的IP地址是否为自身的IP地址。若是,则获取第二流标签。After receiving the first message, the second host first identifies whether the MAC address in the destination MAC address field is its own MAC address. If yes, identify whether the IP address in the destination address field is its own IP address. If yes, obtain the second stream label.
根据第二流标签,第二主机获取容器的容器编号;利用容器的容器编号,第二主机向第二容器发送第一报文。According to the second flow label, the second host obtains the container ID of the container; using the container ID of the container, the second host sends the first packet to the second container.
因此,应用本申请提供的通信方法及装置,第一主机获取第二容器的第二流标签;根据第二流标签,第一主机从标签转发表中获取匹配的第一标签转发表项,该第一标签转发表项包括第二容器所在的第二主机的IP地址以及第二主机的MAC地址;第一主机向第二主机发送第一报文,该第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,目的地址字段内存储第二主机的IP地址,流标签字段内存储第二流标签,以使得第二主机接收到第一报文后,根据第二流标签,向第二容器发送第一报文。Therefore, applying the communication method and device provided in this application, the first host obtains the second flow label of the second container; according to the second flow label, the first host obtains the matching first label forwarding entry from the label forwarding table, the The first label forwarding entry includes the IP address of the second host where the second container is located and the MAC address of the second host; the first host sends a first packet to the second host, and the first packet includes a destination address field, a destination The MAC address field and the flow label field, the IP address of the second host is stored in the destination address field, and the second flow label is stored in the flow label field, so that after the second host receives the first message, according to the second flow label, send The second container sends the first packet.
如此,本申请中各主机内的容器可借助容器的流标签实现不同主机内容器间的通信,解决了现有采用Flannel实现容器集群跨主机通信过程中,产生大量的封装、解封装工作,导致CPU压力较大,转发效率低、组网部署复杂以及与云/SDN融合度低,目前没有整体的云融合安全隔离管控方案的问题。提高了转发效率,优化主机性能,也降低了复杂度。In this way, the containers in each host in this application can use the flow labels of the containers to realize the communication between the containers in different hosts, which solves the problem of a large amount of encapsulation and decapsulation work in the process of using Flannel to realize cross-host communication of container clusters, which leads to The CPU pressure is high, the forwarding efficiency is low, the network deployment is complicated, and the degree of integration with the cloud/SDN is low. At present, there is no overall cloud integration security isolation control solution. It improves forwarding efficiency, optimizes host performance, and reduces complexity.
可选地,在本申请实施例中,还包括第一主机生成标签数据库的过程。Optionally, in this embodiment of the present application, a process of generating the tag database by the first host is also included.
具体地,二层网络中全部的主机启动后,各主机启动IPv6功能,并自动生成本地链路地址(可根据自身的链路层地址以及默认前缀(FE80::/10)形成本地链路地址)。此时,无需进行网络规划,本地链路地址用于各主机在二层网络中互相通信。Specifically, after all the hosts in the Layer 2 network are started, each host starts the IPv6 function and automatically generates a link-local address (the link-local address can be formed according to its own link-layer address and the default prefix (FE80::/10) ). At this time, no network planning is required, and the link-local address is used for each host to communicate with each other in the Layer 2 network.
同时,各主机获取自身内各容器的流标签。在本申请实施例中,以多个第三主机为例进行说明。每个第三主机内包括第三容器,第三容器具有第三流标签。At the same time, each host obtains the flow label of each container in itself. In this embodiment of the present application, multiple third hosts are taken as an example for description. Each third host includes a third container, and the third container has a third flow label.
每个第三主机生成第一邻居通告报文,该第一邻居通告报文包括第三主机的IP地址以及第三容器的第三流标签。Each third host generates a first neighbor advertisement message, where the first neighbor advertisement message includes the IP address of the third host and the third flow label of the third container.
每个第三主机分别向第一主机发送第一邻居通告报文。第一主机接收到多个第一邻居通告报文后,从每个第一邻居通告报文中获取第三主机的IP地址以及第三容器的第三流标签。Each third host sends a first neighbor advertisement message to the first host respectively. After receiving the multiple first neighbor advertisement packets, the first host obtains the IP address of the third host and the third flow label of the third container from each first neighbor advertisement packet.
第一主机从每个第三主机的IP地址中,获取每个第三主机的MAC地址。针对每个第三容器,第一主机分别生成对应的标签信息表项,并将多个标签信息表项存储至标签数据库中。其中,每个标签信息表项包括第三主机的IP地址、第三主机的MAC地址以及第三流标签。The first host obtains the MAC address of each third host from the IP address of each third host. For each third container, the first host generates a corresponding label information entry, and stores the multiple label information entries in the label database. Wherein, each label information entry includes the IP address of the third host, the MAC address of the third host, and the third flow label.
可选地,在本申请实施例中,还包括第一主机生成本地容器对应的标签信息表项的过程。Optionally, in this embodiment of the present application, a process of the first host generating a label information entry corresponding to the local container is also included.
具体地,针对第一主机包括的每个第一容器,第一主机分别生成对应的标签信息表项,并将多个标签信息表项存储至标签数据库中。其中,每个标签信息表项包括第一主机的IP地址、第一主机的MAC地址以及第一流标签。Specifically, for each first container included in the first host, the first host respectively generates a corresponding label information entry, and stores the multiple label information entries in the label database. Wherein, each label information entry includes the IP address of the first host, the MAC address of the first host, and the first flow label.
可以理解的是,标签信息表项包括IP地址字段、MAC地址字段以及流标签字段。第一主机根据获取/接收的内容,生成标签信息表项并存储至标签数据库中。It can be understood that the label information entry includes an IP address field, a MAC address field and a flow label field. According to the acquired/received content, the first host generates a tag information entry and stores it in the tag database.
在本申请实施例中,第一主机也会向其他主机发送邻居通告报文,以使得其他主机在本地生成标签数据库。In this embodiment of the present application, the first host will also send a neighbor advertisement message to other hosts, so that other hosts can locally generate a label database.
可选地,在本申请实施例中,还包括第一主机利用管控策略以及标签数据库生成本地标签转发表的过程。Optionally, in this embodiment of the present application, a process of generating a local label forwarding table by the first host using the management control policy and the label database is also included.
具体地,第一主机在本地建立标签数据库后,先获取管控策略。该管控策略为管理人员在先通过配置指令下发至主机内部。管控策略内包括多条策略,例如,访问策略、转发策略等等。Specifically, after the first host establishes the tag database locally, it first obtains the management and control policy. The management and control strategy is issued to the host through the configuration command by the administrator. The control policy includes multiple policies, for example, access policy, forwarding policy and so on.
利用管控策略,第一主机从标签数据库中存储的多个标签信息表项中筛选出符合管控策略的多个标签信息表项。根据筛选出的多个标签信息表项,第一主机生成标签转发表。该标签转发表包括至少一个标签转发表项,每个标签转发表项包括第一主机的第一标识、第四主机的IP地址、第四主机的MAC地址以及第四主机中容器的第四流标签。Using the management and control strategy, the first host screens out multiple label information entries that meet the management and control strategy from the multiple label information entries stored in the label database. According to the filtered multiple label information entries, the first host generates a label forwarding table. The label forwarding table includes at least one label forwarding table entry, and each label forwarding table entry includes the first identifier of the first host, the IP address of the fourth host, the MAC address of the fourth host, and the fourth flow of the container in the fourth host Label.
其中,第四主机用于举例泛指主机,根据前述示例可知,第四主机包括第三主机以及第一主机。Wherein, the fourth host is used as an example to generally refer to the host, and it can be known from the foregoing examples that the fourth host includes the third host and the first host.
可选地,在本申请实施例中,作为一种实现方式,管控策略内可包括访问策略,该访问策略配置为第一容器可访问具有相同VPC编号的网络,不同VPC编号的网络不可访问。Optionally, in this embodiment of the present application, as an implementation manner, the management and control policy may include an access policy, and the access policy is configured such that the first container can access networks with the same VPC number and cannot access networks with different VPC numbers.
进一步地,上述流标签内包括虚拟私有云VPC编号;根据标签数据库中存储的多个标签信息表项,第一主机生成标签转发表,具体过程为:Further, the above-mentioned flow label includes a virtual private cloud VPC number; according to a plurality of label information entries stored in the label database, the first host generates a label forwarding table, and the specific process is:
从多个第三流标签以及多个第一流标签中,第一主机获取具有相同VPC编号的第四流标签;第一主机为获取的每个第四流标签所在的标签信息表项添加使用者标识字段,得到多个标签转发表项,该使用者标识字段内存储第一标识;第一主机将多个标签转发表项存储至标签转发表。From a plurality of third flow labels and a plurality of first flow labels, the first host obtains a fourth flow label with the same VPC number; the first host adds a user to the label information entry where each obtained fourth flow label is located The identification field obtains multiple label forwarding entries, and stores the first identification in the user identification field; the first host stores the multiple label forwarding entries in the label forwarding table.
可选地,在本申请实施例中,还包括第一主机根据容器创建指令在本地创建容器,并将流标签与容器绑定的过程。Optionally, in this embodiment of the present application, a process of locally creating a container by the first host according to the container creation instruction and binding the flow label to the container is also included.
具体地,上述流标签还包括主机编号以及容器编号;Specifically, the above flow label also includes a host number and a container number;
管理人员在云上创建VPC,并在创建VPC后分配编号。云中的Nova组件根据每个主机的资源使用情况,从组网内选择主机,并在选择出的主机上创建至少一个容器。Nova组件为选择出的主机分配主机编号;同时,Nova组件还为待创建的每个容器分配唯一的容器编号。The administrator creates a VPC on the cloud and assigns a number after the VPC is created. The Nova component in the cloud selects a host from the network according to the resource usage of each host, and creates at least one container on the selected host. The Nova component assigns host numbers to the selected hosts; at the same time, the Nova component also assigns unique container numbers to each container to be created.
云或者SDN控制器获取VPC编号、主机编号以及容器编号后,生成容器创建指令。云或者SDN控制器向第一主机发送容器创建指令。第一主机接收到容器创建指令后,从中获取VPC编号、主机编号以及容器编号。可以理解的是,容器创建指令还可包括待创建的容器个数、容器信息(例如,容器名称,占用软件资源情况等等),每个容器编号与待创建的一个容器对应。After the cloud or SDN controller obtains the VPC number, the host number and the container number, it generates a container creation command. The cloud or SDN controller sends a container creation instruction to the first host. After receiving the container creation instruction, the first host obtains the VPC number, the host number and the container number therefrom. It can be understood that the container creation instruction may also include the number of containers to be created, container information (for example, container name, occupied software resources, etc.), and each container number corresponds to a container to be created.
第一主机在本地创建容器,并将VPC编号、主机编号以及容器编号的组合作为创建出的容器的流标签。The first host creates the container locally, and uses the combination of the VPC number, the host number and the container number as the flow label of the created container.
如图2所示,图2为本申请实施例提供的流标签字段格式图。在图2中,流标签包括VPC编号、节点标号以及容器编号。其中,流标签总长20bit,VPC编号占用5bit;节点编号占用5bit;容器编号占用12bit。As shown in FIG. 2 , FIG. 2 is a format diagram of the flow label field provided by the embodiment of the present application. In FIG. 2, the flow label includes a VPC number, a node label and a container number. Among them, the total length of the flow label is 20 bits, the VPC number occupies 5 bits, the node number occupies 5 bits, and the container number occupies 12 bits.
可以理解的是,上述三种编号的划分并不是固定不变,云或者SDN控制器可根据实际网络情况进行自定义分配上述三种编号所占用的bit,实现流标签资源的有效利用。It can be understood that the division of the above three numbers is not fixed, and the cloud or SDN controller can customize and allocate the bits occupied by the above three numbers according to actual network conditions, so as to realize the effective utilization of flow label resources.
可选地,在本申请实施例中,还包括在容器迁移过程中,第一主机更新本地标签数据库以及标签转发表中对应表项的过程。Optionally, in the embodiment of the present application, a process of updating the local label database and corresponding entries in the label forwarding table by the first host during the container migration process is also included.
具体地,管理人员在云上或者SDN控制器内输入第一容器迁移指令,该第一迁移指令包括待迁移容器的流标签(例如,第五流标签)、迁移前主机编号以及迁移后主机(例如,第五主机)编号。云或者SDN控制器根据第一容器迁移指令,向迁移后主机编号指示的第五主机发送第二容器迁移指令。可以理解的是,该第二容器迁移指令包括第五流标签。Specifically, the manager inputs the first container migration instruction on the cloud or in the SDN controller, and the first migration instruction includes the flow label (for example, the fifth flow label) of the container to be migrated, the number of the host before migration, and the number of the host after migration ( For example, the fifth host) number. The cloud or SDN controller sends the second container migration instruction to the fifth host indicated by the migrated host number according to the first container migration instruction. It can be understood that the second container migration instruction includes a fifth flow label.
第五主机可根据前述实施例的描述,在本地创建容器,并将第五流标签与创建出的容器进行绑定。当已创建容器上线时,第五主机生成第二邻居通告报文。该第二邻居通告报文包括第五主机的IP地址以及第五主机中容器的第五流标签。The fifth host may create a container locally according to the description of the foregoing embodiments, and bind the fifth flow label to the created container. When the created container goes online, the fifth host generates a second neighbor advertisement packet. The second neighbor advertisement message includes the IP address of the fifth host and the fifth flow label of the container in the fifth host.
第一主机接收到第二邻居通告报文后,从中获取第五主机的IP地址以及第五流标签。根据第五流标签,第一主机从标签数据库中获取与第五流标签对应的第一标签信息表项。根据第五主机的IP地址,更新第一标签信息表项包括的主机的IP地址、主机的MAC地址。根据第五流标签,第一主机从标签转发表中获取与第五流标签对应的第二标签转发表项。根据第五主机的IP地址,第一主机更新第二标签转发表项包括的主机的IP地址、主机的MAC地址。After receiving the second neighbor advertisement message, the first host obtains the IP address of the fifth host and the fifth flow label therefrom. According to the fifth flow label, the first host acquires a first label information entry corresponding to the fifth flow label from the label database. According to the IP address of the fifth host, the IP address of the host and the MAC address of the host included in the first label information entry are updated. According to the fifth flow label, the first host acquires a second label forwarding entry corresponding to the fifth flow label from the label forwarding table. According to the IP address of the fifth host, the first host updates the IP address of the host and the MAC address of the host included in the second label forwarding entry.
需要说明的是,上述迁移前主机可包括第一主机,或者,除了第一主机、第五主机的其他主机。It should be noted that, the host before migration may include the first host, or other hosts except the first host and the fifth host.
可选地,在本申请实施例中,第一主机也可作为迁移后的主机在本地创建容器,并向邻居发送邻居通告报文的过程。Optionally, in this embodiment of the present application, the first host may also be used as the migrated host to locally create a container and send a neighbor notification message to a neighbor.
具体地,云或者SDN控制器向第一主机发送容器第三容器迁移指令,该第三容器迁移指令包括容器的第六流标签。第一主机接收到第三容器迁移指令后,可根据前述实施例的描述,在本地创建容器,并将第六流标签与创建出的容器进行绑定。Specifically, the cloud or the SDN controller sends a third container migration instruction to the first host, where the third container migration instruction includes the sixth flow label of the container. After receiving the third container migration instruction, the first host can create a container locally according to the description of the foregoing embodiments, and bind the sixth flow label to the created container.
当已创建容器启动时,第一主机生成第三邻居通告报文,该第三邻居通告报文包括第一主机的IP地址以及已创建容器的第六流标签。When the created container starts, the first host generates a third neighbor advertisement message, where the third neighbor advertisement message includes the IP address of the first host and the sixth flow label of the created container.
第一主机向邻居发送第三邻居通告报文。各邻居接收到第二邻居通告报文后,从中获取第一主机的IP地址以及第六流标签。根据第六流标签,各邻居从标签数据库中获取与第六流标签对应的标签信息表项。根据第一主机的IP地址,更新标签信息表项包括的主机的IP地址、主机的MAC地址。根据第六流标签,各邻居从标签转发表中获取与第六流标签对应的标签转发表项。根据第六主机的IP地址,各邻居更新标签转发表项包括的主机的IP地址、主机的MAC地址。The first host sends a third neighbor advertisement packet to the neighbor. Each neighbor obtains the IP address of the first host and the sixth flow label from the second neighbor advertisement message after receiving it. According to the sixth flow label, each neighbor acquires a label information entry corresponding to the sixth flow label from the label database. According to the IP address of the first host, the IP address of the host and the MAC address of the host included in the label information entry are updated. According to the sixth flow label, each neighbor acquires a label forwarding entry corresponding to the sixth flow label from the label forwarding table. According to the IP address of the sixth host, each neighbor updates the IP address of the host and the MAC address of the host included in the label forwarding entry.
可选地,在本申请实施例中,还包括第一主机接收第二主机发送的报文,并将该报文转发至对应容器的过程。Optionally, in this embodiment of the present application, a process of the first host receiving the message sent by the second host and forwarding the message to the corresponding container is also included.
具体地,第二主机内第二容器预与第一主机内第一容器进行交互通信时,第二主机可根据前述实施例的描述生成并向第一主机发送第二报文。该第二报文包括第一流标签。Specifically, when the second container in the second host pre-interactively communicates with the first container in the first host, the second host may generate and send the second message to the first host according to the description of the foregoing embodiments. The second packet includes the first flow label.
可以理解的是,第二报文也包括目的地址字段、目的MAC地址字段。上述字段可参照前述实施例的描述以及现有协议规定进行配置,在此不再复述。It can be understood that the second packet also includes a destination address field and a destination MAC address field. The foregoing fields may be configured with reference to the descriptions of the foregoing embodiments and existing protocol provisions, and will not be repeated here.
第一主机接收到第二报文后,根据目的MAC地址、目的地址字段确定各字段内存储的值为第一主机的MAC地址、IP地址时,第一主机从第二报文中获取第一流标签。After the first host receives the second message, according to the destination MAC address and the destination address field, when the values stored in each field are determined to be the MAC address and IP address of the first host, the first host obtains the first stream from the second message. Label.
根据第一流标签,第一主机获取容器的容器编号,比如,容器编号指示为第一容器;第一主机向第一容器发送第二报文。According to the first flow label, the first host obtains the container number of the container, for example, the container number indicates the first container; the first host sends the second packet to the first container.
基于同一发明构思,本申请实施例还提供了与通信方法对应的通信装置。参见图3,图3为本申请实施例提供的通信装置,所述装置应用于第一主机,所述第一主机包括第一容器,所述第一容器具有第一流标签,所述装置包括:Based on the same inventive concept, the embodiment of the present application also provides a communication device corresponding to the communication method. Referring to FIG. 3, FIG. 3 is a communication device provided by an embodiment of the present application, the device is applied to a first host, the first host includes a first container, the first container has a first flow label, and the device includes:
第一获取单元310,用于获取第二容器的第二流标签;The first obtaining unit 310 is configured to obtain a second flow label of the second container;
第二获取单元320,用于根据所述第二流标签,从标签转发表中获取匹配的第一标签转发表项,所述第一标签转发表项包括所述第二容器所在的第二主机的IP地址以及所述第二主机的MAC地址;The second obtaining unit 320 is configured to obtain a matching first label forwarding entry from the label forwarding table according to the second flow label, and the first label forwarding entry includes the second host where the second container is located IP address and the MAC address of the second host;
发送单元330,用于向第二主机发送第一报文,所述第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,所述目的地址字段内存储所述第二主机的IP地址,所述目的MAC地址字段内存储所述第二主机的MAC地址,所述流标签字段内存储所述第二流标签,以使得所述第二主机接收到所述第一报文后,根据所述第二流标签,向所述第二容器发送所述第一报文。A sending unit 330, configured to send a first packet to a second host, the first packet includes a destination address field, a destination MAC address field, and a flow label field, and the IP address of the second host is stored in the destination address field address, the MAC address of the second host is stored in the destination MAC address field, and the second flow label is stored in the flow label field, so that after the second host receives the first message, Send the first packet to the second container according to the second flow label.
可选地,所述装置还包括:接收单元(图中未示出),用于接收多个第三主机发送的第一邻居通告报文,每个第一邻居通告报文包括所述第三主机的IP地址以及所述第三主机内包括的第三容器的第三流标签;Optionally, the device further includes: a receiving unit (not shown in the figure), configured to receive first neighbor advertisement packets sent by multiple third hosts, each first neighbor advertisement packet includes the third the IP address of the host and the third flow label of the third container included in the third host;
第三获取单元(图中未示出),用于从每个第三主机的IP地址中,获取每个第三主机的MAC地址;A third obtaining unit (not shown in the figure), used to obtain the MAC address of each third host from the IP address of each third host;
存储单元(图中未示出),用于针对每个第三容器,生成对应的标签信息表项,并将多个标签信息表项存储至标签数据库中,每个标签信息表项包括所述第三主机的IP地址、所述第三主机的MAC地址以及所述第三流标签。A storage unit (not shown in the figure), configured to generate a corresponding label information entry for each third container, and store a plurality of label information entries into the label database, each label information entry includes the The IP address of the third host, the MAC address of the third host, and the third flow label.
可选地,所述存储单元(图中未示出)还用于,针对所述第一主机包括的每个第一容器,生成对应的标签信息表项,并将多个标签信息表项存储至所述标签数据库中,每个标签信息表项包括所述第一主机的IP地址、所述第一主机的MAC地址以及所述第一流标签。Optionally, the storage unit (not shown in the figure) is further configured to, for each first container included in the first host, generate a corresponding label information entry, and store a plurality of label information entries In the label database, each label information entry includes the IP address of the first host, the MAC address of the first host, and the first flow label.
可选地,所述装置还包括:生成单元(图中未示出),用于根据所述标签数据库中存储的多个标签信息表项,生成所述标签转发表,所述标签转发表包括至少一个标签转发表项,每个标签转发表项包括所述第一主机的第一标识、第四主机的IP地址、第四主机的MAC地址以及第四主机中容器的第四流标签。Optionally, the device further includes: a generation unit (not shown in the figure), configured to generate the label forwarding table according to a plurality of label information entries stored in the label database, and the label forwarding table includes At least one label forwarding entry, each label forwarding entry includes the first identifier of the first host, the IP address of the fourth host, the MAC address of the fourth host, and the fourth flow label of the container in the fourth host.
可选地,所述流标签包括虚拟私有云VPC编号;Optionally, the flow tag includes a virtual private cloud VPC number;
所述生成单元(图中未示出)具体用于,从多个第三流标签以及多个第一流标签中,获取具有相同VPC编号的第四流标签;The generation unit (not shown in the figure) is specifically configured to obtain a fourth flow label with the same VPC number from multiple third flow labels and multiple first flow labels;
为获取的每个第四流标签所在的标签信息表项添加使用者标识字段,得到多个标签转发表项,所述使用者标识字段内存储所述第一标识;Adding a user identification field to the label information entry where each fourth stream label is obtained, to obtain multiple label forwarding entries, and storing the first identification in the user identification field;
将多个标签转发表项存储至所述标签转发表。storing multiple label forwarding entries in the label forwarding table.
可选地,所述流标签还包括主机编号以及容器编号;Optionally, the flow label also includes a host number and a container number;
所述接收单元(图中未示出)还用于,接收云或者SDN控制器发送的容器创建指令,所述容器创建指令包括所述VPC编号、所述主机编号以及所述容器编号;The receiving unit (not shown in the figure) is further configured to receive a container creation instruction sent by a cloud or an SDN controller, where the container creation instruction includes the VPC number, the host number, and the container number;
所述装置还包括:创建单元(图中未示出),用于在本地创建容器,并将所述VPC编号、所述主机编号以及所述容器编号的组合作为创建出的所述容器的流标签;The device further includes: a creation unit (not shown in the figure), configured to create a container locally, and use the combination of the VPC number, the host number, and the container number as the created container flow Label;
其中,所述VPC编号由管理人员在所述云上创建VPC后配置,所述主机编号以及所述容器编号由所述云包括的Nova组件分配。Wherein, the VPC number is configured by the administrator after creating the VPC on the cloud, and the host number and the container number are allocated by the Nova component included in the cloud.
可选地,所述接收单元(图中未示出)还用于,接收第五主机发送的第二邻居通告报文,所述第二邻居通告报文包括所述第五主机的IP地址以及所述第五主机中容器的第五流标签;Optionally, the receiving unit (not shown in the figure) is further configured to receive a second neighbor advertisement message sent by the fifth host, where the second neighbor advertisement message includes the IP address of the fifth host and a fifth flow label of a container in the fifth host;
所述第一获取单元310还用于,根据所述第五流标签,从所述标签数据库中获取与所述第五流标签对应的第一标签信息表项;The first obtaining unit 310 is further configured to, according to the fifth flow label, obtain a first label information entry corresponding to the fifth flow label from the label database;
所述装置还包括:更新单元(图中未示出),用于根据所述第五主机的IP地址,更新所述第一标签信息表项包括的主机的IP地址、主机的MAC地址;The device further includes: an updating unit (not shown in the figure), configured to update the IP address of the host and the MAC address of the host included in the first label information entry according to the IP address of the fifth host;
所述第二获取单元320还用于,根据所述第五流标签,从所述标签转发表中获取与所述第五流标签对应的第二标签转发表项;The second obtaining unit 320 is further configured to, according to the fifth flow label, obtain a second label forwarding entry corresponding to the fifth flow label from the label forwarding table;
所述更新单元(图中未示出)还用于,根据所述第五主机的IP地址,更新所述第二标签转发表项包括的主机的IP地址、主机的MAC地址。The updating unit (not shown in the figure) is further configured to update the IP address of the host and the MAC address of the host included in the second label forwarding entry according to the IP address of the fifth host.
可选地,所述接收单元(图中未示出)还用于,接收云或者SDN控制器发送的容器迁移指令,所述容器迁移指令包括容器的第六流标签;Optionally, the receiving unit (not shown in the figure) is further configured to receive a container migration instruction sent by a cloud or an SDN controller, where the container migration instruction includes a sixth flow label of the container;
所述创建单元(图中未示出)还用于,在本地创建容器,并将创建的容器与所述第六流标签绑定;The creating unit (not shown in the figure) is further configured to create a container locally, and bind the created container to the sixth flow label;
所述发送单元330还用于,当已创建容器启动时,发送第三邻居通告报文,所述第三邻居通告报文包括所述第一主机的IP地址以及所述已创建容器的第六流标签。The sending unit 330 is further configured to, when the created container is started, send a third neighbor advertisement message, where the third neighbor advertisement message includes the IP address of the first host and the sixth address of the created container. stream label.
可选地,所述接收单元(图中未示出)还用于,接收所述第二主机发送的第二报文,所述第二报文包括所述第一流标签;Optionally, the receiving unit (not shown in the figure) is further configured to receive a second packet sent by the second host, where the second packet includes the first flow label;
所述装置还包括:第四获取单元(图中未示出),用于根据所述第一流标签,获取容器的容器编号;The device further includes: a fourth obtaining unit (not shown in the figure), configured to obtain the container number of the container according to the first flow label;
所述发送单元330还用于,利用所述容器的容器编号,向所述第一容器发送所述第二报文。The sending unit 330 is further configured to send the second message to the first container by using the container number of the container.
因此,应用本申请提供的通信装置,第一主机获取第二容器的第二流标签;根据第二流标签,第一主机从标签转发表中获取匹配的第一标签转发表项,该第一标签转发表项包括第二容器所在的第二主机的IP地址以及第二主机的MAC地址;第一主机向第二主机发送第一报文,该第一报文包括目的地址字段、目的MAC地址字段以及流标签字段,目的地址字段内存储第二主机的IP地址,流标签字段内存储第二流标签,以使得第二主机接收到第一报文后,根据第二流标签,向第二容器发送第一报文。Therefore, using the communication device provided by this application, the first host obtains the second flow label of the second container; according to the second flow label, the first host obtains the matching first label forwarding entry from the label forwarding table, and the first The label forwarding entry includes the IP address of the second host where the second container is located and the MAC address of the second host; the first host sends a first message to the second host, and the first message includes a destination address field, a destination MAC address Field and flow label field, the IP address of the second host is stored in the destination address field, and the second flow label is stored in the flow label field, so that after the second host receives the first message, it sends the second message to the second host according to the second flow label The container sends the first packet.
如此,本申请中各主机内的容器可借助容器的流标签实现不同主机内容器间的通信,解决了现有采用Flannel实现容器集群跨主机通信过程中,产生大量的封装、解封装工作,导致CPU压力较大,转发效率低、组网部署复杂以及与云/SDN融合度低,目前没有整体的云融合安全隔离管控方案的问题。提高了转发效率,优化主机性能,也降低了复杂度。In this way, the containers in each host in this application can use the flow labels of the containers to realize the communication between the containers in different hosts, which solves the problem of a large amount of encapsulation and decapsulation work in the process of using Flannel to realize cross-host communication of container clusters, which leads to The CPU pressure is high, the forwarding efficiency is low, the network deployment is complicated, and the degree of integration with the cloud/SDN is low. At present, there is no overall cloud integration security isolation control solution. It improves forwarding efficiency, optimizes host performance, and reduces complexity.
基于同一发明构思,本申请实施例还提供了一种网络设备,如图4所示,包括处理器410、收发器420和机器可读存储介质430,机器可读存储介质430存储有能够被处理器410执行的机器可执行指令,处理器410被机器可执行指令促使执行本申请实施例所提供的通信方法。前述图3所示的通信装置,可采用如图4所示的网络设备硬件结构实现。Based on the same inventive concept, the embodiment of the present application also provides a network device, as shown in FIG. 4 , including a processor 410, a transceiver 420, and a machine-readable storage medium 430. The processor 410 executes the machine-executable instructions, and the processor 410 is prompted by the machine-executable instructions to execute the communication method provided by the embodiment of the present application. The aforementioned communication device shown in FIG. 3 can be realized by using the hardware structure of the network equipment shown in FIG. 4 .
上述计算机可读存储介质430可以包括随机存取存储器(英文:Random AccessMemory,简称:RAM),也可以包括非易失性存储器(英文:Non-volatile Memory,简称:NVM),例如至少一个磁盘存储器。可选的,计算机可读存储介质430还可以是至少一个位于远离前述处理器410的存储装置。The above-mentioned computer-readable storage medium 430 may include a random access memory (English: Random AccessMemory, abbreviated as RAM), and may also include a non-volatile memory (English: Non-volatile Memory, abbreviated: NVM), such as at least one disk memory . Optionally, the computer-readable storage medium 430 may also be at least one storage device located away from the aforementioned processor 410 .
上述处理器410可以是通用处理器,包括中央处理器(英文:Central ProcessingUnit,简称:CPU)、网络处理器(英文:Network Processor,简称:NP)等;还可以是数字信号处理器(英文:Digital Signal Processor,简称:DSP)、专用集成电路(英文:ApplicationSpecific Integrated Circuit,简称:ASIC)、现场可编程门阵列(英文:Field-Programmable Gate Array,简称:FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The above-mentioned processor 410 can be a general-purpose processor, including a central processing unit (English: Central Processing Unit, referred to as: CPU), a network processor (English: Network Processor, referred to as: NP), etc.; it can also be a digital signal processor (English: Digital Signal Processor (abbreviation: DSP), application specific integrated circuit (English: Application Specific Integrated Circuit, abbreviation: ASIC), field programmable gate array (English: Field-Programmable Gate Array, abbreviation: FPGA) or other programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
本申请实施例中,处理器410通过读取机器可读存储介质430中存储的机器可执行指令,被机器可执行指令促使能够实现处理器410自身以及调用收发器420执行前述本申请实施例描述的通信方法。In the embodiment of the present application, the processor 410 reads the machine-executable instructions stored in the machine-readable storage medium 430, and is prompted by the machine-executable instructions to implement the processor 410 itself and call the transceiver 420 to execute the foregoing description of the embodiment of the present application. communication method.
另外,本申请实施例提供了一种机器可读存储介质430,机器可读存储介质430存储有机器可执行指令,在被处理器410调用和执行时,机器可执行指令促使处理器410自身以及调用收发器420执行前述本申请实施例描述的通信方法。In addition, the embodiment of the present application provides a machine-readable storage medium 430. The machine-readable storage medium 430 stores machine-executable instructions. When called and executed by the processor 410, the machine-executable instructions prompt the processor 410 itself and The transceiver 420 is invoked to execute the communication method described in the foregoing embodiments of the present application.
上述装置中各个单元的功能和作用的实现过程具体详见上述方法中对应步骤的实现过程,在此不再赘述。For the implementation process of the functions and effects of each unit in the above device, please refer to the implementation process of the corresponding steps in the above method for details, and will not be repeated here.
对于装置实施例而言,由于其基本对应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本申请方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。As for the device embodiment, since it basically corresponds to the method embodiment, for related parts, please refer to the part description of the method embodiment. The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this application. It can be understood and implemented by those skilled in the art without creative effort.
对于通信装置以及机器可读存储介质实施例而言,由于其涉及的方法内容基本相似于前述的方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。As for the embodiments of the communication device and the machine-readable storage medium, since the content of the methods involved is basically similar to the foregoing method embodiments, the description is relatively simple, and for relevant details, please refer to the descriptions of the method embodiments.
以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。The above is only a preferred embodiment of the application, and is not intended to limit the application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the application should be included in the application. within the scope of protection.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310424121.8ACN116506400A (en) | 2023-04-17 | 2023-04-17 | Communication method and device |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310424121.8ACN116506400A (en) | 2023-04-17 | 2023-04-17 | Communication method and device |
| Publication Number | Publication Date |
|---|---|
| CN116506400Atrue CN116506400A (en) | 2023-07-28 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310424121.8APendingCN116506400A (en) | 2023-04-17 | 2023-04-17 | Communication method and device |
| Country | Link |
|---|---|
| CN (1) | CN116506400A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789667A (en)* | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
| CN110769075A (en)* | 2018-07-25 | 2020-02-07 | 中国电信股份有限公司 | Container communication method, system, controller and computer readable storage medium |
| CN112702266A (en)* | 2018-06-29 | 2021-04-23 | 华为技术有限公司 | Method for generating label forwarding table, message sending method, device and equipment |
| CN114024725A (en)* | 2021-10-25 | 2022-02-08 | 全球能源互联网研究院有限公司南京分公司 | An inter-container communication method, system, electronic device and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789667A (en)* | 2016-11-21 | 2017-05-31 | 华为技术有限公司 | A kind of data forwarding method, relevant device and system |
| CN112702266A (en)* | 2018-06-29 | 2021-04-23 | 华为技术有限公司 | Method for generating label forwarding table, message sending method, device and equipment |
| CN110769075A (en)* | 2018-07-25 | 2020-02-07 | 中国电信股份有限公司 | Container communication method, system, controller and computer readable storage medium |
| CN114024725A (en)* | 2021-10-25 | 2022-02-08 | 全球能源互联网研究院有限公司南京分公司 | An inter-container communication method, system, electronic device and storage medium |
| Publication | Publication Date | Title |
|---|---|---|
| US11895154B2 (en) | Method and system for virtual machine aware policy management | |
| CN114365462B (en) | L3 underlay routing in cloud environments using hybrid distributed logical router | |
| US12081451B2 (en) | Resource placement templates for virtual networks | |
| US8040822B2 (en) | Configuring communication services using policy groups | |
| CN107222353B (en) | Support protocol-independent software-defined network virtualization management platform | |
| CN103997414B (en) | Method and network control unit for generating configuration information | |
| CN108347493B (en) | Hybrid cloud management method, apparatus and computing device | |
| CN1822570B (en) | The automatic discovering method of the pseudo-circuit peer address carried out in based on the network of Ethernet | |
| US10298449B2 (en) | Automatically generated virtual network elements for virtualized packet networks | |
| CN112688814B (en) | Equipment access method, device, equipment and machine readable storage medium | |
| CN108111383A (en) | A kind of cross-domain container virtual network construction method based on SDN | |
| TW201519621A (en) | Management server and management method thereof for managing cloud appliances in virtual local area networks | |
| US11695681B2 (en) | Routing domain identifier assignment in logical network environments | |
| CN116132542B (en) | Container network management method, container network plug-in and related equipment | |
| CN111404797B (en) | Control method, SDN controller, SDN access point, SDN gateway and CE | |
| WO2017113300A1 (en) | Route determining method, network configuration method and related device | |
| CN115941577A (en) | Automatic Policy Configuration for Packet Flows | |
| CN114465776A (en) | Flooding attack defense method and related device | |
| CN109936490A (en) | Virtual home network share method and system based on VXLAN and OpenFlow | |
| WO2018161795A1 (en) | Routing priority configuration method, device, and controller | |
| US9876689B1 (en) | Automatically generated virtual network elements for virtualized local area networks | |
| CN116506400A (en) | Communication method and device | |
| CN116055452B (en) | Data processing method, device, equipment and computer readable storage medium | |
| CN115865865A (en) | A cloud-native dual-stack communication method and system based on macvlan | |
| CN118353837A (en) | A gateway configuration method, system and medium |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |