docker container _ virtualization

Others 2020-02-25 00:33:26 views: null

docker

Article Directory

1 virtualized network

Network Namespace functionality provided by the Linux kernel is an important feature for network virtualization, it can create multiple isolated cyberspace, they alone have a network stack information. Whether virtual machines or containers, when running as if they are independent of the network. Network Namespace resources and different from each other is not visible and can not communicate with each other.

If our physical machine has four physical NICs, we want to create 4 namespaces, and these devices can be linked separately to a separate name space used

As shown, the first piece of card assigned to the first name space, the second block allocated to a second namespace, the third sub-block to a third namespace, the fourth block to the fourth sub-namespace . At this point other namespaces are invisible currently located namespace, because a device can only belong to a namespace.

Such a way that every namespace can configure the IP address, and directly communicate with an external network, because they use the physical NIC.

But if we have a number of name space is more than the number of physical NICs do? At this point we can use virtual LAN equipment, pure software approach to simulation of a group of devices to use. Linux kernel-level device supports two levels of simulation, one is a two-story apparatus, a three-tier device.

Linux kernel Layer simulation apparatus, each network interface device in pairs, can be modeled as a network cable at both ends, wherein one end of the simulation host virtual network adapter, the other end of the simulated virtual switch, the equivalent of a host connected to a switch to go. Linux kernel native support layer 2 virtual bridge device, namely a virtual function of the switch software. As shown below:

So at this time if we have a namespace, it has created a virtual network card, connect one end of the namespace, connect one end of the virtual switch, this time is equivalent to two namespaces are connected to the same switch in the network, at this time if the two NIC address namespace for configuration in the same network segment, then it is clear that between them can communicate with each other. As shown below:

From the physical device network communications cards are pure software way to achieve that this implementation is called virtual network.

Single-node communication between containers 2

If on the same physical machine two containers would like communication, our approach is to create a virtual switch on this host, and then let the two containers each creates a virtual card with a pure software mode, half container, half in the virtual switch, thereby realizing communication. As shown below:

This is a single-node communication between the two containers. Communication between the two containers on a single node, there are some complications, such as we expect the container to build inter-switch communication it?

We did two virtual switches, each connected to a different container on two switches, as shown above, at this time if you want to C1 and C3 Communications And how to achieve it? In fact, we can create a space by the name on the card, connect one end SW1, the other end SW2, so even up to two switches, fair to say that a C3 to C1 and two switches in different containers can be achieved communication, but in so doing there is another problem, that is, if the C1 and C3 in different networks do? If we are not on the same network by routing it must be forwarded to communicate, that is, we have to add a router between the two switches, in fact, the Linux kernel itself is supported by routing forwarding, we only need to open the route forwarding . At this point we can then start a container, the container and ran inside a kernel function to open and forward it, so that it simulates a router to implement route forwarded by this router.

Communication between nodes in different containers 3

As shown above, at this time if you want to communicate with C1 C5 how should achieve? If we use the bridge mode, it is easy to produce broadcast storms, and therefore, the scene of large-scale virtual machine or container, using a bridge way is undoubtedly suicidal, so we should not use the bridge way to communicate.

If a result, we can not bridge, and the need to communicate with the outside, you can only use NAT technology. By DNAT port container is exposed to the host, to achieve the purpose of access to the interior of the container through the port to access the host, and in the end we need to do SNAT request packet forwarded by the real host of the network card. But to do so, because NAT is performed twice, so the efficiency will be lower.

In this case we can use a technique called Overlay Network (overlay network) to communicate with each other functions between different nodes of the container.

Overlay Network packets will be forwarded tunnel, that is the message you want to send out to add an IP header before you go, that is, 1.1 and 1.2 this part of the figure, where the source is 1.1, 1.2 is the target, when the host 2 receives the packets decapsulated target container is found looking C2, then forwards the packet to C2.

959ggg
Published 126 original articles · won praise 12 · views 9448
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_43141726/article/details/104480161
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com