计算机科学

计算机科学 ›› 2018, Vol. 45 ›› Issue (9): 46-51.doi: 10.11896/j.issn.1002-137X.2018.09.006

• 第十六届全国软件与应用学术会议 • 上一篇    下一篇

一种面向多租户的Linux容器集群组网方法

朱瑜坚1,2, 马俊明1, 安博1,2, 曹东刚1,2   

  1. 高可信软件技术教育部重点实验室北京大学 北京1008711
    北京大学信息科学技术学院 北京1008712
  • 收稿日期:2017-07-11 出版日期:2018-09-20 发布日期:2018-10-10
  • 通讯作者: 安 博(1992-),男,博士生,主要研究方向为云计算、系统软件、分布式计算;曹东刚(1975-),男,博士,副教授,CCF高级会员,主要研究方向为系统软件、并行计算与分布式计算,E-mail:caodg@pku.edu.cn
  • 作者简介:朱瑜坚(1993-),男,硕士生,主要研究方向为云计算和系统软件;马俊明(1994-),男,博士生,主要研究方向为云计算和系统软件
  • 基金资助:
    本文受国家重点研发计划基金(2016YFB1000105),国家自然科学基金(61690201,61421091)资助。

Linux Container Cluster Networking Approach for Multiple Tenants

ZHU Yu-jian1,2, MA Jun-ming1, AN Bo1,2, CAO Dong-gang1,2   

  1. Key Lab of High Confidence Software TechnologiesPeking University,Ministry of Education,Beijing 100871,China1
    School of Electronic Engineering and Computer Science,Peking University,Beijing 100871,China2
  • Received:2017-07-11 Online:2018-09-20 Published:2018-10-10

PDF (PC)

1003

摘要: 目前,越来越多的云平台开始采用容器组成的集群为云服务提供运行环境,而如何在多租户环境下为用户的容器集群提供高效且可用的网络成为了一个重要的技术问题。对此,以Linux容器为例,提出了一种面向多租户的Linux容器集群组网方法。这种方法参考了Kubernetes的组网方法,并在其基础上简化了网络结构,并引入了网络隔离,使得构建的网络能够满足多用户场景下的需求。文中描述了此种组网方法在小规模和大规模应用场景下的设计和它在虚拟云操作系统Docklet中的实现,实现的代码是开源的,并且进行了实验与评估。实验证明,这一组网方法所构成的虚拟网络与原生网络的性能相当接近,其TCP出口下行带宽与原生网络相差0.4%以内,而TCP内部通信带宽只损失了约3.39%,且对批处理型应用和长服务型应用都有良好的支撑。

关键词: Linux容器, 多租户, 容器组网, 软件定义网络, 云计算

Abstract: At present,more and more cloud platforms begin to use Linux container cluster to provide runtime environment for cloud services.But how to build a stable and high-performance network for a user’s Linux container cluster under multi-tenant circumstance is an important technical problem.A networking approach of Linux container cluster for multiple tenants was proposed in this paper.Compared with that of Kubernetes,the proposed approach simplifies the network architecture and introduces network isolation.The network can meet the needs under multi-tenant circumstance.This paper described the design of the approach with a small and large scale of clusters and users and explained the implementation of it in a virtual cloud operating system Docklet.The source codes are open source on GitHub.Besides,evaluation results show that the performance of container network of the proposed approach is close to the original network.The TCP export downlink bandwidth is different from the original one within 0.4% and the TCP internal bandwidth gets about 3.39% loss.The batch job and long service applications are also well supported by the approach.

Key words: Cloud computing, Containers networking, Linux containers, Multiple tenants, Software defined network

中图分类号: 

  • TP393
[1]FELTER W,FERREIRA A,RAJAMONY R,et al.An updated performance comparison of virtual machines and linux containers[C]∥2015 IEEE International Symposium on Performance Analysis of Systems and Soft-ware(ISPASS).IEEE,2015:171-172.
[2]SEO K T,HWANG H,MOON I,et al.Performance comparison analysis of linux container and virtual machine for building cloud[C]∥Networking and Communication.2014:105-111.
[3]VERMA A,PEDROSA L,KORUPOLU M,et al.Large-scale
cluster management at Google with Borg[C]∥Proceedings of the Tenth European Conference on Computer Systems.ACM,2015:18.
[4]张阜兴.知乎万级规模容器平台架构和实战[EB/OL].(2016-11-18)[2017-07-11].http://www.infoq.com/cn/presentations/platform-architecture-and-combatof-zhihu-container-platform.
[5]WANG H,SHI P,ZHANG Y.Jointcloud:A Cross-cloud copperation Architecture for integrated internet Service Customization[C]∥IEEE,International Conference on Distributed Computing Systems.IEEE,2017:1846-1855.
[6]CUI W,ZHAN H,LI B,et al.Cluster as a Service:a Container based Cluster Sharing Approach with multi-user Support[C]∥2016 IEEE Symposium on Service-Oriented System Engineering(SOSE).IEEE,2016:111-118.
[7]BERNSTEIN D.Containers and cloud:From lxc to docker to
kubernetes[J].IEEE Cloud Computing,2014,1(3):81-84.
[8]BURNS B,Grant B,Oppenheimer D,et al.Borg,omega,and kubernetes[J].Communications of the ACM,2016,59(5):50-57.
[9]MARMOL V,JNAGAL R,HOCKIN T.Networking in contai-ners and container clusters[J/OL].https://www.mendeley.com/research-papers/networking-containers-container-clusters1.
[10]The Kubernetes Authors.Kubernetes OpenVSwitch GRE/VxLAN networking [EB/OL].[2017-07-08].https://kubernetes.io/docs/admin/ovs-networking.
[11]MERKEL D.Docker:lightweight linux containers for consistent development and deployment[OL].http://docs.docker.com.
[12]Docker Inc.Docker Documentation [EB/OL].[2017-07-10].https://docs.docker.com.
[1] 张纪林, 邵玉曹, 任永坚, 袁俊峰, 万健, 周丽.
支持多租户模式的业务流程动态定制模型
Dynamic Customization Model of Business Processes Supporting Multi-tenant
计算机科学, 2022, 49(6A): 705-713. https://doi.org/10.11896/jsjkx.210200104
[2] 高诗尧, 陈燕俐, 许玉岚.
云环境下基于属性的多关键字可搜索加密方案
Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing
计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[3] 耿海军, 王威, 尹霞.
基于混合软件定义网络的单节点故障保护方法
Single Node Failure Routing Protection Algorithm Based on Hybrid Software Defined Networks
计算机科学, 2022, 49(2): 329-335. https://doi.org/10.11896/jsjkx.210100051
[4] 王政, 姜春茂.
一种基于三支决策的云任务调度优化算法
Cloud Task Scheduling Algorithm Based on Three-way Decisions
计算机科学, 2021, 48(6A): 420-426. https://doi.org/10.11896/jsjkx.201000023
[5] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[6] 陈玉平, 刘波, 林伟伟, 程慧雯.
云边协同综述
Survey of Cloud-edge Collaboration
计算机科学, 2021, 48(3): 259-268. https://doi.org/10.11896/jsjkx.201000109
[7] 董仕.
软件定义网络安全问题研究综述
Survey on Software Defined Networks Security
计算机科学, 2021, 48(3): 295-306. https://doi.org/10.11896/jsjkx.200300119
[8] 王文娟, 杜学绘, 任志宇, 单棣斌.
基于因果知识和时空关联的云平台攻击场景重构
Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation
计算机科学, 2021, 48(2): 317-323. https://doi.org/10.11896/jsjkx.191200172
[9] 蒋慧敏, 蒋哲远.
企业云服务体系结构的参考模型与开发方法
Reference Model and Development Methodology for Enterprise Cloud Service Architecture
计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044
[10] 高明, 周慧颖, 焦海, 应丽莉.
基于加权图的链路映射算法
Link Mapping Algorithm Based on Weighted Graph
计算机科学, 2021, 48(11A): 476-480. https://doi.org/10.11896/jsjkx.201200216
[11] 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇.
区块链即服务平台关键技术及发展综述
Survey on Key Techniques and Development of Blockchain as a Service Platform
计算机科学, 2021, 48(11): 4-11. https://doi.org/10.11896/jsjkx.210500159
[12] 高雅卓, 刘亚群, 张国敏, 邢长友, 王秀磊.
基于多阶段博弈的虚拟化蜜罐动态部署机制
Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots
计算机科学, 2021, 48(10): 294-300. https://doi.org/10.11896/jsjkx.210500071
[13] 王勤, 魏立斐, 刘纪海, 张蕾.
基于云服务器辅助的多方隐私交集计算协议
Private Set Intersection Protocols Among Multi-party with Cloud Server Aided
计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308
[14] 张恺琪, 涂志莹, 初佃辉, 李春山.
基于排队论的服务资源可用性相关研究综述
Survey on Service Resource Availability Forecast Based on Queuing Theory
计算机科学, 2021, 48(1): 26-33. https://doi.org/10.11896/jsjkx.200900211
[15] 雷阳, 姜瑛.
云计算环境下关联节点的异常判断
Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment
计算机科学, 2021, 48(1): 295-300. https://doi.org/10.11896/jsjkx.191200186
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发