云环境下基于Kubernetes集群系统的容器网络研究与优化

doi:10.3969/j.issn.1671-1122.2020.03.005

摘要/Abstract

摘要：

轻量级云基础架构对微服务的重要性不言而喻,很多基于容器的虚拟化服务被相继提出。在网络方面,容器网络接口技术保证了基于虚拟机的云和容器之间的连接异构网络服务。为了提高云系统的网络性能,文章研究了基于CNI技术的网络配置的详细设计,对基于Flannel的Kubernetes集群系统进行优化,提出了一种自适应Overlay Network与Directrouting结合模式的容器网络,并与多种基于CNI的网络拓展件性能进行了对比。针对集群网络无网络策略的缺陷,文章将Canal引入Flannel构架,增加了集群系统的网络策略功能,提高了网络访问安全性。文章搭建了测试集群系统,利用网络性能测试工具Iperf3对常见容器网络进行了性能测试。结果显示,该方案比原Flannel集群系统的容器网络传输速率平均提升25%左右,与其他方案相比,传输速率也有提升。该方案有利于实际环境集群系统的性能提升,实现了网络访问控制,增加了安全性。

关键词: 容器网络, 云计算, 网络性能, 容器集群

Abstract:

The importance of lightweight cloud infrastructure for microservices is self-evident, and many container-based virtualization services have been proposed. On the network side, a container network interface technology is proposed to ensure that heterogeneous network services are connected between the virtual machine-based cloud and the container. In order to improve the network performance of the cloud system, the detailed design of the network configuration based on CNI technology is studied, and the Kubernetes cluster system based on Flannel is optimized. An adaptive overlay network and directrouting combined container network model is proposed, and a variety of CNI-based container networks are compared. In view of the lack of network strategy in cluster networks, Canal was introduced into the Flannel architecture to increase the network strategy function of the cluster system and improve network access security; set up a test cluster system and use the network performance test tool Iperf3 to perform common container networks Perform performance tests. The results show that compared with the original Flannel cluster network, the transmission rate of this solution is increased by about 25% on average, and it is also improved compared with other solutions. Overall, it is beneficial to the performance improvement of the actual environment cluster system; the network access control is realized, and the security is also increased.

Key words: container network, cloud computing, network performance, container cluster

中图分类号:

TP309

刘渊, 乔巍. 云环境下基于Kubernetes集群系统的容器网络研究与优化[J]. 信息网络安全, 2020, 20(3): 36-44.

LIU Yuan, QIAO Wei. Research and Optimization of Container Network Based on Kubernetes Cluster System in Cloud Environment[J]. Netinfo Security, 2020, 20(3): 36-44.

图/表 20

图1

图2

图3

图4

图5

表1

图6

表2

表3

图7

表4

图8

表5

图9

图10

图11

图12

图13

图14

表6

参考文献 18

[1]	RAKESH K, NEHA G, SHILPI C, et al.Open Source Solution for Cloud Computing Platform Using OpenStack[J]. International Journal of Computer Science and Mobile Computing, 2014, 3(5): 89-98.
[2]	YOUNGKI P, HYUNSIK Y, YOUNGHAN K.Performance Analysis of CNI(Container Networking Interface) based Container Network[C]//IEEE. 2018 International Conference on Information and Communication Technology Convergence(ICTC), October 17-19, 2018, Jeju, South Korea. New Jersey: IEEE, 2018: 248-250.
[3]	LI Zheng, KIHL Ma, LU Qinghua, et al.Performance Overhead Comparison between Hypervisor and Container based Virtualization[C]//IEEE. 2017 IEEE 31st International Conference on Advanced Information Networking and Applications(AINA), March 27-29, 2017, Taipei, Taiwan, China. New Jersey: IEEE, 2017: 955-962.
[4]	Kubernetnes. Kubernetes Documentation[EB/OL]. , 2019-12-9.
[5]	FLÁVIO R, AUGUSTO N. Virtualization at the Network Edge: A Performance Comparison[C]//IEEE. 17th International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM), June21-24, 2016, Coimbra, Portugal. New Jersey: IEEE, 2016: 1-6.
[6]	DAVID B.Containers and Cloud: From LXC to Docker to Kubernetes[J]. IEEE Cloud Computing, 2014, 1(3): 81-84.
[7]	GONG Zheng, WU Zhihui, WANG Wei, et al.Kubernentes: Definitive Guide[M]. 4th Edition. Beijing: Publishing House of Electronics Industry, 2019.
	龚正,吴治辉,王伟,等. Kubernetes权威指南[M]. 4版.北京:电子工业出版社,2019.
[8]	Docker Docs. Docker Container Networking[EB/OL]. , 2019-12-10.
[9]	Caolio. Calico Documentation[EB/OL]..
[10]	BI Xiaohong, LIU Yuan, CHEN Fei, Research and Optimization of Network Performance for Micro-service Application Platform[J]. Computer Engineering, 2018, 44(5): 53-59.
	毕小红,刘渊等.微服务应用平台的网络性能研究与优化[J].计算机工程,2018,44(5):53-59.
[11]	LI Wei, ZHAO Yongbin, WANG Ou, et al.Dockers Container Network Architecture Research Based on Macvlan[J]. Machinery Design & Manufacture, 2017(5): 270-272.
	李巍,赵永彬,王鸥,等.基于Macvlan的Docker容器网络构架研究[J].机械设计与制造,2017(5):270-272.
[12]	FENG Mingzhen.Design and Implementation of Docker Network System Based on Macvlan[D]. Hangzhou: Zhejiang University, 2016.
	冯明振. 基于Macvlan的Docker容器网络模型的设计与实现[D].杭州:浙江大学,2016.
[13]	MARKO L.Kubernetes in Action[M]. Beijing: Publishing House of Electronics Industry, 2018.
[14]	ALIN C, CRISTIAN C SPOIALA, CORNELIU O T, et al.OpenStack and Docker: Building a High-performance IaaS Platform for Interactive Social Media Applications[C]//IEEE. 2016 International Conference on Development and Application Systems(DAS), May 19-21, 2016, Suceava, Romania. New Jersey: IEEE, 2016: 287-290.
[15]	BOETTIGER C.An Introduction to Docker for Reproducible Research[J]. ACM SIGOPS Operating Systems Review, 2015, 49(1): 71-79.
[16]	GUO Yanghui.Research and Implementation of Docker Container Scheduling Strategy in Micro Service[D]. Beijing: Beijing University of Posts and Telecommunications, 2018.
	郭杨虎. 微服务环境下Docker容器调度策略的研究与实现[D].北京:北京邮电大学,2018.
[17]	XIE Bin, SUN Guanyi, GUO Ma.Docker Based Overlay Network Performance Evaluation in Large Scale Streaming System[C]//IEEE. 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference(IMCEC), October 3-5, 2016. Xi’an, China. New Jersey: IEEE, 2016: 366-369.
[18]	ZENG Hao, WANG Baosheng, DENG Wenping, et al.Measurement and Evaluation for Docker Container Networking[C]//IEEE. 2017 International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery(CyberC), October 12-14, 2017, Nanjing, China. New Jersey: IEEE, 2017: 105-108.

系统镜像	版本
Kube-apiserver	1.12.0
Kube-controller-manager	1.12.0
Kube-scheduler	1.12.0
Pause	3.1
Etcd	3.2.24
Coredns	1.2.2
Flannel	0.10.0
Canal	3.3

容器网段	via	dev
10.244.1.0/24	10.244.1.0	Flannel.1
10.244.2.0/24	10.244.2.0	Flannel.1
10.244.3.0/24	10.244.3.0	Flannel.1
10.244.4.0/24	10.244.4.0	Flannel.1

容器网段	via	dev
10.244.1.0/24	192.168.11.249	enp0s3
10.244.2.0/24	192.168.11.180	enp0s3
10.244.3.0/24	192.168.11.238	enp0s3
10.244.4.0/24	192.168.11.168	enp0s3

	CPU	MEM	IP
Master	4core	4 GB	192.168.11.218
Node1	2core	2 GB	192.168.11.168
Node2	2core	2 GB	192.168.11.238
Node3	2core	2 GB	192.168.11.247
Node4	2core	2 GB	192.168.11.180

测试方案	网络模式	服务器端	客户端
单节点测试	Host	HostA	HostB
	Weave	Iperf-Server	Iperf-client
	Flannel
	Flannel Direct
	Calico
多节点测试	Host	HostA	HostB
	Weave	Iperf-Server	Iperf-client
	Flannel
	Flannel Direct
	Calico