Search

US-12625716-B2 - Implementing communications within a container environment

US12625716B2US 12625716 B2US12625716 B2US 12625716B2US-12625716-B2

Abstract

Techniques are described for implementing a container environment where each pod within the container environment is provided with a unique IP address and a virtual communication device such as an IPvlan device. Communications from source pods are directly routed to destination pods within the container environment by one or more virtualized network interface cards (VNICs) utilizing the unique IP addresses of the destination pods, without the need for bridging and encapsulation. This reduces a size of data being transmitted and also eliminates a compute cost necessary to perform encapsulation of data during transmission.

Inventors

  • Trung Hoai Nguyen
  • Devon Howard Crouse
  • Sohan Patil

Assignees

  • ORACLE INTERNATIONAL CORPORATION

Dates

Publication Date
20260512
Application Date
20221012

Claims (20)

  1. 1 . A computer-implemented method, comprising: configuring, by a computer system, a first node within a container environment, the first node including a first pod representing a group of one or more containers having shared resources; configuring, by the computer system, communications from the first pod via a first virtual communication device; receiving, by the computer system at a first virtualized network interface card (VNIC) connected to the first node within the container environment, data from the first virtual communication device assigned to the first pod within the first node, the data received directly along the configured communications between the first VNIC and the first virtual communication device, and the data comprising an address identifying the first pod; and routing, by the computer system via the first virtualized network interface card, the data to a destination device based at least in part on the data comprising at least the address that identifies the first pod.
  2. 2 . The computer-implemented method of claim 1 , wherein: the destination device includes a second pod different from the first pod, the first pod and the second pod share the first virtualized network interface card, and the receiving of the data and the routing of the data is performed without encapsulating the data.
  3. 3 . The computer-implemented method of claim 1 , wherein: the destination device includes a second virtualized network interface card different from the first virtualized network interface card, and both the second virtualized network interface card and the first virtualized network interface card are attached to the first node of the container environment.
  4. 4 . The computer-implemented method of claim 1 , wherein: the destination device includes a second virtualized network interface card different from the first virtualized network interface card, the second virtualized network interface card is attached to a second node of the container environment that is different from the first node, and the routing via the first virtualized network interface card and the second virtualized network interface card is performed without encapsulation of the data.
  5. 5 . The computer-implemented method of claim 1 , wherein the destination device includes a virtual cloud network (VCN).
  6. 6 . The computer-implemented method of claim 1 , wherein the first virtual communication device includes an internet protocol virtual local area network (IPvlan) device.
  7. 7 . The computer-implemented method of claim 1 , comprising: receiving, by the computer system, a response at the first virtual communication device of the first pod; sending, by the computer system, the response through one or more virtual ethernet (veth) pairs of the first pod; and sending, by the computer system, the response to a container located within the first pod.
  8. 8 . The computer-implemented method of claim 1 , comprising, in response to determining, by the computer system, that the destination device includes a second pod that shares the first virtualized network interface card with the first pod: routing, by the computer system, the data through the first virtualized network interface card utilizing a hairpinning operation; and routing, by the computer system, the data from the first virtualized network interface card to a second virtual communication device of the second pod.
  9. 9 . The computer-implemented method of claim 1 , comprising, in response to determining, by the computer system, that the destination device includes a second pod of the first node that is connected to a second virtualized network interface card separate from the first virtualized network interface card: routing, by the computer system, the data from the first virtualized network interface card to the second virtualized network interface card; and routing, by the computer system, the data from the second virtualized network interface card to a second virtual communication device of the second pod within the first node.
  10. 10 . The computer-implemented method of claim 1 , comprising, in response to determining, by the computer system, that the destination device includes a second pod of a second node separate from the first node, wherein the second pod is connected to a second virtualized network interface card separate from the first virtualized network interface card: routing, by the computer system, the data from the first virtualized network interface card to the second virtualized network interface card; and routing, by the computer system, the data from the second virtualized network interface card to a second virtual communication device of the second pod within the second node.
  11. 11 . A system comprising: one or more processors configured to: configure a first node within a container environment, the first node including a first pod representing a group of one or more containers having shared resources; configure communications from the first pod via a first virtual communication device; receive, at a first virtualized network interface card (VNIC) connected to the first node within the container environment, data from the first virtual communication device assigned to the first pod within the first node, the data received directly along the configured communications between the first VNIC and the first virtual communication device, and the data comprising an address identifying the first pod; and route, by the first virtualized network interface card, the data to a destination device based at least in part on the data comprising at least the address that identifies the first pod.
  12. 12 . The system of claim 11 , wherein: the destination device includes a second pod different from the first pod, and the first pod and the second pod share the first virtualized network interface card.
  13. 13 . The system of claim 11 , wherein: the destination device includes a second virtualized network interface card different from the first virtualized network interface card, and both the second virtualized network interface card and the first virtualized network interface card are attached to the first node of the container environment.
  14. 14 . The system of claim 11 , wherein: the destination device includes a second virtualized network interface card different from the first virtualized network interface card, and the second virtualized network interface card is attached to a second node of the container environment that is different from the first node.
  15. 15 . The system of claim 11 , wherein the destination device includes a virtual cloud network (VCN).
  16. 16 . The system of claim 11 , wherein the first virtual communication device includes an internet protocol virtual local area network (IPvlan) device.
  17. 17 . The system of claim 11 , wherein the one or more processors are further configured to: receive a response at the first virtual communication device of the first pod; send the response through one or more virtual ethernet (veth) pairs of the first pod; and send the response to a container located within the first pod.
  18. 18 . The system of claim 11 , wherein the one or more processors are further configured to, in response to determining that the destination device includes a second pod that shares the first virtualized network interface card with the first pod: route the data through the first virtualized network interface card utilizing a hairpinning operation; and route the data from the first virtualized network interface card to a second virtual communication device of the second pod.
  19. 19 . The system of claim 11 , wherein the one or more processors are further configured to, in response to determining that the destination device includes a second pod of the first node that is connected to a second virtualized network interface card separate from the first virtualized network interface card: route the data from the first virtualized network interface card to the second virtualized network interface card; and route the data from the second virtualized network interface card to a second virtual communication device of the second pod within the first node.
  20. 20 . A non-transitory computer-readable medium storing a set of instructions, the set of instructions when executed by one or more processors cause processing to be performed comprising: configuring, by a computer system, a first node within a container environment, the first node including a first pod representing a group of one or more containers having shared resources; configuring, by the computer system, communications from the first pod via a first virtual communication device; receiving, by the computer system at a first virtualized network interface card (VNIC) connected to the first node within the container environment, data from the first virtual communication device assigned to the first pod within the first node, the data received directly along the configured communications between the first VNIC and the first virtual communication device, and the data comprising an address identifying the first pod; and routing, by the computer system via the first virtualized network interface card, the data to a destination device based at least in part on the data comprising at least the address that identifies the first pod.

Description

BACKGROUND Today, container environments including orchestration systems such as Kubernetes are a popular means for implementing and deploying container-based applications. However, applications and pods implemented within conventional systems communicate with each other only utilizing a bridge device that encapsulates such communications. This encapsulation adds a computation and data overhead to such communications, and also prevents the identification of specific sender and recipient information in communication flow logs. BRIEF SUMMARY Embodiments of the present disclosure relate to facilitating direct communications between pods within a container environment. A container environment is disclosed that includes one or more nodes that each contain one or more pods. Within the container environment, a virtual communication device is included within each pod that is used to communicate with other pods without the use of a bridge or encapsulation. One or more virtual network interface cards (VNICs) are attached to the nodes containing the pods, and these VNICs facilitate pod communication by receiving and forwarding data sent to and from each pod via their virtual communication devices. At least one embodiment is directed to a computer-implemented method. The method may include configuring a node with one or more operating system-level virtualization instances. The method may further include configuring communications from the one or more operating system-level virtualization instances via a virtual communication device. At least one embodiment is directed to a computer-implemented method. The method may include configuring a first node within a container environment, the first node including a first container. The method may further include configuring communications from the first container via a first virtual communication device. The method may further include receiving, at a first virtualized network interface card (VNIC) connected to the first node within the container environment, data from the first virtual communication device assigned to the first container within the first node, the data configured to be transmitted to a destination device. The method may further include routing, by the first VNIC, the data to the destination device, the data comprising at least an address that identifies the first container. Another embodiment is directed to a computing device comprising one or more processors and instructions that, when executed by the one or more processors, cause the computing device to perform any suitable combination of the method(s) disclosed herein. Still another embodiment is directed to a non-transitory computer-readable medium storing computer-executable instructions that, when executed by one or more processors of a computing cluster, cause the computing cluster to perform any suitable combination of the method(s) disclosed herein. BRIEF DESCRIPTION OF THE DRAWINGS To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the figure number in which that element is first introduced. FIG. 1 is a high level diagram of a distributed environment showing a virtual or overlay cloud network hosted by a cloud service provider infrastructure according to certain embodiments. FIG. 2 depicts a simplified architectural diagram of the physical components in the physical network within CSPI according to certain embodiments. FIG. 3 shows an example arrangement within CSPI where a host machine is connected to multiple network virtualization devices (NVDs) according to certain embodiments. FIG. 4 depicts connectivity between a host machine and an NVD for providing I/O virtualization for supporting multitenancy according to certain embodiments. FIG. 5 depicts a simplified block diagram of a physical network provided by a CSPI according to certain embodiments. FIG. 6 is a block diagram of a container environment for facilitating direct pod to pod communication, according to at least one embodiment. FIG. 7 is a block diagram for illustrating an exemplary request flow between two pods sharing a single VNIC within the exemplary container environment of FIG. 1, according to at least one embodiment. FIG. 8 is a block diagram for illustrating an exemplary response flow between two pods sharing a single VNIC within the exemplary container environment of FIG. 1, according to at least one embodiment. FIG. 9 is a block diagram for illustrating an exemplary request flow between two pods communicating via different VNICs within the same node of the exemplary container environment of FIG. 1, according to at least one embodiment. FIG. 10 is a block diagram for illustrating an exemplary response flow between two pods communicating via different VNICs within the same node of the exemplary container environment of FIG. 1, according to at least one embodiment. FIG. 11 is a block diagram for illustrating an exemplary request flow between two pods