摘要
为解决边界安全网关的数据转发性能要求越来越高,运维难度逐日提升,且物理资源整体配置策略在不断动态变化的问题,提出并实现了基于Kubernetes的多级网络软件定义网关转发系统,在Kubernetes对业务集群进行集中管控的基础上,根据不同网络接口的使用场景和属性,动态调用不同类别的CNI插件进行接口配置,同时支持内核态和用户态的多级网络,将转发系统的控制平面和数据平面相分离,增强了系统服务的可控性。同时,引入了基于用户态协议栈的负载均衡模块,在不影响系统转发性能的前提下实现了数据包转发能力的动态伸缩、平滑升级、集群监视、故障迁移等功能。
In order to solve the problem that the requirement of data forwarding performance of border security gateway is high-er and higher,the difficulty of operation and maintenance is increasing day by day,and the overall configuration strategy of physical resources is constantly changing dynamically,a multi-level network software defined gateway forwarding system based on Kuber-netes is proposed and implemented.On the basis of kubernetes'centralized management and control of business clusters,according to the use scenarios and properties of different network interfaces,the gateway forwarding system is designed and implemented.It dy-namically calls different types of CNI plug-ins for interface configuration,supports multi-level network in kernel mode and user mode,separates the control plane and data plane of forwarding system,and enhances the controllability of system services.At the same time,the load balancing module based on user mode protocol stack is introduced to realize the functions of dynamic scaling,smooth upgrade,cluster monitoring,fault migration and so on without affecting the forwarding performance of the system.
作者
王正琦
王晔
郭靓
刘行
韦小刚
WANG Zhengqi;WANG Ye;GUO Liang;LIU Xing;WEI Xiaogang(Nanjing NARI Information&Communication Technology Co.,Ltd.,Nanjing 211106)
出处
《计算机与数字工程》
2024年第6期1802-1808,共7页
Computer & Digital Engineering
基金
国电南瑞科技股份有限公司及南京南瑞信息通信科技有限公司科技项目“系列化软件定义安全装置研制与安全态势感知平台开发”(编号:5246DR190054)资助。
