Processing

Please wait...

Settings

Settings

Goto Application

1. WO2018132330 - SYSTEMS AND METHODS TO RUN USER SPACE NETWORK STACK INSIDE DOCKER CONTAINER WHILE BYPASSING CONTAINER LINUX NETWORK STACK

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

What is claimed is:

1. A method for transmitting data packets from within a software container executing on a host computing device, comprising:

generating, by an application executing within a software container established on a host computing device, a data packet identifying a destination IP address and a source IP address corresponding to an internal IP address of a first subnetwork assigned to a first endpoint of a virtual link established within the software container, the virtual link established between the first endpoint and a second endpoint assigned to a container packet engine executing on the host computing device;

receiving, at the second endpoint assigned to the container packet engine, from the application, the generated data packet via the virtual link;

replacing, by the container packet engine, as the source IP address of the data packet, the internal IP address with a first IP address assigned to the container packet engine to generate a first modified data packet, the first IP address configured on the first subnetwork; forwarding, by the container packet engine, via a software container network interface, the first modified data packet to a container bridge established on the host computing device;

replacing, by the host computing device, as the source IP address of the first modified data packet, the first IP address assigned to the container packet engine with a second IP address assigned to the host computing device to generate a second modified data packet, the second IP address configured on a second subnetwork outside of the software container; and forwarding, by the host computing device, the second modified data packet to the destination IP address.

2. The method of claim 1, further comprising establishing, by the host computing device, the software container, wherein the virtual link is established responsive to establishing the software container.

3. The method of claim 1, further comprising maintaining, by the container packet engine, a first network address translation rule, and wherein replacing, by the container packet engine, as the source IP address of the data packet, the internal IP address with the first IP address assigned to the container packet engine to generate the first modified data packet is performed responsive to the first network address translation rule.

4. The method of claim 1, further comprising maintaining, by the host computing device, a second network address translation rule, wherein replacing, by the host computing device, as the source IP address of the first modified data packet, the first IP address with the second IP address assigned to the host computing device to generate the second modified data packet is performed responsive to the second network address translation rule.

5. The method of claim 1, further comprising:

establishing, by the host computing device, a first network address translation session, responsive to generating the second modified data packet;

receiving, by the host computing device from the destination IP address, a response data packet; and

forwarding, by the host computing device, the response data packet to the container bridge, responsive to the first network address translation session.

6. The method of claim 5, further comprising:

establishing, by the host computing device, a second network address translation session, responsive to generating the first modified data packet;

receiving, at the container bridge from the destination IP address, the response data packet; and

forwarding, by the host computing device, the response data packet to the second endpoint, responsive to the second network address translation session.

7. The method of claim 6, further comprising forwarding, by the container packet engine, the response data packet to the first endpoint, responsive to receiving the response data packet at the second endpoint.

8. The method of claim 1, further comprising assigning, by a software container engine executing on the host computing device, a single network interface to the established software container.

9. The method of claim 8, wherein the container packet engine is configured to automatically forward packets received at the single network interface assigned to the software container to the container bridge.

10. The method of claim 8, further comprising assigning, by the software container engine, an IP address within the first subnetwork to the single network interface assigned to the software container.

11. A method for providing a network service from within a software container executing on a host computing device, comprising:

enabling, by a host computing device, a network service within a software container established on the host computing device;

receiving, by the host computing device via a first port of the host computing device, a data packet of a request formatted according to the network service, the first port of a first subnetwork assigned to the host computing device;

forwarding, by the host computing device, the data packet to a second port assigned to the software container, responsive to a network address translation rule associating the second port assigned to the software container with the first port of the host computing device, the second port of a second subnetwork assigned to the software container; and

processing, by the host computing device, the data packet according to the network service within the software container.

12. The method of claim 11, wherein the network service comprises at least one of Hypertext Transfer Protocol (HTTP) and Secure Shell (SSH).

13. The method of claim 11, further comprising binding, by the host computing device, the enabled network service to the second port assigned to the software container.

14. A system for transmitting data packets comprising a host computing device including: an application executing within a software container established on the host computing device, the application configured to generate a data packet identifying a destination IP address and a source IP address corresponding to an internal IP address of a first subnetwork assigned to a first endpoint of a virtual link established within the software container, the virtual link established between the first endpoint and a second endpoint;

a container packet engine to which the second endpoint is assigned, the container packet engine executing on the host computing device, wherein the container packet engine is configured to:

receive, at the second endpoint from the application, the generated data packet via the virtual link;

replace, as the source IP address of the data packet, the internal IP address with a first IP address assigned to the container packet engine to generate a first modified data packet, the first IP address configured on the first subnetwork; and

forward, via a software container network interface, the first modified data packet to a container bridge established on the host computing device;

wherein the host computing device is further configured to:

replace, as the source IP address of the first modified data packet, the first IP address assigned to the container packet engine with a second IP address assigned to the host computing device to generate a second modified data packet, the second IP address configured on a second subnetwork outside of the software container; and

forward the second modified data packet to the destination IP address.

15. The system of claim 14, further comprising a software container engine executing on the host computing device and configured to establish the software container, wherein the virtual link is established responsive to establishing the software container.

16. The system of claim 14, wherein the container packet engine is further configured to maintain a first network address translation rule, and wherein replacing, by the container packet engine, as the source IP address of the data packet, the internal IP address with the first IP address assigned to the container packet engine to generate the first modified data packet is performed responsive to the first network address translation rule.

17. The system of claim 14, wherein the host computing device is further configured to maintain a second network address translation rule, and wherein replacing, by the host computing device, as the source IP address of the first modified data packet, the first IP address with the second IP address assigned to the host computing device to generate the second modified data packet is performed responsive to the second network address translation rule.

18. The system of claim 14, wherein the host computing device is further configured to: establish a first network address translation session, responsive to generating the second modified data packet;

receive, from the destination IP address, a response data packet; and

forward the response data packet to the container bridge, responsive to the first network address translation session.

19. The system of claim 18, wherein the host computing device is further configured to: establish a second network address translation session, responsive to generating the first modified data packet;

receive, at the container bridge from the destination IP address, the response data packet; and

forward the response data packet to the second endpoint, responsive to the second network address translation session.

20. The system of claim 19, wherein the container packet engine is further configured to forward the response data packet to the first endpoint, responsive to receiving the response data packet at the second endpoint.