A method and system for transactional network orchestration based on unified configuration objects
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHANGHAI INTELLIGENT COMPUTING TECHNOLOGY CO LTD
- Filing Date
- 2026-05-22
- Publication Date
- 2026-07-14
Smart Images

Figure CN122395047A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of network technology, and in particular to a method and system for transactional network orchestration based on a unified configuration object. Background Technology
[0002] In high-performance computing scenarios such as cloud computing, large-scale AI model training and inference, RoCE technology is widely used due to its combination of high bandwidth and low latency. With the increasing demands for elastic resource provisioning and network isolation in multi-tenant environments, virtualized network solutions based on data processing units have become mainstream. This solution offloads functions such as network offloading and tenant isolation to the DPU to free up host-side computing resources.
[0003] In existing technologies, the configuration process for building a RoCE Overlay multi-tenant network typically involves phased and independent execution by the host side, the data processing unit side, and an independent control plane. Specifically, the host side is responsible for creating network interfaces and assigning IP addresses to containers or virtual machines; the data processing unit side is responsible for establishing logical ports, tunnels, and offloading rules; and the control plane is responsible for maintaining the tenant network and forwarding policies. However, this phased and decentralized configuration approach has the following technical drawbacks: First, the configuration process lacks a unified transaction perspective. Because each configuration entity operates independently and lacks coordination, configuration information for the same target workload cannot be logically linked between the host side and the data processing unit side. For example, after the host side completes its configuration, the data processing unit side may not have received or completed the corresponding configuration, leading to inconsistent configuration states on both sides, which in turn can cause network policy execution errors or communication failures.
[0004] Second, the lack of a unified state orchestration mechanism easily leads to a semi-configured state. A semi-configured state refers to an intermediate state where host-side configuration is complete but data processing unit-side configuration has not taken effect, or data processing unit-side resources are bound but service traffic has not yet been securely allowed. In a semi-configured state, the network is in a logically inconsistent state. If service traffic passes through at this time, it may lead to data leakage, isolation failure, or forwarding anomalies.
[0005] Third, there is insufficient exception handling capability and incomplete rollback. When any intermediate step in the configuration process fails, existing solutions typically employ a partial cleanup approach, meaning they only reclaim resources on the side where the failed step occurred, failing to atomically undo all configurations already in effect within the entire configuration transaction. This partial cleanup approach easily leaves residual flow tables and virtual switch ports on the host side, or residual logical ports and tunnel mappings on the data processing unit side, resulting in dirty states. Long-term accumulation of dirty states significantly reduces system resource utilization and increases the complexity of operation and maintenance troubleshooting.
[0006] In summary, existing technologies urgently need a collaborative orchestration method that can incorporate network configurations on the host side and data processing unit side into the same transaction, and has consistency verification and atomic rollback capabilities, in order to solve problems such as inconsistent configurations, semi-configured states, and residual dirty states. Summary of the Invention
[0007] To address the problems existing in the prior art, this invention provides a transactional network orchestration method based on a unified configuration object, applied to a converged Ethernet remote direct memory access overlay network that includes collaboration between the host side and the data processing unit side. The method constructs configuration transactions using a unified configuration object as the transaction carrier, including: Step S1: Respond to the creation request of the target workload, generate a unified configuration object carrying a unique transaction identifier, and start the corresponding configuration transaction; Step S2: Within the scope of the configuration transaction, pre-configuration is performed on the host side and the data processing unit side based on the unified configuration object, and the corresponding configuration results are obtained. Step S3: Obtain the two configuration results and perform cross-side consistency verification as a prerequisite for transaction commit. Upon successful verification, a transaction commit operation is performed, setting the unified configuration object to a committed state and allowing the business traffic corresponding to the target workload to proceed. If the verification fails or the pre-configuration on either side fails, a transaction rollback operation is performed, and the effective configuration is atomically revoked and all associated resources are recovered according to the reverse rollback strategy.
[0008] Preferably, the reverse rollback strategy includes resource cleanup actions performed in the following order: First, disable the flow of business traffic; Delete the unload rules issued by the data processing unit and unbind the Remote Direct Memory Access (RoCE) resource from the tenant network identifier; Delete the logical ports and tunnel mappings on the data processing unit side; Delete the flow table rules and virtual switch ports on the host side; Reclaim the service address and release the device associations assigned by the device plugin.
[0009] Preferably, there is a logical triggering relationship between the cross-side consistency verification and the service traffic release: Before the cross-side consistency check passes, the service allow flag in the unified configuration object is forcibly set to the off state to intercept the service traffic corresponding to the target workload; After the consistency check passes and the status of the unified configuration object changes to "submitted", the system automatically triggers the business traffic release operation.
[0010] Preferably, the pre-configuration performed on the data processing unit side includes: Create a logical port corresponding to the target workload, and establish a mapping relationship between the logical port and the tunnel identifier; Configure a virtual network identifier and logically bind the RoCE communication resource identifier with the tenant identifier and the virtual network identifier to achieve hardware-level tenant network isolation.
[0011] Preferably, the cross-side consistency check includes: Extract key fields from the configuration results on the host side and the data processing unit side for consistency comparison. The key fields include: transaction number, configuration version number, tenant identifier, virtual network identifier, tunnel identifier, endpoint information, device allocation identifier, and RoCE resource identifier. The cross-side consistency check is considered successful only if the configuration values of all the key fields match perfectly on both sides.
[0012] Preferably, the unified configuration object has a complete lifecycle state: The lifecycle states include at least: pending configuration, pre-configured on the host side, pre-configured on the data processing unit side, verification in progress, submitted, failed, rolling back in progress, and rolled back. The configuration transaction drives the unified configuration object to atomically switch between its various lifecycle states based on the feedback results of each execution step.
[0013] Preferably, in scenarios involving target workload migration or policy updates, business continuity is ensured through a smooth switch between old and new transactions: First, start a new configuration transaction to complete the pre-configuration, consistency verification, and commit operations of the new unified configuration object; After the new configuration transaction is successfully committed, the undo process corresponding to the old unified configuration object is triggered to reclaim the old network and hardware resources.
[0014] Preferably, the unified configuration object, serving as the sole data carrier for cross-side communication, includes at least the following: Transaction ID, configuration version number, unique workload identifier, tenant identifier, virtual network identifier, tunnel identifier, service IP address, media access control MAC address, host node identifier, data processing unit node identifier, device allocation identifier, and RoCE resource group identifier.
[0015] Preferably, the pre-configuration performed on the host side specifically includes: Assign a service address to the target workload, create a container network interface and connect the interface to the virtual switching structure on the host side, and write isolation rules and forwarding rules for the tenant on the host side.
[0016] The present invention also provides a network orchestration system, characterized in that it includes a processor and a memory storing a computer program: When the computer program is executed by the processor, it implements the method as described in any one of claims 1 to 9.
[0017] The above technical solution has the following advantages or beneficial effects: 1. Improve configuration consistency: By generating a unified configuration object carrying a unique transaction identifier, pre-configuration is performed on the host side and the data processing unit side respectively using the same transaction as the carrier, which solves the problem of inconsistent configuration status between the two sides.
[0018] 2. Eliminate semi-configuration state: Make cross-side consistency verification a prerequisite for transaction commit. Business traffic is only allowed after the verification passes and the unified configuration object is set to the commit state, thus eliminating the security risks under semi-configuration state.
[0019] 3. Achieve atomic rollback: In the event of verification failure or pre-configuration failure on either side, the effective configuration is atomically revoked and all associated resources are reclaimed according to the reverse rollback strategy to avoid dirty state residue. Attached Figure Description
[0020] Figure 1 This is a flowchart illustrating a preferred embodiment of the present invention for a transactional network orchestration method based on a unified configuration object. Detailed Implementation
[0021] The present invention will now be described in detail with reference to the accompanying drawings and specific embodiments. The present invention is not limited to this embodiment; other embodiments that conform to the spirit of the present invention may also fall within the scope of the present invention.
[0022] In a preferred embodiment of the present invention, a method for transactional network orchestration based on a unified configuration object is provided, such as... Figure 1 As shown, it includes the following steps: Step S1: Respond to the creation request of the target workload, generate a unified configuration object carrying a unique transaction identifier, and start the corresponding configuration transaction.
[0023] Step S2: Within the scope of the configuration transaction, pre-configuration is performed on the host side and the data processing unit side based on the unified configuration object, and the corresponding configuration results are obtained.
[0024] Step S3: Obtain the two configuration results and perform cross-side consistency verification as a prerequisite for transaction commit. Upon successful verification, a transaction commit operation is performed, setting the unified configuration object to the committed state and allowing business traffic corresponding to the target workload to proceed. If the verification fails or the pre-configuration on either side fails, a transaction rollback operation is performed, and the effective configuration is atomically revoked and all associated resources are recovered according to the reverse rollback strategy.
[0025] Specifically, the core idea of this invention is to incorporate host-side network configuration, data processing unit-side offloading configuration, and RoCE resource binding into the same transaction, using a unified configuration object as the transaction carrier. Through four stages—bilateral pre-configuration, cross-side consistency verification, service traffic release, and reverse rollback—atomic orchestration of the RoCE Overlay multi-tenant network for data processing units is achieved.
[0026] The unified configuration object (UMAC) is the core data carrier of the entire orchestration transaction. When a creation request for the target workload (such as a container or virtual machine in Kubernetes) arrives, a UMAC is generated based on that request. This object contains a transaction number, configuration version number, configuration summary, unique workload identifier, tenant identifier, Virtual Network Identifier (VNI), service IP address, MAC (Media Access Control) address, host node identifier, data processing unit node identifier, device allocation identifier, RoCE resource group identifier, policy summary, and service allowance flag. The UMAC has a complete lifecycle state, including at least eight states: pending configuration, pre-configured on the host side, pre-configured on the data processing unit side, validating, committed, failed, rolling back, and rolled back. The configuration transaction drives the UMAC to atomically switch between these lifecycle states based on the feedback results of each execution step.
[0027] During the host-side pre-configuration phase, the host-side performs the following operations based on the unified configuration object: assigns service IP addresses to the target workload, creates container network interfaces (e.g., veth pairs), connects these interfaces to the host-side virtual switching structure (e.g., OVS (Open vSwitch) or Linux Bridge), and simultaneously writes isolation and forwarding rules for the tenant on the host side. These rules are then written into the host-side flow table unit, completing the host-side network configuration.
[0028] During the pre-configuration phase on the data processing unit side, the data processing unit performs the following operations based on the same unified configuration object: It creates a logical port for the data processing unit, establishes a mapping relationship between this logical port and a tunnel identifier (e.g., VXLAN (Virtual Extensible LAN) VNI or Geneve (Generic Network Virtualization Encapsulation) VNI), configures the virtual network identifier, establishes data processing unit offloading rules, and logically binds the RoCE resource group identifier with the tenant identifier and the virtual network identifier to achieve hardware-level tenant network isolation. The data processing unit offloading unit is responsible for distributing the above rules to the hardware forwarding table of the data processing unit.
[0029] During the cross-side consistency verification phase, key fields in the configuration results from the host side and the data processing unit side are compared field by field. Key fields include: transaction number, configuration version number, tenant identifier, virtual network identifier, tunnel identifier, endpoint information, device allocation identifier, RoCE resource identifier, and policy summary. Consistency verification is considered successful only if all key fields match perfectly on both sides. Before consistency verification passes, the service allowance flag in the unified configuration object is forcibly set to the off state to intercept service traffic corresponding to the target workload and prevent traffic leakage in a semi-configured state.
[0030] Once the consistency check passes and the unified configuration object's status changes to "committed," the system automatically triggers the business traffic release operation, and the target workload begins normal communication.
[0031] If any step fails (including host-side pre-configuration failure, data processing unit-side pre-configuration failure, or consistency check failure), the system enters the transaction rollback process. The rollback sequence control unit performs resource cleanup in the following reverse order: First, disable service access; second, delete the offloading rules on the data processing unit side; then, unbind RoCE resources; next, delete the logical ports and tunnel mappings on the data processing unit side; then, delete the flow table rules on the host side; then, delete the virtual switch ports on the host side; finally, reclaim the service addresses and release the device allocation relationships assigned by the device-plugin (a component in Kubernetes used to manage hardware resources). After each cleanup step, update the state of the unified configuration object, and finally set it to the rolled-back state.
[0032] This embodiment achieves bilateral collaborative orchestration by incorporating host-side network configuration, data processing unit-side offloading configuration, and RoCE resource binding into a single transaction, using a unified configuration object as the core carrier. Its technical advantages are: First, it eliminates the information inconsistency problem caused by the separation of configuration on the host side and the data processing unit side, and ensures strong consistency of configuration on both sides through transaction number and configuration version number; Second, by using consistency verification as a prerequisite for allowing business traffic to pass, the semi-configured state of "host is configured but data processing unit is not effective" or "data processing unit is bound but business has not been securely released" is completely avoided. Third, through a pre-defined reverse rollback mechanism, it ensures that all effective configurations are atomically revoked in case of abnormal situations, avoiding the residual of dirty states such as flow tables, ports, VNI bindings, and RoCE resource mappings; Fourth, by incorporating RoCE resource binding into a unified configuration object, the completion of virtual network configuration signifies that RoCE communication resources have been correctly bound, enhancing the reliability of multi-tenant isolation. These technical effects effectively address technical issues such as dispersed configuration entities, lack of a unified state orchestration mechanism, insufficient anomaly handling capabilities, lack of joint constraints between RoCE resources and tenant virtual networks, and insufficient large-scale deployment capabilities of data processing units.
[0033] In another preferred embodiment of the present invention, the unified configuration object includes at least: transaction number, configuration version number, configuration summary, workload unique identifier, tenant identifier, virtual network identifier, virtual network segment identifier, tunnel identifier, service address, media access control address, host node identifier, data processing unit node identifier, device allocation identifier, RoCE resource group identifier, policy summary, and service release flag.
[0034] In this embodiment, the transaction number is used to uniquely identify a configuration transaction, ensuring that configuration operations of different workloads do not interfere with each other. The configuration version number is used to track the evolution history of the configuration object, supporting the location of the correct configuration version during rollback. The configuration digest is a hash digest of the configuration content, used to quickly compare whether the configuration has changed. The workload unique identifier is used to associate with a specific container or virtual machine instance. The tenant identifier is used to implement multi-tenant isolation, ensuring that the network configurations of different tenants are independent. The virtual network identifier and the virtual network segment identifier together define the logical network domain to which the workload belongs. The tunnel identifier is used to identify overlay tunnels such as VXLAN or Geneve. The service address and MAC address are the Layer 2 and Layer 3 addresses assigned to the workload. The host node identifier and data processing unit node identifier are used to locate the physical node where the configuration is executed. The device allocation identifier is obtained by the device-plugin and is used to associate with the underlying hardware resources. The RoCE resource group identifier defines the set of RoCE resources that the workload can use (including QP (Queue Pair), GID (Global Identifier) entries, etc.). The policy digest is a summary of security policy information. The business access permission flag is a boolean field that controls whether business traffic is allowed to pass.
[0035] This embodiment provides a complete comparison basis for two-sided consistency verification by precisely defining the field composition of the unified configuration object. Each field is generated and written simultaneously on both the host side and the data processing unit side, ensuring the integrity and traceability of the configuration information. The introduction of transaction number and configuration version number enables the system to support concurrent execution of multiple transactions without conflicts, while the configuration summary provides an efficient means for rapid consistency comparison.
[0036] In another preferred embodiment of the present invention, the host-side pre-configuration includes: allocating service addresses for the target workload, creating container network interfaces, connecting the host-side interfaces to the virtual switching structure, writing tenant isolation rules, and writing forwarding rules.
[0037] In this embodiment, after receiving the unified configuration object on the host side, it first calls the address allocation unit to allocate service IP addresses to the target workload. Then, it creates a pair of veth interfaces (virtual Ethernet interfaces), one end connected to the container network namespace, and the other end connected to the host-side virtual switching structure (e.g., an OVS bridge). Next, it connects the veth interface to the virtual switching structure, making it a port of the virtual switching structure. Subsequently, it writes tenant isolation rules into the host-side flow table unit. These rules implement Layer 2 or Layer 3 isolation between different tenants based on tenant identifiers. Simultaneously, it writes forwarding rules, which define how outbound and inbound traffic of the workload is forwarded within the virtual switching structure.
[0038] This embodiment ensures the integrity of the host-side configuration by executing address allocation, interface creation, switching structure access, and rule writing as an atomic operation sequence. Writing tenant isolation rules provides fundamental security for multi-tenant scenarios, while writing forwarding rules guarantees network reachability for workloads.
[0039] In another preferred embodiment of the present invention, the pre-configuration performed on the data processing unit side includes: creating a logical port corresponding to the target workload and establishing a mapping relationship between the logical port and the tunnel identifier; configuring a virtual network identifier and logically binding the RoCE communication resource identifier with the tenant identifier and the virtual network identifier to achieve hardware-level tenant network isolation.
[0040] In this embodiment, after receiving the unified configuration object, the data processing unit first creates a logical port on the data processing unit, which corresponds to the network egress of the target workload. Then, it establishes a mapping relationship between the logical port and tunnel identifiers (such as VXLAN VNI), enabling workload traffic to be encapsulated and decapsulated through the specified overlay tunnel. Next, it configures the virtual network identifier, binding the workload to a specific virtual network domain. Finally, the RoCE resource binding unit logically binds the RoCE resource group identifier with the tenant identifier and the virtual network identifier, ensuring that the workload can only use the RoCE resources allocated to it (including QP pairs, GIDs, etc.), and that these resources are strongly associated with the tenant and the virtual network.
[0041] This embodiment achieves hardware offloading of network traffic by establishing a mapping relationship between logical ports and tunnels on the data processing unit side. The VXLAN encapsulation / decapsulation and flow table lookup tasks, originally handled by the host CPU, are offloaded to a dedicated hardware accelerator in the data processing unit, significantly reducing the host CPU overhead. The logical binding of RoCE resources to tenant network identifiers achieves tenant isolation at the hardware level, ensuring that RoCE traffic from different tenants will not interfere with each other even in scenarios with shared physical network cards.
[0042] In another preferred embodiment of the present invention, the cross-side consistency verification includes: extracting key fields from the configuration results of the host side and the data processing unit side for consistency comparison, wherein the key fields include: transaction number, configuration version number, tenant identifier, virtual network identifier, tunnel identifier, endpoint information, device allocation identifier, and RoCE resource identifier; the cross-side consistency verification is determined to be passed only when all the configuration values of the key fields on both sides are completely matched.
[0043] In this embodiment, consistency verification is initiated after both the host-side pre-configuration and the data processing unit-side pre-configuration are completed. Configuration results are extracted from both the host-side and data processing unit-side data, and then key fields are compared field by field. The key fields for comparison include: transaction number (ensuring both sides belong to the same transaction), configuration version number (ensuring both sides have consistent configuration versions), tenant identifier (ensuring consistent tenant affiliation), virtual network identifier (ensuring consistent virtual network domain), tunnel identifier (ensuring consistent tunnel mapping), endpoint information (ensuring consistent IP and MAC addresses), device allocation identifier (ensuring consistent hardware resource allocation), and RoCE resource identifier (ensuring consistent RoCE resource binding). A verification pass signal is output only when the values of all the above key fields completely match on both the host-side and data processing unit-side data. If any field does not match, the verification is deemed a failure, and a rollback process is triggered.
[0044] This embodiment ensures strict consistency between the host-side and data processing unit-side configurations through a full comparison of key fields. In particular, the inclusion of RoCE resource identifiers in the comparison resolves the lack of joint constraints between RoCE resources and tenant virtual networks in existing technologies, preventing isolation failures or resource leaks caused by incorrect binding of RoCE resources after virtual network configuration. Simultaneously, the comparison of transaction numbers and configuration version numbers ensures that different configuration transactions are not confused.
[0045] In another preferred embodiment of the present invention, there is a logical triggering relationship between the cross-side consistency verification and the service traffic release: before the cross-side consistency verification passes, the service release flag in the unified configuration object is forcibly set to the off state to intercept the service traffic corresponding to the target workload; after the consistency verification passes and the state of the unified configuration object changes to committed, the system automatically triggers the service traffic release operation.
[0046] In this embodiment, the service allowance flag remains off throughout the entire execution of the configuration transaction. Only when a verification pass signal is output and the unified configuration object's state is successfully changed to committed, does the service traffic allowance unit set the service allowance flag to the on state, allowing the service traffic of the target workload to pass. This design ensures that service traffic is not erroneously allowed in any half-configuration state.
[0047] This embodiment fundamentally eliminates traffic security risks in a semi-configured state by strongly binding service traffic release with consistency verification results. In existing technologies, due to the lack of a unified traffic control mechanism, dangerous situations often arise where traffic is released even though the host is configured but the data processing unit is not yet active. This invention ensures the security of traffic release through state machine control of the service release flag.
[0048] In another preferred embodiment of the invention, the reverse rollback strategy includes resource cleanup actions performed in the following order: First, disable the allowance of business traffic; delete the offload rules issued by the data processing unit and unbind the Remote Direct Memory Access (RoCE) resource from the tenant network identifier; delete the logical port and tunnel mapping relationship on the data processing unit side; delete the flow table rules and virtual switch ports on the host side; reclaim the business address and release the device association relationship assigned by the device plugin.
[0049] In this embodiment, when the configuration or consistency check fails on the data processing unit side, rollback sequence control is initiated, and the following operations are performed in strict reverse order: First, service access is disabled to ensure that no new traffic enters during the rollback process; Second, the unloading rules in the unloading unit on the data processing unit side are deleted, and the binding between RoCE resources and tenant network identifiers in the RoCE resource binding unit is released; Third, the logical ports and tunnel mapping relationships on the data processing unit side are deleted; Fourth, the flow table rules in the flow table unit on the host side and the virtual switch ports in the virtual switch structure on the host side are deleted; Fifth, the service addresses are reclaimed and the device allocation relationships allocated by the device-plugin are released. After each cleanup operation is completed, the state of the unified configuration object advances in the rollback direction, and is finally set to the rolled-back state.
[0050] This embodiment ensures the integrity and security of resource cleanup through a strictly defined reverse rollback sequence. Unlike the partial cleanup method used in existing technologies, the rollback process of this invention covers all configuration objects from the data processing unit side to the host side, leaving no dirty states such as flow tables, ports, VNI bindings, or RoCE resource mappings. In particular, placing the unbinding of RoCE resources after the rule deletion on the data processing unit side and before the rule deletion on the host side ensures that no RoCE resources are left hanging during the rollback process.
[0051] In another preferred embodiment of the present invention, in scenarios such as target workload migration, scaling up or down, tenant network switching or policy update, a method of coexistence of old and new unified configuration objects is adopted. First, the host-side pre-configuration, data processing unit-side pre-configuration and consistency verification of the new unified configuration object are completed, and then the corresponding configuration of the old unified configuration object is revoked.
[0052] In this embodiment, when the target workload needs to be migrated (e.g., from one host node to another), scaled up or down (e.g., increasing or decreasing the number of replicas), switched tenant networks (e.g., from one virtual network to another), or updated policies (e.g., modifying isolation rules or QoS (Quality of Service) policies), the system does not directly modify the existing unified configuration object. Instead, it creates a new unified configuration object. The old and new unified configuration objects coexist for a period of time. The system first performs a complete host-side pre-configuration, data processing unit-side pre-configuration, and consistency verification process on the new unified configuration object. After the consistency verification of the new unified configuration object passes and it enters the committed state, the system then triggers the rollback process of the old unified configuration object, revoking the old network and hardware resources in reverse rollback order. During the transition period between the old and new unified configuration objects, service traffic is carried by the old unified configuration object, ensuring that service continuity is not affected.
[0053] This embodiment solves the business interruption problem in workload migration and policy update scenarios by employing a smooth switching mechanism that allows for the coexistence of old and new configuration objects. In existing technologies, configuration updates often require deleting the old configuration and then creating a new one, a process that can interrupt business traffic. This invention, by creating and then removing configuration objects, ensures that there is always a valid configuration object to handle business traffic, thus achieving zero-interruption configuration updates. This capability is particularly important for scenarios involving large-scale deployment of data processing units, because in large-scale clusters, any interruption to configuration operations can lead to severe performance fluctuations.
[0054] In another preferred embodiment of the present invention, the unified configuration object serves as the sole data carrier for cross-side communication, and its contents include at least: transaction number, configuration version number, unique workload identifier, tenant identifier, virtual network identifier, tunnel identifier, service IP address, media access control MAC address, host node identifier, data processing unit node identifier, device allocation identifier, and RoCE resource group identifier.
[0055] In this embodiment, the field definitions of the unified configuration object are consistent with those in the previous embodiment, and the data types and value ranges of each field are further clarified. The transaction number is a 64-bit unsigned integer to ensure global uniqueness. The configuration version number is a 32-bit unsigned integer, incrementing with each configuration update. The workload unique identifier uses the Kubernetespod UID (Unique Identifier) format. The tenant identifier uses the 128-bit UUID (Universally Unique Identifier) format. The virtual network identifier uses a 24-bit VNI value. The tunnel identifier uses a 24-bit VXLAN VNI or Geneve VNI value. The service IP address is an IPv4 or IPv6 address. The MAC address is a 48-bit IEEE 802 format. The host node identifier and data processing unit node identifier use the node UUID format. The device allocation identifier is assigned by the device-plugin and associated with SR-IOV (Single Root I / O Virtualization), VF (Virtual Function), or a virtual function. The RoCE resource group identifier defines the range of RoCE QP pairs and GID index range that the workload can access.
[0056] This embodiment ensures consistency and resolvability of different data exchanges by precisely defining the data format of the unified configuration object. The unified configuration object, as the sole data carrier for cross-side communication, eliminates the risk of inconsistency caused by various configuration entities transmitting configuration information through multiple channels.
[0057] In another preferred embodiment of the present invention, the pre-configuration performed on the host side specifically includes: allocating a service address to the target workload, creating a container network interface and connecting the interface to the virtual switching structure on the host side, and writing isolation rules and forwarding rules for the tenant on the host side.
[0058] In this embodiment, the specific implementation of host-side pre-configuration is consistent with the host-side pre-configuration steps in the aforementioned embodiments. The host side sequentially performs service address allocation, network interface creation, switching infrastructure access, isolation rule writing, and forwarding rule writing. These operations collectively complete the network access and basic policy deployment of the workload on the host side.
[0059] This embodiment ensures the complete establishment of the host-side network environment by streamlining the host-side configuration process. The writing of isolation and forwarding rules provides verifiable configuration results for subsequent cross-side consistency checks.
[0060] In another preferred embodiment of the present invention, the method runs in a Kubernetes cluster, the device allocation identifier is obtained by device-plugin, the host-side network configuration module is Node-CNI, and the data processing unit-side network configuration module is DPU-CNI.
[0061] In this embodiment, the present invention can be deployed in a cloud-native network system including an orchestration control module, a host side, and a data processing unit side. The host side includes a network configuration module Node-CNI and a host-side virtual switching structure; the data processing unit side includes a network configuration module DPU-CNI, a data processing unit logical port, a data processing unit offloading unit, and a RoCE (Remote Direct Memory Access over Converged Ethernet) resource binding unit; the system also includes a consistency verification module and a resource rollback module.
[0062] In this embodiment, the method of the present invention runs in a Kubernetes (an open-source container orchestration platform) cluster environment. The orchestration control module is deployed as a Kubernetes Operator (a Kubernetes extension mode for managing complex stateful applications), responsible for listening to workload creation, update, and deletion events. When a workload creation event arrives, the orchestration control module generates a unified configuration object and distributes the host-side pre-configuration tasks to the Node-CNI and the data processing unit-side pre-configuration tasks to the DPU-CNI. Device allocation identifiers are obtained by the device-plugin in the cluster, which manages the allocation of SR-IOV VF or other programmable hardware resources. The Node-CNI is responsible for host-side network configuration, including veth interface creation, IP address allocation, and OVS flow table rule writing. The DPU-CNI is responsible for data processing unit-side network configuration, including logical port creation, tunnel mapping establishment, and offloading rule distribution. The consistency verification module and resource rollback module run as a Kubernetes controller, continuously monitoring the status of the unified configuration object and performing corresponding verification and rollback operations.
[0063] This embodiment, through deep integration with native Kubernetes components, enables seamless integration with existing cloud-native infrastructure without requiring modifications to upper-layer applications. Node-CNI and DPU-CNI, as extensions of the Kubernetes network plugin, leverage Kubernetes' existing workload scheduling and lifecycle management capabilities to automatically bind configuration transactions to workload lifecycles. The integration of the device-plugin ensures coordination between hardware resource allocation and network configuration, avoiding the problem of disconnect between resource allocation and network configuration.
[0064] In another preferred embodiment of the present invention, a network orchestration system is provided, including a processor, a memory, and a program stored in the memory and executable on the processor. When the program is executed by the processor, it implements all the steps of the aforementioned method. The system runs in a Kubernetes cluster, the device allocation identifier is obtained by device-plugin allocation, the host-side network configuration module is Node-CNI, and the data processing unit-side network configuration module is DPU-CNI.
[0065] In this embodiment, the network orchestration system implements the method of the present invention as a software system. The processor executes program code stored in memory to achieve the generation of a unified configuration object, pre-configured scheduling on the host side, pre-configured scheduling on the data processing unit side, execution of cross-side consistency checks, control of service traffic passage, and execution of reverse rollback. The system runs in a Kubernetes cluster and interacts with components such as Node-CNI, DPU-CNI, and device-plugin through the Kubernetes API (Application Programming Interface).
[0066] This embodiment lowers the barrier to implementation by solidifying the method of the present invention into an executable software system. The system is delivered as a Kubernetes Operator, which can be installed and upgraded through standard Kubernetes deployment processes, facilitating its widespread use in large-scale intelligent computing clusters.
[0067] In summary, this invention achieves atomicity and consistency in configuration by incorporating host-side network configuration, data processing unit-side offloading configuration, and RoCE resource binding into a single transaction through a two-sided collaborative orchestration mechanism centered on a unified configuration object. It ensures strict matching of configurations on both sides through cross-side consistency checks, guarantees traffic security through state machine control of service release flags, ensures complete resource recovery in abnormal situations through reverse rollback in a preset order, and ensures service continuity through smooth switching between old and new configuration objects. This technical solution effectively addresses the technical problems in existing technologies, such as dispersed configuration entities, lack of a unified state orchestration mechanism, insufficient anomaly handling capabilities, lack of joint constraints between RoCE resources and tenant virtual networks, and insufficient large-scale deployment capabilities of data processing units. It is suitable for the engineering deployment of RoCE Overlay multi-tenant networks in large-scale intelligent computing clusters.
[0068] The above are merely preferred embodiments of the present invention and are not intended to limit the implementation methods and protection scope of the present invention. Those skilled in the art should recognize that any equivalent substitutions and obvious changes made using the content of this specification and illustrations should be included within the protection scope of the present invention.
Claims
1. A method for transactional network orchestration based on a unified configuration object, characterized in that, A converged Ethernet remote direct memory access overlay network applied to the collaboration between the host side and the data processing unit side, wherein the method constructs configuration transactions using a unified configuration object as the transaction carrier, including: Step S1: Respond to the creation request of the target workload, generate a unified configuration object carrying a unique transaction identifier, and start the corresponding configuration transaction; Step S2: Within the scope of the configuration transaction, pre-configuration is performed on the host side and the data processing unit side based on the unified configuration object, and the corresponding configuration results are obtained. Step S3: Obtain the two configuration results and perform cross-side consistency verification as a prerequisite for transaction commit. Upon successful verification, a transaction commit operation is performed, setting the unified configuration object to a committed state and allowing the business traffic corresponding to the target workload to proceed. If the verification fails or the pre-configuration on either side fails, a transaction rollback operation is performed, and the effective configuration is atomically revoked and all associated resources are recovered according to the reverse rollback strategy.
2. The method according to claim 1, characterized in that, The reverse rollback strategy includes resource cleanup actions performed in the following order: First, disable the flow of business traffic; Delete the unload rules issued by the data processing unit and unbind the Remote Direct Memory Access (RoCE) resource from the tenant network identifier; Delete the logical ports and tunnel mappings on the data processing unit side; Delete the flow table rules and virtual switch ports on the host side; Reclaim the service address and release the device associations assigned by the device plugin.
3. The method according to claim 1, characterized in that, There is a logical triggering relationship between the cross-side consistency check and the service traffic release: Before the cross-side consistency check passes, the service allow flag in the unified configuration object is forcibly set to the off state to intercept the service traffic corresponding to the target workload; After the consistency check passes and the status of the unified configuration object changes to "submitted", the system automatically triggers the business traffic release operation.
4. The method according to claim 1, characterized in that, The pre-configuration performed on the data processing unit side includes: Create a logical port corresponding to the target workload, and establish a mapping relationship between the logical port and the tunnel identifier; Configure a virtual network identifier and logically bind the RoCE communication resource identifier with the tenant identifier and the virtual network identifier to achieve hardware-level tenant network isolation.
5. The method according to claim 1, characterized in that, The cross-side consistency check includes: Extract key fields from the configuration results on the host side and the data processing unit side for consistency comparison. The key fields include: transaction number, configuration version number, tenant identifier, virtual network identifier, tunnel identifier, endpoint information, device allocation identifier, and RoCE resource identifier. The cross-side consistency check is considered successful only if the configuration values of all the key fields match perfectly on both sides.
6. The method according to claim 1, characterized in that, The unified configuration object has a complete lifecycle state: The lifecycle states include at least: pending configuration, pre-configured on the host side, pre-configured on the data processing unit side, verification in progress, submitted, failed, rolling back in progress, and rolled back. The configuration transaction drives the unified configuration object to atomically switch between its various lifecycle states based on the feedback results of each execution step.
7. The method according to claim 1, characterized in that, In scenarios involving target workload migration or policy updates, business continuity is ensured through a smooth switch between old and new transactions: First, start a new configuration transaction to complete the pre-configuration, consistency verification, and commit operations of the new unified configuration object; After the new configuration transaction is successfully committed, the undo process corresponding to the old unified configuration object is triggered to reclaim the old network and hardware resources.
8. The method according to claim 1, characterized in that, The unified configuration object, serving as the sole data carrier for cross-side communication, contains at least the following: Transaction ID, configuration version number, unique workload identifier, tenant identifier, virtual network identifier, tunnel identifier, service IP address, media access control MAC address, host node identifier, data processing unit node identifier, device allocation identifier, and RoCE resource group identifier.
9. The method according to claim 1, characterized in that, The pre-configuration performed on the host side specifically includes: Assign a service address to the target workload, create a container network interface and connect the interface to the virtual switching structure on the host side, and write isolation rules and forwarding rules for the tenant on the host side.
10. A network orchestration system, characterized in that, This includes the processor and the memory storing the computer program: When the computer program is executed by the processor, it implements the method as described in any one of claims 1 to 9.