US 12,278,735 B2
Isolation method for high-performance computer system, and high-performance computer system
Pingjing Lu, Hunan (CN); Mingche Lai, Hunan (CN); Zeyu Xiong, Hunan (CN); Jinbo Xu, Hunan (CN); Junsheng Chang, Hunan (CN); Xingyun Qi, Hunan (CN); Zhang Luo, Hunan (CN); Yuan Li, Hunan (CN); Yan Sun, Hunan (CN); Yang Ou, Hunan (CN); Zicong Wang, Hunan (CN); and Jianmin Zhang, Hunan (CN)
Assigned to NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY, Hunan (CN)
Filed by NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY, Hunan (CN)
Filed on Jun. 27, 2023, as Appl. No. 18/342,707.
Claims priority of application No. 202211028270.4 (CN), filed on Aug. 25, 2022.
Prior Publication US 2024/0073100 A1, Feb. 29, 2024
Int. Cl. H04L 41/12 (2022.01); H04L 45/745 (2022.01)
CPC H04L 41/12 (2013.01) [H04L 45/745 (2013.01)] 7 Claims
OG exemplary drawing
 
1. An isolation method for a high-performance computer system comprising a plurality of computing nodes, the isolation method comprising:
selecting a plurality of network zone isolation mechanisms including node-level isolation and user-level isolation;
performing the node-level isolation comprising following steps:
using one of the plurality of computing nodes one by one as a current computing node, and configuring a routing table corresponding to the current computing node, wherein configuring the routing table comprises: configuring, in the routing table, valid routing information between the current computing node and each of other compute nodes of the plurality of computing nodes that is allowed to communicate with the current computing node; and
when any one source computing node of the plurality of computing nodes needs to communicate with a target computing node of the plurality of computing nodes, searching the routing table corresponding to the source computing node via the source computing node to determine whether the valid routing information exists between the source computing node and the target computing node; if the valid routing information exists between the source computing node and the target computing node, allowing the source computing node to communicate with the target computing node; and if no valid routing information exists between the source computing node and the target computing node, forbidding the source computing node from communicating with the target computing node; and
deploying virtual machines on the computing nodes, wherein each of the virtual machines operates an independent operating system and has an independent storage space and I/O space, and the user-level isolation of a high-performance computer system is realized through the virtual machines,
wherein when the user-level isolation is realized through the virtual machines, the isolation method further comprises:
when a number of the virtual machines deployed on one computing node are less than a set threshold, allocating an independent virtual network interface card for each virtual machine on the computing node to realize communication isolation between the virtual machines, wherein each independent virtual network interface card uses an independent register configuration space to realize communication isolation between the independent virtual network interface cards, and communication between the independent virtual network interface cards corresponding to the virtual machines is realized through a virtual switch; and
when a number of the virtual machines deployed on one computing node are greater than or equal to the set threshold, allocating one or more common virtual network interface cards for the virtual machines on the computing node, wherein at least two of the virtual machines share a same common virtual network interface card through the virtual switch, and the computing node realizes flow isolation and protection between the common virtual network interface cards in the aspect of hardware through a virtual local area network of a network interface chip.