Eli's Blog

1. 通过Linux路由机制打通网络

1.1 修改主机名

1
2
hostnamectl set-hostname centos7-a
hostnamectl set-hostname centos7-b

1.2 centos7-a的docker0默认绑定的ip地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
ip addr

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a3:00:96 brd ff:ff:ff:ff:ff:ff
    inet 192.168.31.30/24 brd 192.168.31.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::a05d:dcec:e694:2cfc/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:a5:d2:db:31 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:a5ff:fed2:db31/64 scope link 
       valid_lft forever preferred_lft forever

1.3 修改主机centos7-b的docker0网卡的ip地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
vi /etc/docker/daemon.json 
{
    "bip":"172.18.0.1/16"
}

systemctl restart docker

ip addr

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:49:57:44 brd ff:ff:ff:ff:ff:ff
    inet 192.168.31.31/24 brd 192.168.31.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::a05d:dcec:e694:2cfc/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::4298:eebd:9094:f36e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:92:1b:3b:17 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever

1.4 增加网关路由

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# centos7-a
[root@centos7-a ~]# route add -net 172.18.0.0/16 gw 192.168.31.31
[root@centos7-a ~]# ip route
default via 192.168.31.1 dev ens33 proto static metric 100 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
172.18.0.0/16 via 192.168.31.31 dev ens33 
192.168.31.0/24 dev ens33 proto kernel scope link src 192.168.31.30 metric 100 

# centos7-b
[root@centos7-a ~]# route add -net 172.17.0.0/16 gw 192.168.31.30
[root@centos7-a ~]# ip route
default via 192.168.31.1 dev ens33 proto static metric 100 
172.18.0.0/16 dev docker0 proto kernel scope link src 172.18.0.1 
172.17.0.0/16 via 192.168.31.30 dev ens33 
192.168.31.0/24 dev ens33 proto kernel scope link src 192.168.31.30 metric 100

1.5 测试网络是否联通

1
2
3
4
5
6
7
8
9
10
11
[root@centos7-a ~]# ping 172.18.0.1
PING 172.18.0.1 (172.18.0.1) 56(84) bytes of data.
64 bytes from 172.18.0.1: icmp_seq=1 ttl=64 time=1.61 ms
64 bytes from 172.18.0.1: icmp_seq=2 ttl=64 time=0.979 ms
64 bytes from 172.18.0.1: icmp_seq=3 ttl=64 time=0.614 ms

[root@centos7-b ~]# ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=2.13 ms
64 bytes from 172.17.0.1: icmp_seq=2 ttl=64 time=0.521 ms
64 bytes from 172.17.0.1: icmp_seq=3 ttl=64 time=0.659 ms

3. Overlay网络

overlay_network

4. Namespace

Veth pair:用于不同network namespace间进行通信,点对点通信。

Linux Bridge: 实现类似交换机的工作模式,将多个不同Namespace上的网卡连通

使用网桥工具

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
yum install bridge-utils -y

[root@centos7-a ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242a5d2db31       no              veth463224b
                                                        veth95cd878
[root@centos7-a ~]# ip addr                                                        
29: veth95cd878@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 56:19:de:43:e7:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::5419:deff:fe43:e7e4/64 scope link 
       valid_lft forever preferred_lft forever
55: veth463224b@if54: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether fa:89:aa:75:57:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::f889:aaff:fe75:57a1/64 scope link 
       valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# 获取容器运行的PID
[root@centos7-a ~]# docker inspect -f '{{.State.Pid}}' 0f9fa4e71fb7
18607

# 建立链接,方便ip netns标准命令查询
mkdir -p /var/run/netns
ln -s /proc/18607/ns/net /var/run/netns/18607

# 查询net namespace
[root@centos7-a ~]# ip netns ls
18607 (id: 0)

[root@centos7-a ~]# ip netns exec 18607 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
54: eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
       
# 查询veth网卡序号
[root@centos7-a ~]# ip netns exec 18607 ethtool -S eth0
NIC statistics:
     peer_ifindex: 55

 上一页