使用openvswitch网桥的方式来对容器网络进行管理,实现容器互通。Open vSwitch是一个高质量的、多层虚拟交换机。通过构建隧道的方式使网络能够互相通信。
配置192.168.159.159
删除之前的容器
[root@docker01 ~]# docker rm -f 531b067ba5e9
531b067ba5e9
删除ip转发
[root@docker01 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.159.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 192.168.159.164 255.255.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-cb66f459da67
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-b45027b77aee
192.168.159.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@docker01 ~]# route del -net 172.16.0.0/16 gw 192.168.159.164
[root@docker01 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.159.2 0.0.0.0 UG 100 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-cb66f459da67
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-b45027b77aee
192.168.159.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
配置192.168.159.164
删除之前的容器
[root@docker02 ~]# docker rm -f 8e0b23b12c08
8e0b23b12c08
删除ip转发
[root@docker02 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.159.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.17.0.0 192.168.159.159 255.255.0.0 UG 0 0 0 eth0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-cb66f459da67
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-b45027b77aee
192.168.159.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@docker02 ~]# route del -net 172.17.0.0/16 gw 192.168.159.159
[root@docker02 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.159.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-cb66f459da67
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-b45027b77aee
192.168.159.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
两个服务器都安装openvswitch
yum install gcc make python-developenssl-devel kernel-develgraphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool selinux-policy-devel -y
cd /usr/local/src
wget http://openvswitch.org/releases/openvswitch-2.7.3.tar.gz
mkdir -p ~/rpmbuild/SOURCES
cp openvswitch-2.7.3.tar.gz ~/rpmbuild/SOURCES/
tar -xvf openvswitch-2.7.3.tar.gz
sed 's/openvswitch-kmod, //g' openvswitch-2.7.3/rhel/openvswitch.spec> openvswitch-2.7.3/rhel/openvswitch_no_kmod.spec
rpmbuild -bb --without check openvswitch-2.7.3/rhel/openvswitch_no_kmod.spec
[root@docker01 src]# rpmbuild -bb --without check openvswitch-2.7.3/rhel/openvswitch_no_kmod.spec
错误:构建依赖失败
python-six 被 openvswitch-2.7.3-1.x86_64 依赖
openssl-devel 被 openvswitch-2.7.3-1.x86_64 依赖
安装python-six,openssl-devel
yum install -y python-six
yum install -y openssl-devel
重新执行
rpmbuild -bb --without check openvswitch-2.7.3/rhel/openvswitch_no_kmod.spec
[root@docker02 src]# cd ~/rpmbuild/RPMS/x86_64/
[root@docker02 x86_64]# ls
openvswitch-2.7.3-1.x86_64.rpm openvswitch-debuginfo-2.7.3-1.x86_64.rpm openvswitch-devel-2.7.3-1.x86_64.rpm
#本地安装openvswitch
yum localinstall -y openvswitch-2.7.3-1.x86_64.rpm
systemctl start openvswitch
yum -y install bridge-utils
创建gre隧道
配置192.168.159.159
ovs-vsctl add-br br0
ovs-vsctl add-port br0 gre1 -- set interface gre1 type=gre option:remote_ip=192.168.159.164
brctl addif docker0 br0
ip link set dev br0 up
ip link set dev docker0 up
iptables -t nat -F;iptables -F
ip route add 172.16.0.0/16 dev docker0
配置192.168.159.164
ovs-vsctl add-br br0
ovs-vsctl add-port br0 gre1 -- set interface gre1 type=gre option:remote_ip=192.168.159.159
brctl addif docker0 br0
ip link set dev br0 up
ip link set dev docker0 up
iptables -t nat -F;iptables -F
ip route add 172.17.0.0/16 dev docker0
测试192.168.159.159
[root@4318057f90a5 /]# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
64 bytes from 172.16.0.2: icmp_seq=1 ttl=63 time=1.13 ms
From 172.17.0.1 icmp_seq=2 Redirect HostFrom 172.17.0.1: icmp_seq=2 Redirect Host(New nexthop: 172.16.0.2)
64 bytes from 172.16.0.2: icmp_seq=2 ttl=63 time=0.841 ms
64 bytes from 172.16.0.2: icmp_seq=3 ttl=63 time=0.871 ms
From 172.17.0.1 icmp_seq=4 Redirect HostFrom 172.17.0.1: icmp_seq=4 Redirect Host(New nexthop: 172.16.0.2)
64 bytes from 172.16.0.2: icmp_seq=4 ttl=63 time=18.6 ms
64 bytes from 172.16.0.2: icmp_seq=5 ttl=63 time=0.805 ms
64 bytes from 172.16.0.2: icmp_seq=6 ttl=63 time=0.814 ms
From 172.17.0.1 icmp_seq=7 Redirect HostFrom 172.17.0.1: icmp_seq=7 Redirect Host(New nexthop: 172.16.0.2)
64 bytes from 172.16.0.2: icmp_seq=7 ttl=63 time=0.825 ms
64 bytes from 172.16.0.2: icmp_seq=8 ttl=63 time=0.790 ms
64 bytes from 172.16.0.2: icmp_seq=9 ttl=63 time=0.854 ms
^C
--- 172.16.0.2 ping statistics ---
9 packets transmitted, 9 received, +3 errors, 0% packet loss, time 8745ms
rtt min/avg/max/mdev = 0.790/2.846/18.683/5.600 ms
192.168.159.159的容器成功连接到到192.168.159.164上面的容器,有少数的丢包
测试192.168.159.164
[root@0149ce2b0c24 /]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=63 time=1.68 ms
From 172.16.0.1 icmp_seq=2 Redirect HostFrom 172.16.0.1: icmp_seq=2 Redirect Host(New nexthop: 172.17.0.2)
64 bytes from 172.17.0.2: icmp_seq=2 ttl=63 time=0.977 ms
From 172.16.0.1 icmp_seq=3 Redirect HostFrom 172.16.0.1: icmp_seq=3 Redirect Host(New nexthop: 172.17.0.2)
64 bytes from 172.17.0.2: icmp_seq=3 ttl=63 time=1.37 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=63 time=0.815 ms
^C
--- 172.17.0.2 ping statistics ---
4 packets transmitted, 4 received, +2 errors, 0% packet loss, time 3578ms
rtt min/avg/max/mdev = 0.815/1.213/1.684/0.342 ms
192.168.159.164的容器成功连接到到192.168.159.159上面的容器,有少数的丢包
