使用 Linux macvlan 连接 Docker 容器

发布时间: 更新时间: 总字数:1003 阅读时间:3m 作者: IP属地: 分享 复制网址

Linux macvlanDocker 网络中只能以 bridge 模式运行,本文以通过示例说明 macvlanDocker 网络的连通性。

基础

Linux macvlan 网卡虚拟化介绍

环境说明

两台vm分别安装 docker,ip地址:

  • d1: 172.20.0.21
  • d2: 172.20.0.22

vm 的网卡开启混杂模式

相同 macvlan 通信

linux macvlan docker one network connect demo

创建网络和容器

  • d1

创建 docker network:

$ docker network create -d macvlan --subnet=10.0.1.0/24 --gateway=10.0.1.1 -o parent=ens33 mv1
$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
69e0c798564a   mv1       macvlan   local
$ docker network inspect mv1
[
    {
        "Name": "mv1",
        "Id": "69e0c798564a0f473ed72c3a3bca8f234e608bebeecc90ed9e5588f4dfec66c5",
        "Created": "2020-09-19T23:03:43.99623058-05:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.0.1.0/24",
                    "Gateway": "10.0.1.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "5914aac7af479a2aeb27f3d89ad64e99ad8f49b814340569a922eeec6a6de525": {
                "Name": "c1",
                "EndpointID": "bbe263d94336c020d6b02b3755cad51a642a97adf155c332a66d52eb44e316d1",
                "MacAddress": "02:42:0a:00:01:02",
                "IPv4Address": "10.0.1.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "ens33"
        },
        "Labels": {}
    }
]

参数说明:

  • -d : docker network driver 为 macvlan 类型
  • –subnet : macvlan 网络的子网
  • –gateway : 网关
  • -o parent= : macvlan 网络绑定的物理网卡

启动容器:

docker run -it -d --name c1 --network mv1 --ip=10.0.1.2 alpine

参数说明:

  • –network : 指定网络

  • –ip : 指定 ip 地址

  • d2

创建 docker network:

docker network create -d macvlan --subnet=10.0.1.0/24 --gateway=10.0.1.1 -o parent=ens33 mv2

启动容器:

docker run -it -d --name c2 --network mv2 --ip=10.0.1.3 alpine

连通性验证

  • d1 主机上执行
$ docker exec -it c1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:0a:00:01:02 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.2/24 brd 10.0.1.255 scope global eth0
       valid_lft forever preferred_lft forever
$ docker exec -it c1 ping -c 1 10.0.1.3
PING 10.0.1.3 (10.0.1.3): 56 data bytes
64 bytes from 10.0.1.3: seq=0 ttl=64 time=0.943 ms

--- 10.0.1.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.943/0.943/0.943 ms
  • 同时可以在 d2 上抓包:
$ tcpdump -i ens33 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:45:13.459397 IP 10.0.1.2 > 10.0.1.3: ICMP echo request, id 48, seq 0, length 64
23:45:13.459500 IP 10.0.1.3 > 10.0.1.2: ICMP echo reply, id 48, seq 0, length 64
  • 结论

d1 上的容器可以 pingd2 上的容器。

不相同 macvlan 通信

架构图

linux macvlan docker diff network connect demo

配置vlan

vconfig: VLAN 配置命令

创建网络和容器

  • d1

创建 docker network:

$ docker network create -d macvlan --subnet=10.0.1.0/24 --gateway=10.0.1.1 -o parent=ens33.100 mv1
$ docker network create -d macvlan --subnet=10.0.2.0/24 --gateway=10.0.2.1 -o parent=ens33.200 mv2
$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
0ffffc4c65fd   mv1       macvlan   local
c695f0e35611   mv2       macvlan   local

启动容器:

docker run -it -d --name c1-1 --network mv1 --ip=10.0.1.2 alpine
docker run -it -d --name c1-2 --network mv2 --ip=10.0.2.2 alpine
  • d2

创建 docker network:

docker network create -d macvlan --subnet=10.0.1.0/24 --gateway=10.0.1.1 -o parent=ens33.100 mv1
docker network create -d macvlan --subnet=10.0.2.0/24 --gateway=10.0.2.1 -o parent=ens33.200 mv2

启动容器:

docker run -it -d --name c2-1 --network mv1 --ip=10.0.1.3 alpine
docker run -it -d --name c2-2 --network mv2 --ip=10.0.2.3 alpine

连通性验证

  • d1 c1-1 ip地址
$ docker exec -it c1-1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:0a:00:01:02 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.2/24 brd 10.0.1.255 scope global eth0
       valid_lft forever preferred_lft forever
  • 从 d1 c1-1 ping d2 c2-1 是通的
$ docker exec -it c1-1 ping -c 1 10.0.1.3
PING 10.0.1.3 (10.0.1.3): 56 data bytes
64 bytes from 10.0.1.3: seq=0 ttl=64 time=3.025 ms

--- 10.0.1.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.025/3.025/3.025 ms
  • 从 d1 c1-1 ping d2 c2-2 是不通的
$ docker exec -it c1-1 ping -c 1 10.0.2.3
PING 10.0.2.3 (10.0.2.3): 56 data bytes

--- 10.0.2.3 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

结论:

  • 同 vlan 是通的
  • 不同 vlan 是隔离的

联通两个VLAN

新建一个vm(d3: 172.20.0.22),通过配置Linux 静态路由配置实现两个 VLAN 通信。

linux macvlan docker diff network connect demo with ip_forward

  • d3 VLAN 配置如下
vconfig add ens33 100
vconfig set_flag ens33.100 1 1
ip addr add 10.0.1.1/24 dev ens33.100
ip link set ens33.100 up

vconfig add ens33 200
vconfig set_flag ens33.200 1 1
ip addr add 10.0.2.1/24 dev ens33.200
ip link set ens33.200 up
  • 配置静态路由
sysctl -w net.ipv4.ip_forward=1
  • 连通性验证,从 d1 c1-1 ping d2 c2-2 是通的
$ docker exec -it c1-1 ping -c 1 10.0.2.3
PING 10.0.2.3 (10.0.2.3): 56 data bytes
64 bytes from 10.0.2.3: seq=0 ttl=63 time=6.139 ms

--- 10.0.2.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.139/6.139/6.139 ms
Home Archives Categories Tags Statistics
本文总阅读量 次 本站总访问量 次 本站总访客数