容器网络实验(二):模拟flannel vxlan模式
展开
前置知识:
FDB表:Forwarding DataBase,相当于交换机的mac表
实验拓扑
创建vxlan网卡(注意vxlan0的mac地址,后面手动添加arp和fdb表需要用到)
host1:
ip link add vxlan0 type vxlan id 42 dstport 4789 local 192.168.120.128 dev enp0s3 nolearning
ip link set vxlan0 up
ip addr add 172.17.10.0/32 dev vxlan0
ip link show vxlan0
16: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 66:2a:06:96:eb:9d brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 42 local 192.168.120.128 dev ens33 srcport 0 0 dstport 4789 nol
earning ageing 300 noudpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode
eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 6553
host2:
ip link add vxlan0 type vxlan id 42 dstport 4789 dev enp0s3 nolearning
ip link set vxlan0 up
ip addr add 172.17.1.0/32 dev vxlan0
ip link show vxlan0
16: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 22:b3:c4:a4:15:ec brd ff:ff:ff:ff:ff:ff promiscuity 0
16 vxlan id 42 local 192.168.120.131 dev ens33 srcport 0 0 dstport 4789 no
learning ageing 300 addrgenmode none
创建网桥
host1:
ip link add bridge0 type bridge
ip link set bridge0 up
ip addr add 172.17.10.1/24 dev bridge0
host2:
ip link add bridge0 type bridge
ip link set bridge0 up
ip addr add 172.17.1.1/24 dev bridge0
创建容器网络
host1:
ip link add veth0 type veth peer name veth1
ip netns add docker1
ip link set dev veth1 master bridge0
ip link set dev veth1 up
ip link set dev veth1 mtu 1450 up
ip link set dev veth0 netns docker1
ip netns exec docker1 ip addr add 172.17.10.3/24 dev veth0
ip netns exec docker1 ip link set veth0 up
ip netns exec docker1 ip route add default via 172.17.10.1 dev veth0
host2:
ip link add veth0 type veth peer name veth1
ip netns add docker1
ip link set dev veth1 master bridge0
ip link set dev veth1 up
ip link set dev veth1 mtu 1450 up
ip link set dev veth0 netns docker1
ip netns exec docker1 ip addr add 172.17.1.3/24 dev veth0
ip netns exec docker1 ip link set veth0 up
ip netns exec docker1 ip route add default via 172.17.1.1 dev veth0
添加主机路由
host1:
ip route add 172.17.1.0/24 via 172.17.1.0 dev vxlan0 onlink
host2:
ip route add 172.17.10.0/24 via 172.17.10.0 dev vxlan0 onlink
手动添加ARP表
host1:
ip neigh add 172.17.1.0 lladdr ip dev vxlan0
host2:
ip neigh add 172.17.10.0 lladdr 66:2a:06:96:eb:9d dev vxlan0
手动添加FDB表
host1:
bridge fdb append 22:b3:c4:a4:15:ec dev vxlan0 dst 192.168.120.131
host2:
bridge fdb append 66:2a:06:96:eb:9d dev vxlan0 dst 192.168.120.128
验证联通性:
host1:
ip netns exec docker1 ping 172.17.1.3
PING 172.17.1.3 (172.17.1.3) 56(84) bytes of data.
64 bytes from 172.17.1.3: icmp_seq=1 ttl=62 time=20.6 ms
64 bytes from 172.17.1.3: icmp_seq=2 ttl=62 time=0.344 ms
