| Docker is a very popular container technology. Networks such as virtual network and SDN are also constantly developing. VxLAN is a new type of virtual extended network. The author found an online experiment when organizing documents: use OpenvSwith to build a VxLAN environment on Docker and share it. |
I. Overview
1. Environment: 2 linux machines (host1 and host2), the release version is kali2.0, and the kernel version is 4.3. Docker and OpenvSwitch (ovs) are installed on each machine.
2. host1 and host2 each start a ubuntu docker container.
3. Network structure:
3.1: eth0 of host1: 192.168.2.1, the ip address of the docker container in host1 is 10.1.2.3 3.2: eth0 of host2: 192.168.2.2, the ip address of the docker container in host2 is 10.1.2.4 3.3: eth0 of host1 and host2 can be pinged.
4. The goal is to establish a VxLAN tunnel between docker containers on two different hosts so that they can communicate!
2. Install basic software
1. Install docker and get ubuntu image
sudo apt-get install docket.io sudo docker pull ubuntu
2. Install the docker auxiliary script for openvswitch and ovs
sudo apt-get install openvswitch-switc//Auxiliary script ovs-docker that supports Docker containers provided by the OpenvSwitch project wget https://github.com/openvswitch/ovs/raw/master/utilities/ovs-docker chmod a+x ovs-docker
3. Configuration
1. Create a virtual bridge with ovs on host1 and give the bridge an ip
sudo ovs-vsctl add-br vxbr sudo ifconfig vxbr 10.1.2.1/24
2. Add a vxlan port to the bridge, remote_ip is the eth0 address of host2! ! !
sudo ovs-vsctl add-port vxbr vxlan -- set interface vxlan type=vxlan options:remote_ip=192.168.2.2
3. Start a docker container without an ethernet card
sudo docker run --net=none --privileged=true -it ubuntu
And write down the ID of this container, mine is: b062406bc6b6 . At this time, ifconfig can only see one lo device in this container.
4. Specify an eth0 for the container machine and bind it to the vxbr bridge of the host machine
sudo ./ovs-docker add-port vxbr eth0 b062406bc6b6
Back in the container at this time, ifconfig will see that an eht0 has appeared. Give it an ip:
ifconfig eth0 10.1.2.3/24
5. View ovs configuration
sudo ovs-vsctl show
We can see that there are 3 ports on the vxbr bridge, one is the port for communicating with the local machine (here is the eth0 of the local machine), the other is the port of vxlan, and the last one is the eth0 of the docker container machine.
The host2 configuration is similar to the above, change the virtual bridge vxbr of host2 to 10.1.2.2/24, change the remote_ip of vxlan to 192.168.2.1 of host1, and change the IP of the docker container machine of host2 to 10.1.2.4/24
4. Verification
The network structure at this time:
eth0 of host1: 192.168.2.1, vxbr: 10.1.2.1, eth0 of docker container machine: 10.1.2.3. The eth0 of the docker container is on the vxbr of host1.
eth0 of host2: 192.168.2.2, vxbr: 10.1.2.2, eth0 of docker container machine: 10.1.2.4. The eth0 of the docker container is on the vxbr of host2.
Ping the docker container machine of host2 in the docker container machine of host1, and wireshark captures the packet:
It can be seen that the communication between container machines is encapsulated in a UDP packet, and the UDP communication is forwarded through eth0 of host1 and host2.