Cross-host communications over a network model learned about docker After herein, this would be achieved on the basis of a docker based.
Note: The environment for CentOS7, docker 19.03.
Benpian try to use several different ways to achieve cross-host mode, before that we need to be ready for experiments related to the environment.
Preparing the Environment
Prepare two or more hosts or virtual machines and associated environmental follows:
- Host 1: Configuring two network cards ens33 192.168.10.10, ens37 (does not require IP), docker environment
- Host 2: Configuring two network cards ens33 192.168.10.11, ens37 (does not require IP), docker environment
Bridging
Network Topology FIG.
ens33 external card, so that the container can communicate with the external docker, ens37 as an internal network card, and docker0 bridge (so no IP) between different containers so that the host can communicate with each other. Configuration is as follows:
Configuration on a host
1. Modify docker startup parameter file and restart docker daemon /etc/docker/daemon.json
# vim /etc/docker/daemon.json
{
"bip": "172.17.0.1/16",
"fixed-cidr": "172.17.18.1/24"
}
# systemctl restart docker2. The card access ehs33 to bridge the docker0
# brctl addif docker0 ens373. Add the container con1
# docker run -it --rm --name con1 buysbox sh2 on the Host Configuration
1. Modify docker startup parameter file and restart docker daemon /etc/docker/daemon.json
# vim /etc/docker/daemon.json
{
"bip": "172.17.0.2/16",
"fixed-cidr": "172.17.19.1/24"
}
# systemctl restart docker2. The card access ehs33 to bridge the docker0
# brctl addif docker0 ens373. Add the container con2
# docker run -it --rm --name con1 busybox shThe container can then con1 and con2 both communicate with each other, can also access external IP.
Process vessels con1 send data to the container con2 is this: First, by looking at its own destination address and routing table and finds himself in the same network segment, you do not need to be sent to the gateway, the data can be sent directly to con2, con1 by ARP con2 broadcast MAC address acquired; and then, sent to the Ethernet frame configured to con2. This process acts as a common data docker0 bridge switches forward data frames.
Direct Routing
Direct routing is achieved by adding a static route in the host. For example, two hosts host1 and host2, Docker containers on both host independent Layer 2 network, the data stream to the first forward con2 con1 sent to the Host host2, issue forwarded to Docker containers thereon by host2, and vice versa versa.
Note: This implementation failure! ! !
Direct routing network topology is as follows:
On host1
1. Configure docker0 ip
# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"],
"bip": "172.17.1.254/24"
}
# systemctl restart docker2. Add the route, the destination address of the packet is forwarded to host2 172.17.2.0/24
# route add -net 172.17.2.0 netmask 255.255.255.0 gw 192.168.10.113. Configure iptables rules
# iptables -t nat -F POSTROUTING
# iptables -t nat -A POSTROUTING s 172.17.1.0/24 ! -d 172.17.0.0/16 -j MASQUERADE4. Open Port Forwarding
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf5. Start the container con1
# docker run -it --name --rm --name con1 busybox shOn host2
# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://dhq9bx4f.mirror.aliyuncs.com"],
"bip": "172.17.2.254/24"
}
# systemctl restart docker2. Add the route, it will be forwarded to the destination address as 172.17.1.0/24 host1 package
# route add -net 172.17.1.0 netmask 255.255.255.0 gw 192.168.10.103. Configure iptables rules
# iptables -t nat -F POSTROUTING
# iptables -t nat -A POSTROUTING s 172.17.2.0/24 ! -d 172.17.0.0/16 -j MASQUERADE4. Open Port Forwarding
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf5. Start the container con2
# docker run -it --name --rm --name con2 busybox sh