On an already said there are four ways to open up communication between the docker across hosts.
This article describes the second common approach:
using openvswitch open network is a mainstream virtualization technology:
The advantages are:
- flexible
- No requirement for existing physical network
- The industry mainstream
weakness is:
- Software package degrade performance
- Relatively high degree of complexity
- High degree of difficulty troubleshooting
network diagram:
As can be seen, creating a bridge br0 for each host ovs, the network card in the container bridge docker br0 above. In this case, the equivalent br0 instead of the original role docker0 bridge, achieve interoperability and access to external network host's content.
For each host, create a ovs port br0 and ovs interface (type is gre), and set the gre remote_ip to another physical host. Br0 achieve cross-host connectivity. The associated container also can be connected up.
Added:
now, container-based communications across host ovs has two modes:
. 1, the GRE
2, VXLAN
a way that VXLAN advantage: If gre VXLAN or as a "cable", then, for two or more hosts, such as hostA, hostB and hostC, container above the host as long as the two interworking "cable" on the line. Assume hostA attached hostB, hostB attached hostC, then the container on hostC natural container on hostA can be found by hostB. For GRE, with the three hosts have connected two by two, then add a host cluster is very troublesome.
Preparing the environment:
two with a docker's centos7 machine, try to ensure that the same version of docker
* 192.168.0.124
* 192.168.0.121
Experiment:
1, CentOS default no ovs rpm package, and therefore needs its own Download Source Package production.
wget http://openvswitch.org/releases/openvswitch-2.5.0.tar.gz
2, install the necessary dependencies environment. Base a source to get.
yum -y install openssl-devel gcc make python-devel openssl-devel kernel-devel graphviz
kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool
3, decompression
tar xf openvswitch-2.5.0.tar.gz .
4. Create a build directory
mkdir -p ~/rpmbuild/SOURCES
5, the compiler:
cp openvswitch-2.5.0.tar.gz rpmbuild/SOURCES/
rpmbuild -bb --without check ~/openvswitch-2.5.0/rhel/openvswitch.spec
6, see the compiled rpm packages:
[root@localhost ~]# ls rpmbuild/RPMS/x86_64/
openvswitch-2.5.0-1.x86_64.rpm openvswitch-debuginfo-2.5.0-1.x86_64.rpm
7, install openvswitch
rpm -i openvswitch-2.5.0-1.x86_64.rpm
8, is also copied to another machine to install the software
9, start the service:
systemctl start openvswitch
10, install bridge management tools
yum install bridge-utils -y
11, configure the network, add br0 bridge to docker0.
[root@localhost ~]# ovs-vsctl add-br br0
12, so that the flow through the container to flow through Tunnel ovs, both the host operating following commands are written remote_ip other mainframe
[root@localhost ~]# ovs-vsctl add-port br0 gre1 -- set interface gre0 type=gre option:remote_ip=192.168.0.121
13, br0 bind to docker0
[root@localhost ~]# brctl addif docker0 br0
14、
[root@localhost ~]# ip link set dev br0 up
[root@localhost ~]# ip link set dev docker0 up
[root@localhost ~]# iptables -t nat -F ; iptables -F
15, the two hosts are the implementation of the above configuration, note the IP address.
16, add routes:
192.168.0.124 added:
ip route add 172.17.0.0/16 dev docker0
192.168.0.121添加:
ip route add 172.20.0.0/16 dev docker0
17, the test:
each two hosts running a container.
docker run -it --rm busybox
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=63 time=0.945 ms
docker run -it --rm busybox
/ # ping 172.20.0.2
PING 172.20.0.2 (172.20.0.2): 56 data bytes
64 bytes from 172.20.0.2: seq=0 ttl=63 time=0.973 ms
64 bytes from 172.20.0.2: seq=1 ttl=63 time=0.508 ms
18, the same token, if blocked, check the firewall
