[docker]docker网络-直接路由模式

linux namespace连接参考: http://www.cnblogs.com/iiiiher/p/8057922.html

docker网络-直接路由模式

参考: https://www.yuanmas.com/info/obzmAGowzP.html

- n1上创建br0
ip link add br0 type bridge
ip link set dev br0 up
ip addr add 10.1.1.1/24 dev br0


- n2上创建br1
ip link add br1 type bridge
ip link set dev br1 up
ip addr add 20.1.1.1/24 dev br1


- n1启动docker
 dockerd -b br0

- n2启动docker
 dockerd -b br1
tip: dockerd --help可以看到dockerd的选项

- n1上写路由
ip r a 20.1.1.0/24 via 192.168.14.133

- n2上写路由
ip r a 10.1.1.0/24 via 192.168.14.132

- n1和n2 开启
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P FORWARD ACCEPT

出现的问题:

本端的容器,能访问到对方的br1,但是不能访问到对方br1下的容器

参考: https://unix.stackexchange.com/questions/125599/settings-when-using-a-bridge

系统默认是accept

iptables -t filter -L
iptables -t filter -L --line-number

当安装完docker(yum)后,默认forward chian变成了drop

解决:

iptables -P FORWARD ACCEPT

可能将 iptables FORWARD chain的默认策略设置为DROP，从而导致 ping 其它 Node 上的 Pod IP 失败，遇到这种情况时，需要手动设置策略为 ACCEPT.

参考: http://cizixs.com/2017/02/10/network-virtualization-network-namespace

实现bridge之间的通信-一台主机

############################################

ip link add br0 type bridge
ip link set dev br0 up
ip addr add 10.1.1.1/24 dev br0

ip netns add net0
ip link add type veth
ip link set dev veth1 netns net0

ip netns exec net0 ip link set dev veth1 name eth0
ip netns exec net0 ip addr add 10.1.1.2/24 dev eth0
ip netns exec net0 ip link set dev eth0 up
ip netns exec net0 ip route add default via 10.1.1.1 dev eth0

ip link set dev veth0 master br0
ip link set dev veth0 up
ip netns exec net0 ping 10.1.1.1

############################################
ip link add br1 type bridge
ip link set dev br1 up
ip addr add 20.1.1.1/24 dev br1

ip netns add net1
ip link add type veth
ip link set dev veth1 netns net1

ip netns exec net1 ip link set dev veth1 name eth0
ip netns exec net1 ip addr add 20.1.1.2/24 dev eth0
ip netns exec net1 ip link set dev eth0 up
ip netns exec net1 ip route add default via 20.1.1.1 dev eth0

ip link set dev veth0 master br1
ip link set dev veth0 up

ip netns exec net1 ping 20.1.1.1

实现bridge之间的通信-两台主机

#####################在n1操作######################

ip link add br0 type bridge
ip link set dev br0 up
ip addr add 10.1.1.1/24 dev br0

ip netns add net0
ip link add type veth
ip link set dev veth1 netns net0

ip netns exec net0 ip link set dev veth1 name eth0
ip netns exec net0 ip addr add 10.1.1.2/24 dev eth0
ip netns exec net0 ip link set dev eth0 up
ip netns exec net0 ip route add default via 10.1.1.1 dev eth0

ip link set dev veth0 master br0
ip link set dev veth0 up
ip r a 20.1.1.0/24 via 192.168.14.133
ip netns exec net0 ping 10.1.1.1

########################在n2操作##################
ip link add br1 type bridge
ip link set dev br1 up
ip addr add 20.1.1.1/24 dev br1

ip netns add net1
ip link add type veth
ip link set dev veth1 netns net1

ip netns exec net1 ip link set dev veth1 name eth0
ip netns exec net1 ip addr add 20.1.1.2/24 dev eth0
ip netns exec net1 ip link set dev eth0 up
ip netns exec net1 ip route add default via 20.1.1.1 dev eth0

ip link set dev veth2 master br1
ip link set dev veth2 up
ip r a 10.1.1.0/24 via 192.168.14.132
ip netns exec net1 ping 20.1.1.1