weave网络跨主机容器通信
weave网络跨主机容器间通信
实验环境
| ip | 服务 | 备注 |
|---|---|---|
| 192.168.1.12 | docker(已安装)、weave已安装 | host1 |
| 192.168.1.13 | docker(已安装) | host2 |
实验目的
将host2加入host1的weave网络中,在各个主机创建一个容器,并进行通信
实验步骤
host2加入host1的weave网络
host2
这一步需要下载一些weave所需要的组件,ip指定为host1的ip
[root@host2 ~]# weave launch 192.168.1.12结束之后也需要进行添加防火墙策略
[root@host2 ~]# iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
[root@host2 ~]# iptables-savehost1运行一个weave网络中容器
host1
进入weave网络范围
[root@host1 ~]# eval $(weave env)运行一个容器bbox1,默认会使用weave网络
[root@host1 ~]# docker run -itd --name bbox1 busybox
e037fae99556cb18885263eea8828209da046bd5ff706f0f9e75191f009e0d1c获取该容器ip,10.32.0.1
[root@host1 ~]# docker exec -it bbox1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
16: ethwe@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue
link/ether 12:26:df:0d:77:f6 brd ff:ff:ff:ff:ff:ff
inet 10.32.0.1/12 brd 10.47.255.255 scope global ethwe
valid_lft forever preferred_lft foreverhost2运行一个weave网络的容器
进入weave网络
[root@host2 ~]# eval $(weave env)运行bbox3容器
[root@host2 ~]# docker run -itd --name bbox3 busybox
fb6082cb3d113ed6484c006d9dace3e9e2aedca543c2c0a4a66e05db4dd0427b查看bbox3容器ip,10.44.0.0/12,这是个ip不是网段,因为他的网段是10.32.0.0/12,通过子网划分的网段得来的。
[root@host2 ~]# docker exec -it bbox3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
16: ethwe@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue
link/ether 5e:74:e2:d2:d5:30 brd ff:ff:ff:ff:ff:ff
inet 10.44.0.0/12 brd 10.47.255.255 scope global ethwe
valid_lft forever preferred_lft forever测试weave网络中跨主机的容器通信
host2
使用bbox3进行ping通host1主机的bbox1
[root@host2 ~]# docker exec -it bbox3 ping 10.32.0.2
PING 10.32.0.2 (10.32.0.2): 56 data bytes
64 bytes from 10.32.0.2: seq=0 ttl=64 time=2.379 ms
64 bytes from 10.32.0.2: seq=1 ttl=64 time=1.240 ms
^C
--- 10.32.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.240/1.809/2.379 ms同样直接ping容器名也是可以的
[root@host2 ~]# iptables -F
[root@host2 ~]# docker exec -it bbox3 ping bbox1
PING bbox1 (10.32.0.1): 56 data bytes
64 bytes from 10.32.0.1: seq=0 ttl=64 time=2.791 ms
64 bytes from 10.32.0.1: seq=1 ttl=64 time=0.626 ms
^C
--- bbox1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.626/1.708/2.791 ms跨主机通信图
跨主机通讯就是通过相同的vxlan的id号,也就是这台主机在同一个vlan的意思,而且也是同一网段。切记这是使用的子网10.44.0.0/12是一个ip地址,不是网段。
博客内容遵循 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 协议
