在上一节中,两个host上四个容器的网络信息如下,然后进行网络连通性测试,可见通vlan的容器即使分布在不同的host上也是可以通信的,不同vlan的容器不管在不在同一个host上都不能通信
 
root@host1:~# docker exec bbox_10_1 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.101
root@host1:~# docker exec bbox_20_1 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.201
root@host2:~# docker exec bbox_10_2 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.102
root@host2:~# docker exec bbox_20_2 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.202
 
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=64 time=0.266 ms
64 bytes from 172.16.10.102: seq=1 ttl=64 time=0.359 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.266/0.312/0.359 ms
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
 
root@host1:~# docker exec bbox_20_1 ping -c 172.16.10.101
ping: invalid number '172.16.10.101'
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=64 time=0.073 ms
64 bytes from 172.16.20.201: seq=1 ttl=64 time=0.055 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.055/0.064/0.073 ms
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=64 time=0.713 ms
64 bytes from 172.16.20.202: seq=1 ttl=64 time=0.400 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.400/0.556/0.713 ms
 
配置路由器,使不同vlan的容器进行通信,在找一台ubuntu服务器
 
#    1、启用转发功能
[root@docker-machine ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
 
#    2、配置对应两个vlan的子接口,并配置网关ip
[root@docker-machine ~]# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
    address 10.12.31.213
    netmask 255.255.252.0
    network 10.12.28.0
    broadcast 10.12.31.255
    gateway 10.12.28.6
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 10.12.28.6
    up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 ens160
auto ens192
iface ens192 inet manual
 
auto ens192.10
iface ens192.10 inet manual
vlan-raw-device ens192
 
auto ens192.20
iface ens192.20 inet manual
vlan-raw-device ens192
 
[root@docker-machine ~]# ifup ens192.10
WARNING:  Could not open /proc/net/vlan/config.  Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 10 to IF -:ens192:-
[root@docker-machine ~]# ifup ens192.20
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 20 to IF -:ens192:-
 
[root@docker-machine ~]# ifconfig ens192.10 172.16.10.1/24
[root@docker-machine ~]# ifconfig ens192.20 172.16.20.1/24
 
#    3、配置转发规则
[root@docker-machine ~]# iptables -A FORWARD -i ens192.10 -o ens192.20 -j ACCEPT
[root@docker-machine ~]# iptables -A FORWARD -i ens192.20 -o ens192.10 -j ACCEPT
 
#    4、进行网络连通性验证
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=63 time=0.557 ms
64 bytes from 172.16.20.201: seq=1 ttl=63 time=0.458 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.458/0.507/0.557 ms
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=63 time=1.387 ms
64 bytes from 172.16.20.202: seq=1 ttl=63 time=0.409 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.409/0.898/1.387 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
64 bytes from 172.16.10.101: seq=0 ttl=63 time=0.520 ms
64 bytes from 172.16.10.101: seq=1 ttl=63 time=0.461 ms
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.461/0.490/0.520 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=63 time=0.465 ms
64 bytes from 172.16.10.102: seq=1 ttl=63 time=0.562 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.465/0.513/0.562 ms
 
大致的通信流程如下:
 
 

057、macvlan 网络隔离和连通(2019-03-26 周二)的更多相关文章

  1. 第 8 章 容器网络 - 057 - macvlan 网络隔离和连通

    macvlan 网络隔离和连通 验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4. 即:同一 macvlan 网络能通信. bb ...

  2. macvlan 网络隔离和连通 - 每天5分钟玩转 Docker 容器技术(57)

    上一节我们创建了两个 macvlan 并部署了容器,网络结构如下: 本节验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4.即:同 ...

  3. 2019.03.26 bzoj4446: [Scoi2015]小凸玩密室(树形dp)

    传送门 题意简述: 给一棵完全二叉树,有点权aia_iai​和边权,每个点有一盏灯,现在要按一定要求点亮: 任意时刻点亮的灯泡必须连通 点亮一个灯泡后必须先点亮其子树 费用计算如下:点第一盏灯不要花费 ...

  4. zabbix学习笔记----安装----2019.03.26

    1.zabbix官方yum源地址:repo.zabbix.com 2.安装zabbix server zabbix server使用mysql作为数据库,在zabbix 3.X版本,安装zabbix- ...

  5. 2019.03.26 bzoj4448: [Scoi2015]情报传递(归并排序+树链剖分)

    传送门 题意简述: 给一棵nnn个点的树,树上每个点表示一个情报员,一共有mmm天,每天会派发以下两种任务中的一个任务: 1.搜集情报:指派T号情报员搜集情报 2.传递情报:将一条情报从X号情报员传递 ...

  6. 2019.03.26 bzoj4444: [Scoi2015]国旗计划(线段树+倍增)

    传送门 题意简述:现在给你一个长度为mmm的环,有nnn条互不包含的线段,问如果强制选第iii条线段至少需要用几条线段覆盖这个环,注意用来的覆盖的线段应该相交,即[1,3],[4,5][1,3],[4 ...

  7. 2019.03.26 bzoj4447: [Scoi2015]小凸解密码(线段树)

    传送门 题意简述:咕咕咕 思路:考虑预处理出bbb数组,然后每次改动aaa都只会对第iii和i+1i+1i+1这两个位置产生影响,于是可以用线段树来维护bbb数组. 现在求答案的方法是断环为链,倍增整 ...

  8. 2019.03.26 读书笔记 关于for与foreach

    for 是索引器,foreach是迭代器 foreach在movenext()中增加了对集合版本(一个整数,每次对集合修改都+1)的验证,另外反编译后的效果是使用了using(是try finally ...

  9. 2019.03.26 读书笔记 关于event

    event 主要是给委托加了一层保护,不能任意的 class.delegate=null,class.delegate=fun1,不能由调用者去任意支配,而是由class自己去增加或减少,用+=.-= ...

随机推荐

  1. 【BZOJ3215/3216】[ZJOI2013]话旧/话旧2(组合数学,动态规划)

    [BZOJ3215/3216][ZJOI2013]话旧/话旧2(组合数学,动态规划) 题面 BZOJ3215 BZOJ3216 题解 先解决\(3216\),求的是最小值为\(0\). 因为起点就是\ ...

  2. python列表转字符串

    temp = "".join(sorted(arr[i])) arr[i] = temp

  3. JMeter5.1企业级应用应用常用功能详解(含插件安装)

    apache jmeter是100%的java桌面应用程序,它被设计用来加载被测试软件功能特性.度量被测试软件的性能.jmeter可以模拟大量的服务器负载,并且jmeter提供图形化的性能分析. JM ...

  4. [IOI2014]holiday假期(分治+主席树)

    题目描述 健佳正在制定下个假期去台湾的游玩计划.在这个假期,健佳将会在城市之间奔波,并且参观这些城市的景点.在台湾共有n个城市,它们全部位于一条高速公路上.这些城市连续地编号为0到n-1.对于城市i( ...

  5. sql server 2000 个人版怎么在win7下安装

    win7 64位安装SQL2000个人版教程 首先,如果以前安装的话,要删除干净.我也找了半天的网络资料. 1.把原来sqlserver的安装目录 C:\Program Files\microsoft ...

  6. Django session相关操作

    Django session 是存储在数据库中的所以要先跟数据库建立连接 本连接有Django跟数据库建立连接的操作:https://www.cnblogs.com/Niuxingyu/p/10296 ...

  7. 第十四篇-ImageButton控制聚焦,单击,常态三种状态的显示背景

    这里先用XML设置. myselector.xml <?xml version="1.0" encoding="utf-8"?> <selec ...

  8. 第三篇-以LinearLayout进行Android界面设计

    一.新建一个项目 选择empty activity,此时项目里面没有main.java的文件. 二.手动创建java文件 Project那儿选择android模式,在app/java/com....一 ...

  9. 【译】6. Java反射——Getter和Setter

    原文地址:http://tutorials.jenkov.com/java-reflection/getters-setters.html ============================== ...

  10. struts2 二: 参数封装

    封装请求正文到对象中(非常重要) 1.静态参数封装 在struts.xml配置文件中,给动作类注入值.调用的是setter方法. struts.xml的编写: <action name=&quo ...