在上一节中,两个host上四个容器的网络信息如下,然后进行网络连通性测试,可见通vlan的容器即使分布在不同的host上也是可以通信的,不同vlan的容器不管在不在同一个host上都不能通信
 
root@host1:~# docker exec bbox_10_1 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.101
root@host1:~# docker exec bbox_20_1 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.201
root@host2:~# docker exec bbox_10_2 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.102
root@host2:~# docker exec bbox_20_2 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.202
 
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=64 time=0.266 ms
64 bytes from 172.16.10.102: seq=1 ttl=64 time=0.359 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.266/0.312/0.359 ms
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
 
root@host1:~# docker exec bbox_20_1 ping -c 172.16.10.101
ping: invalid number '172.16.10.101'
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=64 time=0.073 ms
64 bytes from 172.16.20.201: seq=1 ttl=64 time=0.055 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.055/0.064/0.073 ms
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=64 time=0.713 ms
64 bytes from 172.16.20.202: seq=1 ttl=64 time=0.400 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.400/0.556/0.713 ms
 
配置路由器,使不同vlan的容器进行通信,在找一台ubuntu服务器
 
#    1、启用转发功能
[root@docker-machine ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
 
#    2、配置对应两个vlan的子接口,并配置网关ip
[root@docker-machine ~]# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
    address 10.12.31.213
    netmask 255.255.252.0
    network 10.12.28.0
    broadcast 10.12.31.255
    gateway 10.12.28.6
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 10.12.28.6
    up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 ens160
auto ens192
iface ens192 inet manual
 
auto ens192.10
iface ens192.10 inet manual
vlan-raw-device ens192
 
auto ens192.20
iface ens192.20 inet manual
vlan-raw-device ens192
 
[root@docker-machine ~]# ifup ens192.10
WARNING:  Could not open /proc/net/vlan/config.  Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 10 to IF -:ens192:-
[root@docker-machine ~]# ifup ens192.20
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 20 to IF -:ens192:-
 
[root@docker-machine ~]# ifconfig ens192.10 172.16.10.1/24
[root@docker-machine ~]# ifconfig ens192.20 172.16.20.1/24
 
#    3、配置转发规则
[root@docker-machine ~]# iptables -A FORWARD -i ens192.10 -o ens192.20 -j ACCEPT
[root@docker-machine ~]# iptables -A FORWARD -i ens192.20 -o ens192.10 -j ACCEPT
 
#    4、进行网络连通性验证
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=63 time=0.557 ms
64 bytes from 172.16.20.201: seq=1 ttl=63 time=0.458 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.458/0.507/0.557 ms
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=63 time=1.387 ms
64 bytes from 172.16.20.202: seq=1 ttl=63 time=0.409 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.409/0.898/1.387 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
64 bytes from 172.16.10.101: seq=0 ttl=63 time=0.520 ms
64 bytes from 172.16.10.101: seq=1 ttl=63 time=0.461 ms
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.461/0.490/0.520 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=63 time=0.465 ms
64 bytes from 172.16.10.102: seq=1 ttl=63 time=0.562 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.465/0.513/0.562 ms
 
大致的通信流程如下:
 
 

057、macvlan 网络隔离和连通(2019-03-26 周二)的更多相关文章

  1. 第 8 章 容器网络 - 057 - macvlan 网络隔离和连通

    macvlan 网络隔离和连通 验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4. 即:同一 macvlan 网络能通信. bb ...

  2. macvlan 网络隔离和连通 - 每天5分钟玩转 Docker 容器技术(57)

    上一节我们创建了两个 macvlan 并部署了容器,网络结构如下: 本节验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4.即:同 ...

  3. 2019.03.26 bzoj4446: [Scoi2015]小凸玩密室(树形dp)

    传送门 题意简述: 给一棵完全二叉树,有点权aia_iai​和边权,每个点有一盏灯,现在要按一定要求点亮: 任意时刻点亮的灯泡必须连通 点亮一个灯泡后必须先点亮其子树 费用计算如下:点第一盏灯不要花费 ...

  4. zabbix学习笔记----安装----2019.03.26

    1.zabbix官方yum源地址:repo.zabbix.com 2.安装zabbix server zabbix server使用mysql作为数据库,在zabbix 3.X版本,安装zabbix- ...

  5. 2019.03.26 bzoj4448: [Scoi2015]情报传递(归并排序+树链剖分)

    传送门 题意简述: 给一棵nnn个点的树,树上每个点表示一个情报员,一共有mmm天,每天会派发以下两种任务中的一个任务: 1.搜集情报:指派T号情报员搜集情报 2.传递情报:将一条情报从X号情报员传递 ...

  6. 2019.03.26 bzoj4444: [Scoi2015]国旗计划(线段树+倍增)

    传送门 题意简述:现在给你一个长度为mmm的环,有nnn条互不包含的线段,问如果强制选第iii条线段至少需要用几条线段覆盖这个环,注意用来的覆盖的线段应该相交,即[1,3],[4,5][1,3],[4 ...

  7. 2019.03.26 bzoj4447: [Scoi2015]小凸解密码(线段树)

    传送门 题意简述:咕咕咕 思路:考虑预处理出bbb数组,然后每次改动aaa都只会对第iii和i+1i+1i+1这两个位置产生影响,于是可以用线段树来维护bbb数组. 现在求答案的方法是断环为链,倍增整 ...

  8. 2019.03.26 读书笔记 关于for与foreach

    for 是索引器,foreach是迭代器 foreach在movenext()中增加了对集合版本(一个整数,每次对集合修改都+1)的验证,另外反编译后的效果是使用了using(是try finally ...

  9. 2019.03.26 读书笔记 关于event

    event 主要是给委托加了一层保护,不能任意的 class.delegate=null,class.delegate=fun1,不能由调用者去任意支配,而是由class自己去增加或减少,用+=.-= ...

随机推荐

  1. 【POJ1037】A decorative fence(DP)

    BUPT2017 wintertraining(15) #6C 题意 给长度n的数列,1,2,..,n,按依次递增递减排序,求字典序第k小的排列. 题解 dp. up[i][j]表示长度为j,以第i小 ...

  2. 数论细节梳理&模板

    初阶 扩展欧拉 \(k\ge\varphi(m)\)时,\(b^k\equiv b^{k\%\varphi(m)+\varphi(m)}(\bmod m\)) 扩展CRT 推式子合并同余方程. htt ...

  3. Codeforces Round #555 (Div. 3)[1157]题解

    不得不说这场div3是真的出的好,算得上是从我开始打开始最有趣的一场div3.因为自己的号全都蓝了,然后就把不经常打比赛的dreagonm的号借来打这场,然后...比赛结束rank11(帮dreago ...

  4. [HAOI2015]树上染色(树形背包)

    有一棵点数为 N 的树,树边有边权.给你一个在 0~ N 之内的正整数 K ,你要在这棵树中选择 K个点,将其染成黑色,并将其他 的N-K个点染成白色 . 将所有点染色后,你会获得黑点两两之间的距离加 ...

  5. hdu 2328 Corporate Identity(kmp)

    Problem Description Beside other services, ACM helps companies to clearly state their “corporate ide ...

  6. [HAOI2008]圆上的整点(数论)

    题目的所求可以转化为: \(y^2=r^2-x^2\)(其中r,x,y均为整数) 即\(y^2=(r-x)(r+x)\)(其中\(r,x,y\)均为整数) 不妨设\((r-x)=d*u\)------ ...

  7. JBoss/Wildfly 配置SQLserver服务器

    JBoss/Wildfly 配置SQLserver服务器 http://blog.csdn.net/haitaolang/article/details/60467118 wildfly standa ...

  8. 2018-2019 ACM-ICPC, Asia Nanjing Regional Contest

    https://codeforces.com/gym/101981 Problem A. Adrien and Austin 贪心,注意细节 f[x]=1:先手必赢. f[x]: 分成两部分(或一部分 ...

  9. js中同一个onclick绑定了两个js方法出现的问题

    问题: js中如果同一个onclick绑定了两个js方法问题,即 <li onclick="f1(),f2()"></li> 两个方法f1,f2中都分别有一 ...

  10. 第十四节、FAST角点检测(附源码)

    在前面我们已经陆续介绍了许多特征检测算子,我们可以根据图像局部的自相关函数求得Harris角点,后面又提到了两种十分优秀的特征点以及他们的描述方法SIFT特征和SURF特征.SURF特征是为了提高运算 ...