056、macvlan网络结构分析(2019-03-25 周一)
macvlan不依赖linux bridge
brctl show 可以确认没有创建新的bridge
查看容器中只有一块网卡 eth0@if3 ,对应host上的 3号接口
容器的interface 直接与host的网卡连接,这种方法使得容器无需通过NAT和端口映射就能与外网直接通信(只要网络中有网关),在网络上与其他独立的主机没有区别
root@host1:~# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.0242a29df713 no
root@host1:~# docker exec bbox1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:10:56:0b brd ff:ff:ff:ff:ff:ff
root@host1:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:4c:70 brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:a2:9d:f7:13 brd ff:ff:ff:ff:ff:ff
用 sub-interface实现多macvlan网络
macvlan会独占主机的网卡,也就是说一个网卡只能创建一个macvlan网络,否则会报错
root@host1:~# docker network create -d macvlan --subnet 172.16.87.0/24 --gateway 172.16.87.1 -o parent=ens192 mac_net2
Error response from daemon: network dm-d60df792c936 is already using parent interface ens192
但是主机的网卡数量是有限的,如何支持更多的macvlan网络呢?
好在macvlan不仅可以连接到 interface (ens192),还可以连接到 sub-interface (ens192.xxx)
VLAN是现代网络常用的网络虚拟化技术,他可以将物理的二层网络划分成多达4094个逻辑网络,这些逻辑网络在二层上是相互隔离的,每个逻辑网络(即VLAN)由 VLAN ID 区分,VLAN ID 的取值 1 - 4094
Linux的网卡也能支持VLAN(apt-get install vlan),同一个interface可以收发多个VLAN的数据包,不过前提是要创建VLAN的sub-interface
比如希望ens192 同时支持vlan10 和vlan20,则需创建sub-interface ens192.10 和 ens192.20
在交换机上,如果某个port只能收发单个VLAN的数据,该port为Access模式。如果支持多VLAN,则为Trunk模式
root@host1:~# apt-get install vlan
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
vlan
1 upgraded, 0 newly installed, 0 to remove and 125 not upgraded.
Need to get 30.7 kB of archives.
After this operation, 45.1 kB disk space will be freed.
Get:1 http://mirrors.aliyun.com/ubuntu xenial-updates/main amd64 vlan amd64 1.9-3.2ubuntu1.16.04.5 [30.7 kB]
Fetched 30.7 kB in 5s (5,469 B/s)
(Reading database ... 60147 files and directories currently installed.)
Preparing to unpack .../vlan_1.9-3.2ubuntu1.16.04.5_amd64.deb ...
Unpacking vlan (1.9-3.2ubuntu1.16.04.5) over (1.9-3.2ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up vlan (1.9-3.2ubuntu1.16.04.5) ...
Installing new version of config file /etc/network/if-pre-up.d/vlan ...
Installing new version of config file /etc/network/if-up.d/ip ...
root@host1:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
address 10.12.31.211
netmask 255.255.252.0
network 10.12.28.0
broadcast 10.12.31.255
gateway 10.12.28.6
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 10.12.28.6
up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 ens160
auto ens192
iface ens192 inet manual
auto ens192.10
iface ens192.10 inet manual
vlan-raw-device ens192
auto ens192.20
iface ens192.20 inet manual
vlan-raw-device ens192
root@host1:~# ifup ens192.10
WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 10 to IF -:ens192:-
ifquery: recursion detected for interface ens192 in parent-lock phase
ifquery: recursion detected for parent interface ens192 in parent-lock phase
ifquery: recursion detected for parent interface ens192 in parent-lock phase
root@host1:~# ifup ens192.20
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 20 to IF -:ens192:-
ifquery: recursion detected for interface ens192 in parent-lock phase
ifquery: recursion detected for parent interface ens192 in parent-lock phase
ifquery: recursion detected for parent interface ens192 in parent-lock phase
root@host1:~# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
ens192.10 | 10 | ens192
ens192.20 | 20 | ens192
root@host1:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:4c:70 brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:a2:9d:f7:13 brd ff:ff:ff:ff:ff:ff
7: ens192.10@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
8: ens192.20@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
root@host1:~# docker network create -d macvlan --subnet 172.16.10.0/24 --gateway 172.16.10.1 -o parent=ens192.10 mac_net10
884e50ddfb92c2454b4e597e6beeaf1f1f2d4f6196314d900f20c40f0d0a0c78
root@host1:~# docker network create -d macvlan --subnet 172.16.20.0/24 --gateway 172.16.20.1 -o parent=ens192.20 mac_net20
c402380a197da23fa5537fa3a36b5a82fcf30d3b999a48bda4fe82b69861b6dd
root@host1:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
9e26e05efc49 bridge bridge local
bb03f7574aa2 host host local
d60df792c936 mac_net1 macvlan local
884e50ddfb92 mac_net10 macvlan local
c402380a197d mac_net20 macvlan local
11e39328a6d1 none null local
root@host1:~# docker run -itd --name bbox_10_1 --ip 172.16.10.101 --network mac_net10 busybox
3cbcdbce63eb19024ca436fea761a4e6e154a6e7cbe26b9d6c50767dcb783026
root@host1:~# docker run -itd --name bbox_20_1 --ip 172.16.20.201 --network mac_net20 busybox
a9b648d4599a58efc64ad29db5dc484713d80803642e26910e09fcfefa54fab7
root@host1:~# docker exec bbox_10_1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:10:0a:65 brd ff:ff:ff:ff:ff:ff
root@host1:~# docker exec bbox_20_1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:10:14:c9 brd ff:ff:ff:ff:ff:ff
在host2 上做同样的操作
root@host2:~# apt-get install vlan
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
vlan
1 upgraded, 0 newly installed, 0 to remove and 125 not upgraded.
Need to get 30.7 kB of archives.
After this operation, 45.1 kB disk space will be freed.
Get:1 http://mirrors.aliyun.com/ubuntu xenial-updates/main amd64 vlan amd64 1.9-3.2ubuntu1.16.04.5 [30.7 kB]
Fetched 30.7 kB in 0s (393 kB/s)
(Reading database ... 60147 files and directories currently installed.)
Preparing to unpack .../vlan_1.9-3.2ubuntu1.16.04.5_amd64.deb ...
Unpacking vlan (1.9-3.2ubuntu1.16.04.5) over (1.9-3.2ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up vlan (1.9-3.2ubuntu1.16.04.5) ...
Installing new version of config file /etc/network/if-pre-up.d/vlan ...
Installing new version of config file /etc/network/if-up.d/ip ...
root@host2:~# apt-get install vlan
Reading package lists... Done
Building dependency tree
Reading state information... Done
vlan is already the newest version (1.9-3.2ubuntu1.16.04.5).
0 upgraded, 0 newly installed, 0 to remove and 125 not upgraded.
root@host2:~# vim /etc/network/interfaces
root@host2:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
address 10.12.31.212
netmask 255.255.252.0
network 10.12.28.0
broadcast 10.12.31.255
gateway 10.12.28.6
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 10.12.28.6
up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 ens160
uto ens192
iface ens192 inet manual
auto ens192.10
iface ens192.10 inet manual
vlan-raw-device ens192
auto ens192.20
iface ens192.20 inet manual
vlan-raw-device ens192
root@host2:~# ifup ens192.10
WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 10 to IF -:ens192:-
ifquery: recursion detected for parent interface ens192 in parent-lock phase
ifquery: recursion detected for parent interface ens192 in parent-lock phase
root@host2:~# ifup ens192.20
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 20 to IF -:ens192:-
ifquery: recursion detected for parent interface ens192 in parent-lock phase
ifquery: recursion detected for parent interface ens192 in parent-lock phase
root@host2:~# cat /proc/net/vlan/config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
ens192.10 | 10 | ens192
ens192.20 | 20 | ens192
root@host2:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:13:59 brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:6c:e4:0d:c1 brd ff:ff:ff:ff:ff:ff
8: ens192.10@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
9: ens192.20@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
root@host2:~# docker network create -d macvlan --subnet 172.16.10.0/24 --gateway 172.16.10.1 -o parent=ens192.10 mac_net10
a90d23d941a9e16332546375cb6b4c00ca3002315bb808a27c683b30ca6b46b0
root@host2:~# docker network create -d macvlan --subnet 172.16.20.0/24 --gateway 172.16.20.1 -o parent=ens192.20 mac_net20
d7312840540387493e70f3d9eb3c136f8e76f51ccc4af9b9913fb2e8765b8f98
root@host2:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
65563241b1ff bridge bridge local
cf4c89650a1f host host local
39f1aab9f5b8 mac_net1 macvlan local
a90d23d941a9 mac_net10 macvlan local
d73128405403 mac_net20 macvlan local
2f7d79e0114d none null local
root@host2:~# docker run -itd --name bbox_10_2 --ip 172.16.10.102 --network mac_net10 busybox
97be9c3ca95c3a68852bb6f20b04f6b603903140f8b24c56ce7def4dc49d672e
root@host2:~# docker run -itd --name bbox_20_2 --ip 172.16.20.202 --network mac_net20 busybox
652af91246d04263826933ba8e2334c363863ea263b6289b934d15b5193c89ef
root@host2:~# docker exec bbox_10_2 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:10:0a:66 brd ff:ff:ff:ff:ff:ff
root@host2:~# docker exec bbox_20_2 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:10:14:ca brd ff:ff:ff:ff:ff:ff
以上操作完毕后,两个host上的容器网络配置如下
root@host1:~# docker exec bbox_10_1 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link src 172.16.10.101
root@host1:~# docker exec bbox_20_1 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link src 172.16.20.201
root@host2:~# docker exec bbox_10_2 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link src 172.16.10.102
root@host2:~# docker exec bbox_20_2 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link src 172.16.20.202
.png)
最后需要注意vmware网络 需要配置vlan id 全部(4095)
.png)
056、macvlan网络结构分析(2019-03-25 周一)的更多相关文章
- 第 8 章 容器网络 - 056 - macvlan 网络结构分析
macvlan 网络结构分析 macvlan 不依赖 Linux bridge,brctl show 可以确认没有创建新的 bridge. 查看一下容器 bbox1 的网络设备: 除了 lo,容器只有 ...
- macvlan 网络结构分析 - 每天5分钟玩转 Docker 容器技术(56)
上一节我们创建了 macvlan 并部署了容器,本节详细分析 macvlan 底层网络结构. macvlan 网络结构分析 macvlan 不依赖 Linux bridge,brctl show 可以 ...
- [2019.03.25]Linux中的查找
TMUX天下第一 全世界所有用CLI Linux的人都应该用TMUX,我爱它! ======================== 以下是正文 ======================== Linu ...
- ARTS Challenge- Week 1 (2019.03.25~2019.03.31)
1.Algorithm - at least one leetcode problem per week(Medium+) 986. Interval List Intersections https ...
- zabbix学习笔记----概念----2019.03.25
1.zabbix支持的通讯方式 1)agent:专用的代理程序,首推: 2)SNMP: 3)SSH/Telnet: 4)IPMI,通过标准的IPMI硬件接口,监控被监控对象的硬件特性. 2)zab ...
- 2019.03.25 bzoj4572: [Scoi2016]围棋(轮廓线dp)
传送门 题解可以参见zjjzjjzjj神仙的,写的很清楚. 代码: #include<bits/stdc++.h> #define ri register int using namesp ...
- 2019.03.25 bzoj4568: [Scoi2016]幸运数字(倍增+线性基)
传送门 题意:给你一棵带点权的树,多次询问路径的最大异或和. 思路: 线性基上树?? 倍增维护一下就完了. 时间复杂度O(nlog3n)O(nlog^3n)O(nlog3n) 代码: #include ...
- 2019.03.25 bzoj4567: [Scoi2016]背单词(trie+贪心)
传送门 题意: 给你n个字符串,不同的排列有不同的代价,代价按照如下方式计算(字符串s的位置为x): 1.排在s后面的字符串有s的后缀,则代价为n^2: 2.排在s前面的字符串有s的后缀,且没有排在s ...
- 2019.03.25 bzoj4539: [Hnoi2016]树(主席树+倍增)
传送门 题意:给一棵大树,令一棵模板树与这棵树相同,然后进行mmm次操作,每次选择模板树中的一个节点aaa和大树中一个节点bbb,把aaa这棵子树接在bbb上面,节点编号顺序跟aaa中的编号顺序相同. ...
随机推荐
- 【hdu6185】Covering(骨牌覆盖)
2017ACM/ICPC广西邀请赛-重现赛1004Covering 题意 n*4的格子,用1*2和2*1的砖块覆盖.问方案数(mod 1e9+7).(n不超过1e9) 题解 递推了个式子然后错位相减. ...
- 搭建web定时任务管理平台
需要安装mysql及gityum -y install git mysql-server 下载安装go官网:https://golang.org/dl/wget https://redirector. ...
- 【Tsinsen A1339】JZPLCM (树状数组)
Description 原题链接 给定一长度为\(~n~\)的正整数序列\(~a~\),有\(~q~\)次询问,每次询问一段区间内所有数的\(~LCM~\)(即最小公倍数).由于答案可能很大,输出 ...
- Hdoj 2044.一只小蜜蜂... 题解
Problem Description 有一只经过训练的蜜蜂只能爬向右侧相邻的蜂房,不能反向爬行.请编程计算蜜蜂从蜂房a爬到蜂房b的可能路线数. 其中,蜂房的结构如下所示. Input 输入数据的第一 ...
- TCP/IP 和 HTTP 的区别和联系是什么?
作者:车小胖链接:https://www.zhihu.com/question/38648948/answer/240006409来源:知乎著作权归作者所有.商业转载请联系作者获得授权,非商业转载请注 ...
- C#解决方案生成工具(2)
环境 VS2017 社区版 W10 Project类 : 在Microsoft.Build.Evaluation命名空间下,可使用Project类分析项目的.csproj文件 // 实例化对象,参数 ...
- dbForge Studio for MySQL V8.0 Enterprise
上篇文章:JetBrains全家桶破解思路(最新更新:2018-12-24) 最适合从SQLServer转向MySQL的人使用(用起来基本上差不多) 最适合Net开发人员的MySQL IDE (不装V ...
- SpringBoot读取application.properties文件
http://blog.csdn.net/cloume/article/details/52538626 Spring Boot中使用自定义的properties Spring Boot的applic ...
- A1142. Maximal Clique
A clique is a subset of vertices of an undirected graph such that every two distinct vertices in the ...
- 【洛谷P2127】序列排序
题目大意:给定一个长度为 N 的序列,序列中的数两两不相同,每次可以交换序列中任意两个数,代价为这两个数的和,问将序列调整为升序,最少的代价是多少. 题解:考虑这个问题的一个子问题,这个序列为 N 的 ...