容器网络实验（二）：模拟flannel vxlan模式

• 前置知识：

FDB表：Forwarding DataBase，相当于交换机的mac表

• 实验拓扑

 

• 创建vxlan网卡(注意vxlan0的mac地址，后面手动添加arp和fdb表需要用到)

host1:
ip link add vxlan0 type vxlan id 42 dstport 4789 local 192.168.120.128 dev ens33 nolearning
ip link set vxlan0 up
ip addr add 172.17.10.0/32 dev vxlan0
ip ‐d link show vxlan0
16: vxlan0:  mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 66:2a:06:96:eb:9d brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 42 local 192.168.120.128 dev ens33 srcport 0 0 dstport 4789 nol
earning ageing 300 noudpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode
eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 6553

host2:
ip link add vxlan0 type vxlan id 42 dstport 4789 local 192.168.120.131 dev ens33 nolearning
ip link set vxlan0 up
ip addr add 172.17.1.0/32 dev vxlan0
ip ‐d link show vxlan0
16: vxlan0:  mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 22:b3:c4:a4:15:ec brd ff:ff:ff:ff:ff:ff promiscuity 0
16 vxlan id 42 local 192.168.120.131 dev ens33 srcport 0 0 dstport 4789 no
learning ageing 300 addrgenmode none

 

• 创建网桥

host1:
ip link add bridge0 type bridge
ip link set bridge0 up
ip addr add 172.17.10.1/24 dev bridge0

host2:
ip link add bridge0 type bridge
ip link set bridge0 up
ip addr add 172.17.1.1/24 dev bridge0

• 创建容器网络

host1:
ip link set dev veth1 master bridge0
ip link set dev veth1 up
ip link set dev veth1 mtu 1450 up
ip link set dev veth0 netns docker1
ip netns exec docker1 ifconfig veth0 mtu 1450 172.17.10.3/24 up
ip netns exec docker1 ip route add default via 172.17.10.1 dev veth0

host2:
ip link set dev veth1 master bridge0
ip link set dev veth1 up
ip link set dev veth1 mtu 1450 up
ip link set dev veth0 netns docker1
ip netns exec docker1 ifconfig veth0 mtu 1450 172.17.1.3/24 up
ip netns exec docker1 ip route add default via 172.17.1.1 dev veth0

• 添加主机路由

host1：
ip route add 172.17.1.0/24 via 172.17.1.0 dev vxlan0 onlink

host2:
ip route add 172.17.10.0/24 via 172.17.10.0 dev vxlan0 onlink

• 手动添加ARP表

host1:
ip neigh add 172.17.1.0 lladdr 22:b3:c4:a4:15:ec dev vxlan0

host2:
ip neigh add 172.17.10.0 lladdr 66:2a:06:96:eb:9d dev vxlan0

• 手动添加FDB表

host1:
bridge fdb append 22:b3:c4:a4:15:ec dev vxlan0 dst 192.168.120.131

host2:
bridge fdb append 66:2a:06:96:eb:9d dev vxlan0 dst 192.168.120.128

• 验证联通性：

host1:
ip netns exec docker1 ping 172.17.1.3
PING 172.17.1.3 (172.17.1.3) 56(84) bytes of data.
64 bytes from 172.17.1.3: icmp_seq=1 ttl=62 time=20.6 ms
64 bytes from 172.17.1.3: icmp_seq=2 ttl=62 time=0.344 ms