VxLAN 实验 -- 不同网段的网络通信

目的

• 基于VxLAN，实现不同网段下，跨主机节点的网络通信

实验环境

• 两台虚拟机192.168.1.183/24、 192.168.1.59/24
  

操作

配置 192.168.1.183/24

1. bash net.sh

#!/bin/sh



brctl addbr br-zou

ip link add zouveth0 type veth peer name zouveth1

brctl addif br-zou zouveth0

ip link add vxlan-10 type vxlan id 10 group 239.1.1.1 local 192.168.1.59 dev eth1 dstport 8472

#brctl addif br-zou vxlan-10



ip link set dev zouveth0 up

ip link set dev br-zou up

ip link set dev vxlan-10 up

ip addr add 10.244.1.1/24 dev br-zou

ip addr add 10.244.1.0/32 dev vxlan-10



ip netns add zou

ip link set zouveth1 netns zou

ip netns exec zou ip link set dev zouveth1 up

ip netns exec zou ip link set dev lo up

ip netns exec zou ip addr add 10.244.1.2/24 dev zouveth1



ip netns exec zou ip r add default via 10.244.1.1



ip r add 10.244.0.0/24 dev vxlan-10 via 10.244.0.0 onlink



echo 1 >/proc/sys/net/ipv4/ip_forward





# 手工配置arp地址表



# 配置iptables

2. iptables-restore < wuyan.iptables

# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018

*filter

# These rules allow traffic to be forwarded if it is to or from the flannel network range.

-A FORWARD -s 10.244.0.0/16 -j ACCEPT

-A FORWARD -d 10.244.0.0/16 -j ACCEPT

COMMIT

# Completed on Thu Jul 26 07:32:12 2018

# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018

*raw

:PREROUTING ACCEPT [60131:65785774]

:OUTPUT ACCEPT [39490:4150752]

COMMIT

# Completed on Thu Jul 26 07:32:12 2018

# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018

*nat

# This rule makes sure we don't NAT traffic within overlay network (e.g. coming out of docker0)

-A POSTROUTING -s 10.244.0.0/16 -d 10.244.0.0/16 -j RETURN

# NAT if it's not multicast traffic

-A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE

# Prevent performing Masquerade on external traffic which arrives from a Node that owns the container/pod IP address

-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/24 -j RETURN

# Masquerade anything headed towards flannel from the host

-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE

COMMIT

# Completed on Thu Jul 26 07:32:12 2018

3. arp -s 10.244.0.0 22:a3:cf:13:ec:4a -i vxlan-10

配置 192.168.1.59/24

1. bash net.sh

#!/bin/sh

brctl addbr br-zou
ip link add zouveth0 type veth peer name zouveth1
brctl addif br-zou zouveth0
ip link add vxlan-10 type vxlan id 10 group 239.1.1.1 local 192.168.1.183 dev eth1 dstport 8472
#brctl addif br-zou vxlan-10

ip link set dev zouveth0 up
ip link set dev br-zou up
ip link set dev vxlan-10 up
ip addr add 10.244.0.1/24 dev br-zou
ip addr add 10.244.0.0/32 dev vxlan-10

ip netns add zou
ip link set zouveth1 netns zou
ip netns exec zou ip link set dev zouveth1 up
ip netns exec zou ip link set dev lo up
ip netns exec zou ip addr add 10.244.0.2/24 dev zouveth1

ip netns exec zou ip r add default via 10.244.0.1

ip r add 10.244.1.0/24 dev vxlan-10 via 10.244.1.0 onlink

echo 1 >/proc/sys/net/ipv4/ip_forward

2. iptables-restore < wuyan.iptables

# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018
*filter
# These rules allow traffic to be forwarded if it is to or from the flannel network range.
-A FORWARD -s 10.244.0.0/16 -j ACCEPT
-A FORWARD -d 10.244.0.0/16 -j ACCEPT
COMMIT
# Completed on Thu Jul 26 07:32:12 2018
# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018
*raw
:PREROUTING ACCEPT [60131:65785774]
:OUTPUT ACCEPT [39490:4150752]
COMMIT
# Completed on Thu Jul 26 07:32:12 2018
# Generated by iptables-save v1.4.21 on Thu Jul 26 07:32:12 2018
*nat
# This rule makes sure we don't NAT traffic within overlay network (e.g. coming out of docker0)
-A POSTROUTING -s 10.244.0.0/16 -d 10.244.0.0/16 -j RETURN
# NAT if it's not multicast traffic
-A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE
# Prevent performing Masquerade on external traffic which arrives from a Node that owns the container/pod IP address
-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.1.0/24 -j RETURN
# Masquerade anything headed towards flannel from the host
-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE
COMMIT
# Completed on Thu Jul 26 07:32:12 2018

3. arp -s 10.244.1.0 2a:7b:50:26:9c:b8 -i vxlan-10

删除脚本

#!/bin/sh
ip link set br-zou down
ip link del br-zou
ip link del vxlan-10
ip netns del zou