overlay跨主机通信网络的特点:
多台主机之间的容器该如何通信?
有四种方法可以实现:
这里先介绍第一种,使用路由机制来打通网络:
优点:
常规路由技术
传统网络技术
简单
高性能
缺点:
与现有网络融为一体
灵活性地
网络图:
因为默认两台主机上的docker的docker0地址都是172.17.0.1/16。
本文使用的两台主机IP为192.168.0.124与192.168.0.121.
搭建:
1、先修改其中192.168.0.124主机的docker的IP。
[root@localhost docker]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://o0pqp3x0.mirror.aliyuncs.com"],
"insecure-registries": [ "192.168.0.124:5000"],
"bip":"172.20.0.1/16"
}
2、重启docker
[root@localhost docker]# systemctl daemon-reload
[root@localhost docker]# systemctl restart docker
3、验证docker0的IP
[root@localhost docker]# ifconfig docker0
docker0: flags=4099 mtu 1500
inet 172.20.0.1 netmask 255.255.0.0 broadcast 172.20.255.255
inet6 fe80::42:bfff:fed8:47ca prefixlen 64 scopeid 0x20
ether 02:42:bf:d8:47:ca txqueuelen 0 (Ethernet)
RX packets 7237 bytes 75932287 (72.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8955 bytes 74625045 (71.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4、分别在两台主机上运行busybox。
[root@localhost ~]# docker run -it --name vm1 busybox
/ # ip a
1: lo: mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
36: eth0@if37: mtu 1500 qdisc noqueue
link/ether 02:42:ac:14:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.2/16 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# docker run -it --name vm2 busybox sh
/ # ip a
1: lo: mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
可以看到两台主机上运行的容器IP分别为:172.20.0.2 、172.17.0.2。
5、添加路由:
192.168.0.124端执行:
[root@localhost docker]# route add -net 172.17.0.0/16 gw 192.168.0.121
192.168.0.121端执行:
[root@localhost ~]# route add -net 172.20.0.0/16 gw 192.168.0.124
6、测试:
192.168.0.124端测试:
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=62 time=30.216 ms
192.168.0.121测试:
/ # ping 172.20.0.2
PING 172.20.0.2 (172.20.0.2): 56 data bytes
64 bytes from 172.20.0.2: seq=0 ttl=62 time=0.957 ms
64 bytes from 172.20.0.2: seq=1 ttl=62 time=0.313 ms
7、这里要注意,如果配置了路由网络依旧不通,笔者找了好久最后发现是防火墙的问题,有时即使关闭了firewalld,linux底层防火墙也需要关闭:
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# iptables -P INPUT ACCEPT
[root@localhost ~]# iptables -P FORWARD ACCEPT
[root@localhost ~]# iptables -F