在上一节中,两个host上四个容器的网络信息如下,然后进行网络连通性测试,可见通vlan的容器即使分布在不同的host上也是可以通信的,不同vlan的容器不管在不在同一个host上都不能通信
 
root@host1:~# docker exec bbox_10_1 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.101
root@host1:~# docker exec bbox_20_1 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.201
root@host2:~# docker exec bbox_10_2 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.102
root@host2:~# docker exec bbox_20_2 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.202
 
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=64 time=0.266 ms
64 bytes from 172.16.10.102: seq=1 ttl=64 time=0.359 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.266/0.312/0.359 ms
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
 
root@host1:~# docker exec bbox_20_1 ping -c 172.16.10.101
ping: invalid number '172.16.10.101'
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=64 time=0.073 ms
64 bytes from 172.16.20.201: seq=1 ttl=64 time=0.055 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.055/0.064/0.073 ms
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=64 time=0.713 ms
64 bytes from 172.16.20.202: seq=1 ttl=64 time=0.400 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.400/0.556/0.713 ms
 
配置路由器,使不同vlan的容器进行通信,在找一台ubuntu服务器
 
#    1、启用转发功能
[root@docker-machine ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
 
#    2、配置对应两个vlan的子接口,并配置网关ip
[root@docker-machine ~]# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
    address 10.12.31.213
    netmask 255.255.252.0
    network 10.12.28.0
    broadcast 10.12.31.255
    gateway 10.12.28.6
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 10.12.28.6
    up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 ens160
auto ens192
iface ens192 inet manual
 
auto ens192.10
iface ens192.10 inet manual
vlan-raw-device ens192
 
auto ens192.20
iface ens192.20 inet manual
vlan-raw-device ens192
 
[root@docker-machine ~]# ifup ens192.10
WARNING:  Could not open /proc/net/vlan/config.  Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 10 to IF -:ens192:-
[root@docker-machine ~]# ifup ens192.20
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 20 to IF -:ens192:-
 
[root@docker-machine ~]# ifconfig ens192.10 172.16.10.1/24
[root@docker-machine ~]# ifconfig ens192.20 172.16.20.1/24
 
#    3、配置转发规则
[root@docker-machine ~]# iptables -A FORWARD -i ens192.10 -o ens192.20 -j ACCEPT
[root@docker-machine ~]# iptables -A FORWARD -i ens192.20 -o ens192.10 -j ACCEPT
 
#    4、进行网络连通性验证
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=63 time=0.557 ms
64 bytes from 172.16.20.201: seq=1 ttl=63 time=0.458 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.458/0.507/0.557 ms
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=63 time=1.387 ms
64 bytes from 172.16.20.202: seq=1 ttl=63 time=0.409 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.409/0.898/1.387 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
64 bytes from 172.16.10.101: seq=0 ttl=63 time=0.520 ms
64 bytes from 172.16.10.101: seq=1 ttl=63 time=0.461 ms
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.461/0.490/0.520 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=63 time=0.465 ms
64 bytes from 172.16.10.102: seq=1 ttl=63 time=0.562 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.465/0.513/0.562 ms
 
大致的通信流程如下:
 
 

057、macvlan 网络隔离和连通(2019-03-26 周二)的更多相关文章

  1. 第 8 章 容器网络 - 057 - macvlan 网络隔离和连通

    macvlan 网络隔离和连通 验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4. 即:同一 macvlan 网络能通信. bb ...

  2. macvlan 网络隔离和连通 - 每天5分钟玩转 Docker 容器技术(57)

    上一节我们创建了两个 macvlan 并部署了容器,网络结构如下: 本节验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4.即:同 ...

  3. 2019.03.26 bzoj4446: [Scoi2015]小凸玩密室(树形dp)

    传送门 题意简述: 给一棵完全二叉树,有点权aia_iai​和边权,每个点有一盏灯,现在要按一定要求点亮: 任意时刻点亮的灯泡必须连通 点亮一个灯泡后必须先点亮其子树 费用计算如下:点第一盏灯不要花费 ...

  4. zabbix学习笔记----安装----2019.03.26

    1.zabbix官方yum源地址:repo.zabbix.com 2.安装zabbix server zabbix server使用mysql作为数据库,在zabbix 3.X版本,安装zabbix- ...

  5. 2019.03.26 bzoj4448: [Scoi2015]情报传递(归并排序+树链剖分)

    传送门 题意简述: 给一棵nnn个点的树,树上每个点表示一个情报员,一共有mmm天,每天会派发以下两种任务中的一个任务: 1.搜集情报:指派T号情报员搜集情报 2.传递情报:将一条情报从X号情报员传递 ...

  6. 2019.03.26 bzoj4444: [Scoi2015]国旗计划(线段树+倍增)

    传送门 题意简述:现在给你一个长度为mmm的环,有nnn条互不包含的线段,问如果强制选第iii条线段至少需要用几条线段覆盖这个环,注意用来的覆盖的线段应该相交,即[1,3],[4,5][1,3],[4 ...

  7. 2019.03.26 bzoj4447: [Scoi2015]小凸解密码(线段树)

    传送门 题意简述:咕咕咕 思路:考虑预处理出bbb数组,然后每次改动aaa都只会对第iii和i+1i+1i+1这两个位置产生影响,于是可以用线段树来维护bbb数组. 现在求答案的方法是断环为链,倍增整 ...

  8. 2019.03.26 读书笔记 关于for与foreach

    for 是索引器,foreach是迭代器 foreach在movenext()中增加了对集合版本(一个整数,每次对集合修改都+1)的验证,另外反编译后的效果是使用了using(是try finally ...

  9. 2019.03.26 读书笔记 关于event

    event 主要是给委托加了一层保护,不能任意的 class.delegate=null,class.delegate=fun1,不能由调用者去任意支配,而是由class自己去增加或减少,用+=.-= ...

随机推荐

  1. windows 下项目打包、备份、覆盖、md5check

    工具从网络自行下载,目前我存储在网盘上,可下载后调用 更新包打包.创建md5,压缩成.zip 现有项目按日期备份 覆盖项目并做md5check @echo off rem ============== ...

  2. Android多种方法显示当前日期和时间

    文章选自StackOverflow(简称:SOF)精选问答汇总系列文章之一,本系列文章将为读者分享国外最优质的精彩问与答,供读者学习和了解国外最新技术.本文探讨Android显示当前日期和时间的方法. ...

  3. 「SCOI2016」美味 解题报告

    「SCOI2016」美味 状态极差无比,一个锤子题目而已 考虑每次对\(b\)和\(d\)求\(c=d \ xor \ (a+b)\)的最大值,因为异或每一位是独立的,所以我们可以尝试按位贪心. 如果 ...

  4. docker-compose.yml(1)

    docker-compose 常用命令 Commands: build Build or rebuild services bundle Generate a Docker bundle from t ...

  5. centos7安装较高版本python3.5/3.6

    应用环境: Centos7或者RHEL7下默认安装的python版本为2.7.x,更新不够及时,现在很多时候需要额外安装较高版本的python环境, 网上搜罗一圈总结记录一下常用两种方式: ① 源码编 ...

  6. Zabbix监控服务器硬盘状态

    安装Iptables服务: [root@localhost /]# yum install iptables-services [root@localhost /]# vim /etc/sysconf ...

  7. 安装PHP ImageMagick笔记

    安装过程 $ pecl install imagick 当提示Please provide the prefix of Imagemagick installation [autodetect] :直 ...

  8. 【模板】splay维护序列

    题目大意:维护一个长度为 N 的序列,支持单点插入,单点询问. 注意事项如下: build 函数中要记得初始化 fa. 插入两个端点值. 代码如下 #include <bits/stdc++.h ...

  9. Java IO流篇

    什么是IO流 思考问题 如何读写文件? 解决--通过流读写文件 流是指一连串流动的字符,以先进先出传输信息的通道. Java操控硬盘上的文件,通过IO流来实现 Java流的分类 按流向区分 ---输出 ...

  10. VMware加载vmdk文件

    VMware软件文件菜单选择---映射虚拟磁盘选项,如图1所示