在上一节中,两个host上四个容器的网络信息如下,然后进行网络连通性测试,可见通vlan的容器即使分布在不同的host上也是可以通信的,不同vlan的容器不管在不在同一个host上都不能通信
 
root@host1:~# docker exec bbox_10_1 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.101
root@host1:~# docker exec bbox_20_1 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.201
root@host2:~# docker exec bbox_10_2 ip r
default via 172.16.10.1 dev eth0
172.16.10.0/24 dev eth0 scope link  src 172.16.10.102
root@host2:~# docker exec bbox_20_2 ip r
default via 172.16.20.1 dev eth0
172.16.20.0/24 dev eth0 scope link  src 172.16.20.202
 
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=64 time=0.266 ms
64 bytes from 172.16.10.102: seq=1 ttl=64 time=0.359 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.266/0.312/0.359 ms
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_10_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
 
root@host1:~# docker exec bbox_20_1 ping -c 172.16.10.101
ping: invalid number '172.16.10.101'
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=64 time=0.073 ms
64 bytes from 172.16.20.201: seq=1 ttl=64 time=0.055 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.055/0.064/0.073 ms
root@host1:~# docker exec bbox_20_1 ping -c 2 172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=64 time=0.713 ms
64 bytes from 172.16.20.202: seq=1 ttl=64 time=0.400 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.400/0.556/0.713 ms
 
配置路由器,使不同vlan的容器进行通信,在找一台ubuntu服务器
 
#    1、启用转发功能
[root@docker-machine ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
 
#    2、配置对应两个vlan的子接口,并配置网关ip
[root@docker-machine ~]# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens160
iface ens160 inet static
    address 10.12.31.213
    netmask 255.255.252.0
    network 10.12.28.0
    broadcast 10.12.31.255
    gateway 10.12.28.6
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 10.12.28.6
    up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 ens160
auto ens192
iface ens192 inet manual
 
auto ens192.10
iface ens192.10 inet manual
vlan-raw-device ens192
 
auto ens192.20
iface ens192.20 inet manual
vlan-raw-device ens192
 
[root@docker-machine ~]# ifup ens192.10
WARNING:  Could not open /proc/net/vlan/config.  Maybe you need to load the 8021q module, or maybe you are not using PROCFS??
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 10 to IF -:ens192:-
[root@docker-machine ~]# ifup ens192.20
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 20 to IF -:ens192:-
 
[root@docker-machine ~]# ifconfig ens192.10 172.16.10.1/24
[root@docker-machine ~]# ifconfig ens192.20 172.16.20.1/24
 
#    3、配置转发规则
[root@docker-machine ~]# iptables -A FORWARD -i ens192.10 -o ens192.20 -j ACCEPT
[root@docker-machine ~]# iptables -A FORWARD -i ens192.20 -o ens192.10 -j ACCEPT
 
#    4、进行网络连通性验证
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.201
PING 172.16.20.201 (172.16.20.201): 56 data bytes
64 bytes from 172.16.20.201: seq=0 ttl=63 time=0.557 ms
64 bytes from 172.16.20.201: seq=1 ttl=63 time=0.458 ms
--- 172.16.20.201 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.458/0.507/0.557 ms
root@host1:~# docker exec bbox_10_1 ping -c 2  172.16.20.202
PING 172.16.20.202 (172.16.20.202): 56 data bytes
64 bytes from 172.16.20.202: seq=0 ttl=63 time=1.387 ms
64 bytes from 172.16.20.202: seq=1 ttl=63 time=0.409 ms
--- 172.16.20.202 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.409/0.898/1.387 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.101
PING 172.16.10.101 (172.16.10.101): 56 data bytes
64 bytes from 172.16.10.101: seq=0 ttl=63 time=0.520 ms
64 bytes from 172.16.10.101: seq=1 ttl=63 time=0.461 ms
--- 172.16.10.101 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.461/0.490/0.520 ms
root@host1:~# docker exec bbox_20_1 ping -c 2  172.16.10.102
PING 172.16.10.102 (172.16.10.102): 56 data bytes
64 bytes from 172.16.10.102: seq=0 ttl=63 time=0.465 ms
64 bytes from 172.16.10.102: seq=1 ttl=63 time=0.562 ms
--- 172.16.10.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.465/0.513/0.562 ms
 
大致的通信流程如下:
 
 

057、macvlan 网络隔离和连通(2019-03-26 周二)的更多相关文章

  1. 第 8 章 容器网络 - 057 - macvlan 网络隔离和连通

    macvlan 网络隔离和连通 验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4. 即:同一 macvlan 网络能通信. bb ...

  2. macvlan 网络隔离和连通 - 每天5分钟玩转 Docker 容器技术(57)

    上一节我们创建了两个 macvlan 并部署了容器,网络结构如下: 本节验证 macvlan 之间的连通性. bbox1 能 ping 通 bbox3,bbox2 能 ping 通 bbox4.即:同 ...

  3. 2019.03.26 bzoj4446: [Scoi2015]小凸玩密室(树形dp)

    传送门 题意简述: 给一棵完全二叉树,有点权aia_iai​和边权,每个点有一盏灯,现在要按一定要求点亮: 任意时刻点亮的灯泡必须连通 点亮一个灯泡后必须先点亮其子树 费用计算如下:点第一盏灯不要花费 ...

  4. zabbix学习笔记----安装----2019.03.26

    1.zabbix官方yum源地址:repo.zabbix.com 2.安装zabbix server zabbix server使用mysql作为数据库,在zabbix 3.X版本,安装zabbix- ...

  5. 2019.03.26 bzoj4448: [Scoi2015]情报传递(归并排序+树链剖分)

    传送门 题意简述: 给一棵nnn个点的树,树上每个点表示一个情报员,一共有mmm天,每天会派发以下两种任务中的一个任务: 1.搜集情报:指派T号情报员搜集情报 2.传递情报:将一条情报从X号情报员传递 ...

  6. 2019.03.26 bzoj4444: [Scoi2015]国旗计划(线段树+倍增)

    传送门 题意简述:现在给你一个长度为mmm的环,有nnn条互不包含的线段,问如果强制选第iii条线段至少需要用几条线段覆盖这个环,注意用来的覆盖的线段应该相交,即[1,3],[4,5][1,3],[4 ...

  7. 2019.03.26 bzoj4447: [Scoi2015]小凸解密码(线段树)

    传送门 题意简述:咕咕咕 思路:考虑预处理出bbb数组,然后每次改动aaa都只会对第iii和i+1i+1i+1这两个位置产生影响,于是可以用线段树来维护bbb数组. 现在求答案的方法是断环为链,倍增整 ...

  8. 2019.03.26 读书笔记 关于for与foreach

    for 是索引器,foreach是迭代器 foreach在movenext()中增加了对集合版本(一个整数,每次对集合修改都+1)的验证,另外反编译后的效果是使用了using(是try finally ...

  9. 2019.03.26 读书笔记 关于event

    event 主要是给委托加了一层保护,不能任意的 class.delegate=null,class.delegate=fun1,不能由调用者去任意支配,而是由class自己去增加或减少,用+=.-= ...

随机推荐

  1. 爬虫_豆瓣电影top250 (正则表达式)

    一样的套路,就是多线程还没弄 import requests import re import json headers = 'Mozilla/5.0 (Windows NT 10.0; WOW64) ...

  2. android TextView字体设置最少占多少行. 及其 Java String 字符串操作 . .

    ①  字体设置: 修改代码 :  GridViewActivity.java priceTv为 TextView priceTv.setMaxLines(3); //当多与7个字fu的时候 , 其余字 ...

  3. windows7安装docker

    因为本机已经安装了git,所以这里取消勾选 配置环境变量 进入到D:\DockerToolbox 将D:\DockerToolbox下的boot2docker.iso 复制到C:\Users\my\. ...

  4. luogu5008 逛庭院 (tarjan缩点)

    首先如果这是一个DAG,我按照拓扑序倒着去选,一定能选到所有入度不为0的点 然后考虑有环的情况 我们拎出来一个强连通分量 先假设它缩点以后是没有入度的 那我最后它里面一定至少剩一个不能选 因为就剩一个 ...

  5. selenium 代理设置

    设置Firefox代理: from selenium import webdriver from selenium.webdriver.common.proxy import Proxy, Proxy ...

  6. CF1131E String Multiplication(???)

    这题难度2200,应该值了. 题目链接:CF原网 题目大意:定义两个字符串 $s$ 和 $t$($s$ 的长度为 $m$)的乘积为 $t+s_1+t+s_2+\dots+t+s_m+t$.定义一个字符 ...

  7. poj-3279 poj-1753(二进制枚举)

    题目链接:http://poj.org/problem?id=3279 题目大意: 有一个m*n的棋盘(1 ≤ M ≤ 15; 1 ≤ N ≤ 15),每个格子有两面分别是0或1,每次可以对一个格子做 ...

  8. A1127. ZigZagging on a Tree

    Suppose that all the keys in a binary tree are distinct positive integers. A unique binary tree can ...

  9. 【洛谷P2925 [USACO08DEC]干草出售Hay For Sale】

    题意翻译 题目描述 农民john面临一个很可怕的事实,因为防范失措他存储的所有稻草给澳大利亚蟑螂吃光了,他将面临没有稻草喂养奶牛的局面.在奶牛断粮之前,john拉着他的马车到农民Don的农场中买一些稻 ...

  10. vue在body上面绑定enter事件

    mounted () { this.bodyListener = (e) => { if (e.keyCode === 13 && e.target === document.b ...