docker(16):docker跨宿主机通信之macvlan
docker(16):docker跨宿主机通信macvlan
https://www.cnblogs.com/luoahong/p/10289072.html
1 什么是macvlan
默认一个物理网卡,只有一个物理地址,MacVLAN虚拟多个Mac地址
- macvlan 本身是 linux kernel 模块,其功能是允许在同一个物理网卡上配置多个 MAC 地址,
- 即多个 interface,每个 interface 可以配置自己的 IP。
- macvlan 本质上是一种网卡虚拟化技术
2 创建macvlan(宿主机都要执行)
docker network create --driver macvlan --subnet 192.168.0.0/24 --gateway 192.168.0.1 -o parent=ens33 macvlan_2
如果设置失败把网卡设置成混杂模式
ip link set eth0 promisc on
注意设置网关,我的是192.168.0.1 不小心设置成192.168.0.254 容器就上不了网
[root@docker-136 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 ens33 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@docker-136 ~]# [root@docker-136 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f50feb8398ad bridge bridge local 41e6b3ae3e5d host host local 906b0f4bce31 none null local [root@docker-136 ~]# docker network create --driver macvlan --subnet 192.168.0.0/24 --gateway 192.168.0.1 -o parent=ens33 macvlan_2 900b1b7e5fdc90fa97fca1fca4a204fe062e2a17d7c88b9382da3975d5db2aed [root@docker-136 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f50feb8398ad bridge bridge local 41e6b3ae3e5d host host local 900b1b7e5fdc macvlan_2 macvlan local 906b0f4bce31 none null local [root@docker-136 ~]# [root@docker-137 ~]# docker network create --driver macvlan --subnet 192.168.0.0/24 --gateway 192.168.0.1 -o parent=ens33 macvlan_2 ae49fc8860b517af54e5d79f5d6c6b540dafa67c2cc8f921752b098d900b1d0d [root@docker-137 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE c8561c180ed7 bridge bridge local 5c9470f72e9e host host local ae49fc8860b5 macvlan_2 macvlan local a98d56ca3b39 none null local [root@docker-137 ~]#
3 创建测试容器
136
[root@docker-136 ~]# docker run -it --name macvlan236 --network macvlan_2 --ip=192.168.0.236 centos7-ssh:v1 /bin/bash [root@1df5f33aafb2 /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.236 netmask 255.255.255.0 broadcast 192.168.0.255 ether 02:42:c0:a8:00:ec txqueuelen 0 (Ethernet) RX packets 67 bytes 6198 (6.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 42 bytes 3506 (3.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 7 bytes 612 (612.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7 bytes 612 (612.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@1df5f33aafb2 /]#
137
[root@docker-137 ~]# docker run -it --name macvlan237 --network macvlan_2 --ip=192.168.0.237 192.168.0.136:5000/centos-7-ssh-nginx:v1 /bin/bash [root@bd45fabb6692 /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.237 netmask 255.255.255.0 broadcast 192.168.0.255 ether 02:42:c0:a8:00:ed txqueuelen 0 (Ethernet) RX packets 97 bytes 9123 (8.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 83 bytes 5527 (5.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 56 bytes 6050 (5.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 56 bytes 6050 (5.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@bd45fabb6692 /]#
4 网络测试
136容器
[root@1df5f33aafb2 /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.236 netmask 255.255.255.0 broadcast 192.168.0.255 ether 02:42:c0:a8:00:ec txqueuelen 0 (Ethernet) RX packets 23 bytes 2064 (2.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20 bytes 1848 (1.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@1df5f33aafb2 /]# ping 192.168.0.136 PING 192.168.0.136 (192.168.0.136) 56(84) bytes of data. ^C --- 192.168.0.136 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2001ms [root@1df5f33aafb2 /]# ping 192.168.0.137 PING 192.168.0.137 (192.168.0.137) 56(84) bytes of data. 64 bytes from 192.168.0.137: icmp_seq=1 ttl=64 time=22.0 ms 64 bytes from 192.168.0.137: icmp_seq=2 ttl=64 time=0.609 ms ^C --- 192.168.0.137 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.609/11.348/22.087/10.739 ms [root@1df5f33aafb2 /]# ping 192.168.0.237 PING 192.168.0.237 (192.168.0.237) 56(84) bytes of data. 64 bytes from 192.168.0.237: icmp_seq=1 ttl=64 time=0.769 ms 64 bytes from 192.168.0.237: icmp_seq=2 ttl=64 time=1.01 ms ^C --- 192.168.0.237 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.769/0.891/1.013/0.122 ms [root@1df5f33aafb2 /]# ping www.baid.com PING www.baid.com (47.254.33.193) 56(84) bytes of data. 64 bytes from 47.254.33.193 (47.254.33.193): icmp_seq=1 ttl=49 time=270 ms 64 bytes from 47.254.33.193 (47.254.33.193): icmp_seq=3 ttl=49 time=221 ms 64 bytes from 47.254.33.193 (47.254.33.193): icmp_seq=4 ttl=49 time=241 ms 64 bytes from 47.254.33.193 (47.254.33.193): icmp_seq=5 ttl=49 time=264 ms 64 bytes from 47.254.33.193 (47.254.33.193): icmp_seq=6 ttl=49 time=389 ms ^C --- www.baid.com ping statistics --- 7 packets transmitted, 5 received, 28% packet loss, time 15423ms rtt min/avg/max/mdev = 221.696/277.355/389.316/58.608 ms [root@1df5f33aafb2 /]#
137容器
[root@bd45fabb6692 /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.237 netmask 255.255.255.0 broadcast 192.168.0.255 ether 02:42:c0:a8:00:ed txqueuelen 0 (Ethernet) RX packets 39 bytes 3983 (3.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 65 bytes 4080 (3.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 52 bytes 5652 (5.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 52 bytes 5652 (5.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@bd45fabb6692 /]# ping 192.168.0.236 PING 192.168.0.236 (192.168.0.236) 56(84) bytes of data. 64 bytes from 192.168.0.236: icmp_seq=1 ttl=64 time=0.627 ms 64 bytes from 192.168.0.236: icmp_seq=2 ttl=64 time=0.657 ms ^C --- 192.168.0.236 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.627/0.642/0.657/0.015 ms [root@bd45fabb6692 /]# ping www.baidu.com PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data. 64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=54 time=36.1 ms 64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=54 time=38.5 ms 64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=54 time=43.7 ms ^C --- www.a.shifen.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2013ms rtt min/avg/max/mdev = 36.104/39.486/43.781/3.207 ms [root@bd45fabb6692 /]# ping 192.168.0.136 PING 192.168.0.136 (192.168.0.136) 56(84) bytes of data. 64 bytes from 192.168.0.136: icmp_seq=1 ttl=64 time=1.22 ms 64 bytes from 192.168.0.136: icmp_seq=2 ttl=64 time=0.766 ms 64 bytes from 192.168.0.136: icmp_seq=3 ttl=64 time=0.735 ms 64 bytes from 192.168.0.136: icmp_seq=4 ttl=64 time=0.968 ms ^C --- 192.168.0.136 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.735/0.923/1.226/0.199 ms [root@bd45fabb6692 /]#
5 ssh连接测试
136连接137的容器237(开启sshd)
[root@docker-136 ~]# ssh 192.168.0.237 ssh: connect to host 192.168.0.237 port 22: Connection refused [root@docker-136 ~]# ssh 192.168.0.237 The authenticity of host '192.168.0.237 (192.168.0.237)' can't be established. ECDSA key fingerprint is SHA256:uNkFtNo3Apmcpa/fiMsRfxLvVMwi5azBNFvL994fbhs. ECDSA key fingerprint is MD5:00:3c:fe:77:ae:ed:20:d5:54:fb:9c:85:e6:cb:f2:93. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.237' (ECDSA) to the list of known hosts. root@192.168.0.237's password: [root@ bd45fabb6692 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.237 netmask 255.255.255.0 broadcast 192.168.0.255 ether 02:42:c0:a8:00:ed txqueuelen 0 (Ethernet) RX packets 107 bytes 11270 (11.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 74 bytes 7629 (7.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 16 bytes 1632 (1.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16 bytes 1632 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@ bd45fabb6692 ~]#
6 总结
优点
1、性能比较好,
2、有centos可以把它当作物理机用 占的资源更少
缺点
1、每次ip地址需要手动设置
2、两台主机共同用一个ip地址不会报错,导致第三台访问有问题
使用macVLAN模式的容器,无法ping通宿主机,宿主机也无法ping通该容器,对其他同网段的服务器和容器都可以联通。
注意设置网关,否则容器上不了网
