• 欢迎访问蜷缩的蜗牛博客 蜷缩的蜗牛
  • 微信搜索: 蜷缩的蜗牛 | 联系站长 kbsonlong@qq.com
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏吧

Docker 容器之间创建点对点连接

Docker 蜷缩的蜗牛 1年前 (2017-04-18) 15次浏览 已收录 0个评论

默认情况下,Docker 会将所有容器连接到由 docker0 提供的虚拟子网中。用户有时候需要两个容器之间可以直连通信,而不用通过主机网桥进行桥接。可以创建一对 peer 接口,分别放到两个容器中,配置成点到点链路类型即可!

 

1、创建两个容器

[root@localhost ~]# docker run -it --rm --net=none nginx /bin/bash
root@bcd913e5b703:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
root@bcd913e5b703:/# 


[root@localhost ~]# docker run -it --rm --net=none nginx /bin/bash
root@62bc91ba87e2:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
root@62bc91ba87e2:/#

因为使用–net=none 参数,所以两个容器创建之后没有配置 ip

 

2、查看两个容器对应的进程 ID

[root@localhost data]# docker inspect -f '{{.State.Pid}}' bcd913e5b703
51233
[root@localhost data]# docker inspect -f '{{.State.Pid}}' 62bc91ba87e2
51392
[root@localhost data]#

 

3、创建网络命名空间的跟踪文件

[root@localhost data]# mkdir -p /var/run/netns/
[root@localhost data]# ln -s /proc/51233/ns/net /var/run/netns/51233
[root@localhost data]# ln -s /proc/51392/ns/net /var/run/netns/51392
[root@localhost data]# ll /var/run/netns/
total 0
lrwxrwxrwx 1 root root 18 Apr 18 11:42 51233 -> /proc/51233/ns/net
lrwxrwxrwx 1 root root 18 Apr 18 11:42 51392 -> /proc/51392/ns/net
[root@localhost data]#

 

4、创建一对 peer 网络接口,然后配置路由

[root@localhost data]# ip link add A type veth peer name B
[root@localhost data]# 
[root@localhost data]# ip link set A netns 51233
[root@localhost data]# ip netns exec 51233 ip addr add 10.1.1.1/32 dev A
[root@localhost data]# ip netns exec 51233 ip link set A up
[root@localhost data]# ip netns exec 51233 ip route add 10.1.1.2/32 dev A
[root@localhost data]# 
[root@localhost data]# 
[root@localhost data]# ip link set B netns 51392
[root@localhost data]# ip netns exec 51392 ip addr add 10.1.1.2/32 dev B
[root@localhost data]# ip netns exec 51392 ip link set B up
[root@localhost data]# ip netns exec 51392 ip route add 10.1.1.1/32 dev B
[root@localhost data]#

 

5、测试两个容器之间是否互通

root@bcd913e5b703:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
19: A@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 0a:e2:e3:f7:1b:21 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/32 scope global A
       valid_lft forever preferred_lft forever
    inet6 fe80::8e2:e3ff:fef7:1b21/64 scope link 
       valid_lft forever preferred_lft forever
root@bcd913e5b703:/# 
root@bcd913e5b703:/# ip route
10.1.1.2 dev A  scope link 
root@bcd913e5b703:/# 
root@bcd913e5b703:/# ping -c 3 10.1.1.2
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=0.987 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.117 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.096 ms
--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.096/0.400/0.987/0.415 ms
root@bcd913e5b703:/# 



root@62bc91ba87e2:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
18: B@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ee:92:cd:a5:58:2c brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.2/32 scope global B
       valid_lft forever preferred_lft forever
    inet6 fe80::ec92:cdff:fea5:582c/64 scope link 
       valid_lft forever preferred_lft forever
root@62bc91ba87e2:/# ip route
10.1.1.1 dev B  scope link 
root@62bc91ba87e2:/# 
root@62bc91ba87e2:/# ping -c 3 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.160 ms
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.099 ms
--- 10.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.075/0.111/0.160/0.036 ms
root@62bc91ba87e2:/#

 

可以看到刚刚配置的 peer,在两个容器中分别添加了A@if18B@if19 两张虚拟网卡,相互之间完成互通!


蜷缩的蜗牛 , 版权所有丨如未注明 , 均为原创丨 转载请注明Docker 容器之间创建点对点连接
喜欢 (0)
[]
分享 (0)

您必须 登录 才能发表评论!