容器網絡實驗（二）：模擬flannel vxlan模式

• 前置知識：

FDB表：Forwarding DataBase，相當於交換機的mac表

• 實驗拓撲

 

• 創建vxlan網卡(注意vxlan0的mac地址，後面手動添加arp和fdb表需要用到)

host1:
ip link add vxlan0 type vxlan id 42 dstport 4789 local 192.168.120.128 dev ens33 nolearning
ip link set vxlan0 up
ip addr add 172.17.10.0/32 dev vxlan0
ip ‐d link show vxlan0
16: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 66:2a:06:96:eb:9d brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 42 local 192.168.120.128 dev ens33 srcport 0 0 dstport 4789 nol
earning ageing 300 noudpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode
eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 6553

host2:
ip link add vxlan0 type vxlan id 42 dstport 4789 local 192.168.120.131 dev ens33 nolearning
ip link set vxlan0 up
ip addr add 172.17.1.0/32 dev vxlan0
ip ‐d link show vxlan0
16: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000 link/ether 22:b3:c4:a4:15:ec brd ff:ff:ff:ff:ff:ff promiscuity 0
16 vxlan id 42 local 192.168.120.131 dev ens33 srcport 0 0 dstport 4789 no
learning ageing 300 addrgenmode none

 

• 創建網橋

host1:
ip link add bridge0 type bridge
ip link set bridge0 up
ip addr add 172.17.10.1/24 dev bridge0

host2:
ip link add bridge0 type bridge
ip link set bridge0 up
ip addr add 172.17.1.1/24 dev bridge0

• 創建容器網絡

host1:
ip link set dev veth1 master bridge0
ip link set dev veth1 up
ip link set dev veth1 mtu 1450 up
ip link set dev veth0 netns docker1
ip netns exec docker1 ifconfig veth0 mtu 1450 172.17.10.3/24 up
ip netns exec docker1 ip route add default via 172.17.10.1 dev veth0

host2:
ip link set dev veth1 master bridge0
ip link set dev veth1 up
ip link set dev veth1 mtu 1450 up
ip link set dev veth0 netns docker1
ip netns exec docker1 ifconfig veth0 mtu 1450 172.17.1.3/24 up
ip netns exec docker1 ip route add default via 172.17.1.1 dev veth0

• 添加主機路由

host1：
ip route add 172.17.1.0/24 via 172.17.1.0 dev vxlan0 onlink

host2:
ip route add 172.17.10.0/24 via 172.17.10.0 dev vxlan0 onlink

• 手動添加ARP表

host1:
ip neigh add 172.17.1.0 lladdr 22:b3:c4:a4:15:ec dev vxlan0

host2:
ip neigh add 172.17.10.0 lladdr 66:2a:06:96:eb:9d dev vxlan0

• 手動添加FDB表

host1:
bridge fdb append 22:b3:c4:a4:15:ec dev vxlan0 dst 192.168.120.131

host2:
bridge fdb append 66:2a:06:96:eb:9d dev vxlan0 dst 192.168.120.128

• 驗證聯通性：

host1:
ip netns exec docker1 ping 172.17.1.3
PING 172.17.1.3 (172.17.1.3) 56(84) bytes of data.
64 bytes from 172.17.1.3: icmp_seq=1 ttl=62 time=20.6 ms
64 bytes from 172.17.1.3: icmp_seq=2 ttl=62 time=0.344 ms