标签：互联 10.20 0.1 主机 宿主机 bytes 10.10 docker root

容器跨主机互联指的是A宿主机的容器可以访问B宿主机上的容器，需要保证各宿主机之间的网络是互通的，然后容器可以通过宿主机的网络访问到其他宿主机的容器。其实现原理就是在宿主机做网络路由即可实现。对于复杂的网络或者大型网络可以使用google开源的k8s进行互联。

 

主机	地址	docker版本
A	10.0.0.20/24	20.10.7
B	10.0.0.30/24	18.06.0-ce

 

修改A宿主机的网络

docker网桥docker0的默认网段是172.17.0.x/24，所以需要修改docker0的网段

[root@mysql ~]# vim /lib/systemd/system/docker.service 

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip=10.10.0.1/24
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

重启docker，验证网卡信息

[root@mysql ~]# systemctl daemon-reload 
[root@mysql ~]# systemctl restart docker

[root@mysql ~]# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.10.0.1  netmask 255.255.255.0  broadcast 10.10.0.255
        ether 02:42:d5:8c:4a:65  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

更改B主机的网段

[root@apache ~]# vim /lib/systemd/system/docker.service 

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --bip=10.20.0.1/24

重启docker，验证网卡信息

[root@apache ~]# systemctl daemon-reload 

[root@apache ~]# systemctl restart docker

[root@apache ~]# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.20.0.1  netmask 255.255.255.0  broadcast 10.20.0.255
        ether 02:42:68:b5:6a:ff  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

两宿主机启动容器

# 宿主机A：

[root@mysql ~]# docker run -it -p 8080:8080 tomcat-web:app1 bash
[root@681cb1ccfe84 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.0.2  netmask 255.255.255.0  broadcast 10.10.0.255
        ether 02:42:0a:0a:00:02  txqueuelen 0  (Ethernet)
        RX packets 11  bytes 1042 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

# 宿主机B：

[root@apache ~]# docker run -it -p 8080:8080 tomcat:v8.5 bash
[root@b05716f2f0fb /]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.0.2  netmask 255.255.255.0  broadcast 10.20.0.255
        ether 02:42:0a:14:00:02  txqueuelen 0  (Ethernet)
        RX packets 12  bytes 1016 (1016.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

测试当前网络是否通畅

# A主机容器 测试到 B主机容器的网络

[root@681cb1ccfe84 /]# ping 10.20.0.1
PING 10.20.0.1 (10.20.0.1) 56(84) bytes of data.
^C
--- 10.20.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 34ms

# 在宿主机B 测试到 宿主机A的网络：

[root@b05716f2f0fb /]# ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2) 56(84) bytes of data.
From 10.0.0.30 icmp_seq=1 Destination Host Unreachable
From 10.0.0.30 icmp_seq=2 Destination Host Unreachable
From 10.0.0.30 icmp_seq=3 Destination Host Unreachable
From 10.0.0.30 icmp_seq=4 Destination Host Unreachable

在宿主机A添加静态路由

[root@mysql ~]# route add -net 10.20.0.0/24 gw 10.0.0.30

[root@mysql ~]# iptables -D FORWARD -s 10.0.0.0/24 -j ACCEPT

再次在A宿主机容器测试到B主机容器

[root@681cb1ccfe84 /]# ping 10.20.0.1
PING 10.20.0.1 (10.20.0.1) 56(84) bytes of data.
64 bytes from 10.20.0.1: icmp_seq=1 ttl=63 time=0.568 ms
^C
--- 10.20.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.568/0.568/0.568/0.000 ms

在宿主机B添加路由

[root@apache ~]#  route add -net 10.10.0.0/24 gw 10.0.0.20

[root@apache ~]# iptables -A FORWARD -s 10.10.0.0/24 -j ACCEPT

再次在B宿主机容器测试到A主机容器

[root@b05716f2f0fb /]# ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2) 56(84) bytes of data.
64 bytes from 10.10.0.2: icmp_seq=1 ttl=62 time=0.293 ms
64 bytes from 10.10.0.2: icmp_seq=2 ttl=62 time=0.465 ms
^C
--- 10.10.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.293/0.379/0.465/0.086 ms

抓包

[root@apache ~]# tcpdump icmp -vnn -i eth0 
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:50:43.592855 IP (tos 0x0, ttl 63, id 35056, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.20 > 10.20.0.1: ICMP echo request, id 26, seq 27, length 64
13:50:43.592895 IP (tos 0x0, ttl 64, id 21510, offset 0, flags [none], proto ICMP (1), length 84)
    10.20.0.1 > 10.0.0.20: ICMP echo reply, id 26, seq 27, length 64

 

标签：互联,10.20,0.1,主机,宿主机,bytes,10.10,docker,root
来源： https://www.cnblogs.com/zh-dream/p/14972075.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。