相对于Linux bridge,使用Openvswitch构建overlay network更加简单直接。
机器环境
yy2 10.193.6.36
yy3 10.193.6.37
内核
4.1.10
创建容器
** 在yy2上 **
[root@yy2 ~]# docker run -itd --net=none --name=vmX busybox
d89ec0a35489ca2330efc0f309a815308c7104098f28cf221c3f41920ed84f6d
[root@yy2 ~]# ip link add vethX type veth peer name veth1
[root@yy2 ~]# ip link set veth1 netns 49f114a96775
[root@yy2 ~]# ip netns exec 49f114a96775 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
13: veth1@if14: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 3e:36:f1:9e:0e:76 brd ff:ff:ff:ff:ff:ff
[root@yy2 ~]# ip netns exec 49f114a96775 ip addr add 172.20.1.1/24 dev veth1
[root@yy2 ~]# ip netns exec 49f114a96775 ip link set veth1 up
[root@yy2 ~]# ip netns exec 49f114a96775 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
13: veth1@if14: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN qlen 1000
link/ether 3e:36:f1:9e:0e:76 brd ff:ff:ff:ff:ff:ff
inet 172.18.1.1/24 scope global veth1
valid_lft forever preferred_lft forever
[root@yy2 ~]# ovs-vsctl add-br br-int
[root@yy2 ~]# ovs-vsctl add-port br-int vethX
[root@yy2 ~]# ovs-vsctl set port vethX tag=20
[root@yy2 ~]# ovs-vsctl show
85e56285-2d5b-43ac-b697-1ffbf7dcf6aa
Bridge br-int
Port br-int
Interface br-int
type: internal
Port vethX
tag: 20
Interface vethX
ovs_version: "2.3.1"
** 在yy3上 **
[root@yy3 ~]# docker run -itd --net=none --name=vmY busybox
ac77cfbc9e84a7378b87f8c91801cd471e239153cd8f6e4fae197f68349bf71d
[root@yy3 ~]# ip link add vethY type veth peer name veth1
[root@yy3 ~]# ip link set veth1 netns f23b42e0f955
[root@yy3 ~]# ip netns exec f23b42e0f955 ip addr add 172.20.1.2/24 dev veth1
[root@yy3 ~]# ip netns exec f23b42e0f955 ip link set veth1 up
[root@yy3 ~]# ip netns exec f23b42e0f955 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: veth1@if11: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN qlen 1000
link/ether 0e:b3:e0:43:ae:bc brd ff:ff:ff:ff:ff:ff
inet 172.18.1.2/24 scope global veth1
valid_lft forever preferred_lft forever
[root@yy3 ~]# ovs-vsctl show
b6acce5a-9955-4163-8102-2a66188c8f42
Bridge br-int
Port vethY
tag: 20
Interface vethY
Port br-int
Interface br-int
type: internal
ovs_version: "2.3.1"
创建GRE/VXLAN tunnel
** GRE tunnel **
[root@yy2 ~]# ovs-vsctl add-port br-int gre0 -- set interface gre0 type=gre options:remote_ip=10.193.6.37
[root@yy2 ~]# ovs-vsctl show
85e56285-2d5b-43ac-b697-1ffbf7dcf6aa
Bridge br-int
Port br-int
Interface br-int
type: internal
Port vethX
tag: 20
Interface vethX
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="10.193.6.37"}
ovs_version: "2.3.1"
[root@yy3 ~]# ovs-vsctl add-port br-int gre0 -- set interface gre0 type=gre options:remote_ip=10.193.6.36
[root@yy3 ~]# ovs-vsctl show
b6acce5a-9955-4163-8102-2a66188c8f42
Bridge br-int
Port vethY
tag: 20
Interface vethY
Port br-int
Interface br-int
type: internal
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="10.193.6.36"}
ovs_version: "2.3.1"
** VXLAN tunnel **
[root@yy2 ~]# ovs-vsctl add-port br-int vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=10.193.6.37
[root@yy2 ~]# ovs-vsctl show
85e56285-2d5b-43ac-b697-1ffbf7dcf6aa
Bridge br-int
Port "vxlan1"
Interface "vxlan1"
type: vxlan
options: {remote_ip="10.193.6.37"}
Port br-int
Interface br-int
type: internal
Port vethX
Interface vethX
ovs_version: "2.3.1"
[root@yy3 ~]# ovs-vsctl add-port br-int vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=10.193.6.36
[root@yy3 ~]# ovs-vsctl show
b6acce5a-9955-4163-8102-2a66188c8f42
Bridge br-int
Port vethY
Interface vethY
Port br-int
Interface br-int
type: internal
Port "vxlan1"
Interface "vxlan1"
type: vxlan
options: {remote_ip="10.193.6.36"}
ovs_version: "2.3.1"
测试网络
[root@yy2 ~]# ip netns exec 49f114a96775 ping 172.20.1.2
PING 172.20.1.2 (172.20.1.2) 56(84) bytes of data.
64 bytes from 172.20.1.2: icmp_seq=1 ttl=64 time=1.41 ms
64 bytes from 172.20.1.2: icmp_seq=2 ttl=64 time=0.533 ms
64 bytes from 172.20.1.2: icmp_seq=3 ttl=64 time=0.539 ms
64 bytes from 172.20.1.2: icmp_seq=4 ttl=64 time=0.454 ms
64 bytes from 172.20.1.2: icmp_seq=5 ttl=64 time=0.631 ms
网络结构
GRE协议
相比VXLAN,GRE直接基于IP实现tunnel,而VXLAN是基于UDP实现tunnel。