docker容器namespace点对点通信

2018-10-18 本文已影响0人周鹏宇1994

起两个container不给netdev

[root@docker_server ~]# docker run -it --name ub1 --network none --rm docker.testdomain.com/username/ubuntu:net-tools   
root@744961d5f44a:/# 
root@744961d5f44a:/# 
root@744961d5f44a:/# ifconfig 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@744961d5f44a:/# [root@docker_server ~]# 
[root@docker_server ~]# docker run -it --name ub2 --network none --rm docker.testdomain.com/username/ubuntu:net-tools  
root@435a66dbd5b2:/# 
root@435a66dbd5b2:/# ifconfig 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

查看两个container对应的pid，链接到/var/run/netns/[pid]

root@435a66dbd5b2:/# [root@docker_server ~]# 
[root@docker_server ~]# docker inspect -f '{{.State.Pid}}' ub1
4584
[root@docker_server ~]# docker inspect -f '{{.State.Pid}}' ub2
4669

[root@docker_server ~]# ln -sf /proc/4584/ns/net /var/run/netns/4584 
[root@docker_server ~]# ln -sf /proc/4669/ns/net /var/run/netns/4669

创建对应pid的ns，并给ip路由。

[root@docker_server ~]# ip link add A1 type veth peer name B1
[root@docker_server ~]# ip link set A1 netns 4584
[root@docker_server ~]# ip link set B1 netns 4669
[root@docker_server ~]# ip netns exec 4584 ip addr add 10.1.1.1/32 dev A1
[root@docker_server ~]# ip netns exec 4669 ip addr add 10.1.1.2/32 dev B1
[root@docker_server ~]# ip netns exec 4584 ip route add 10.1.1.2/32 dev A1
[root@docker_server ~]# ip netns exec 4669 ip route add 10.1.1.1/32 dev B1

切到container看接口给进去没，ping一下

[root@docker_server ~]# docker attach ub1
root@744961d5f44a:/# 
root@744961d5f44a:/# 
root@744961d5f44a:/# 
root@744961d5f44a:/# ifconfig 
A1        Link encap:Ethernet  HWaddr b2:8d:5f:cf:e8:72  
          inet addr:10.1.1.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@744961d5f44a:/# ip route show 
10.1.1.2 dev A1  scope link 
root@744961d5f44a:/# ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.242 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.112 ms
^C
--- 10.1.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.112/0.177/0.242/0.065 ms
root@744961d5f44a:/#

docker容器namespace点对点通信

起两个container不给netdev

查看两个container对应的pid，链接到/var/run/netns/[pid]

创建对应pid的ns，并给ip路由。

切到container看接口给进去没，ping一下

猜你喜欢

热点阅读