背景说明

overlay网络字面意思就是叠加的网络,指的就是在物理网络层上再搭建一层网络,通过某种技术再构建一张相同的网络,这张称为逻辑网。也就是说我们想要两台主机的容器进行通讯,首先这两台主机自己要可以通讯,然后在这个物理机的基础之上部署一张逻辑层的网络,他具有物理网络的所有特性,跟物理网络一模一样。
Docker Overlay网络需要一个Key-value数据库存储网络状态的信息,如节点发现、网络、endpoints、IP地址等信息。Docker支持consul、Etcd、ZooKeeper等。

可以识别容器的主机名称进行PING

解决方案

网卡检查

  1. [root@vm2 docker]# ip addr show ens33
  2. 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
  3.     link/ether 00:0c:29:43:2c:2d brd ff:ff:ff:ff:ff:ff
  4.     inet 192.168.184.142/24 brd 192.168.184.255 scope global noprefixroute dynamic ens33
  5.        valid_lft 1140sec preferred_lft 1140sec
  6.     inet6 fe80::1d72:8c06:652b:cc91/64 scope link tentative noprefixroute dadfailed 
  7.        valid_lft forever preferred_lft forever
  8.     inet6 fe80::2452:200d:395f:968a/64 scope link noprefixroute 
  9.        valid_lft forever preferred_lft forever
  10. [root@vm2 docker]#

由于并没有包含PROMISC,通过如下命令进行开启

  1. [root@vm2 docker]# ip link  set ens33 promisc on
  2. [root@vm2 docker]# ip addr show ens33
  3. 2: ens33: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
  4.     link/ether 00:0c:29:43:2c:2d brd ff:ff:ff:ff:ff:ff
  5.     inet 192.168.184.142/24 brd 192.168.184.255 scope global noprefixroute dynamic ens33
  6.        valid_lft 1051sec preferred_lft 1051sec
  7.     inet6 fe80::1d72:8c06:652b:cc91/64 scope link tentative noprefixroute dadfailed 
  8.        valid_lft forever preferred_lft forever
  9.     inet6 fe80::2452:200d:395f:968a/64 scope link noprefixroute 
  10.        valid_lft forever preferred_lft forever
  11. [root@vm2 docker]#

Consul存储

Consul 是一个支持多数据中心分布式高可用的服务发现和配置共享的服务软件,由 HashiCorp 公司用 Go 语言开发, 基于 Mozilla Public License 2.0 的协议进行开源. Consul 支持健康检查,并允许 HTTP 和 DNS 协议调用 API 存储键值对.

网络拓扑

image.png

组件部署

这里为了简单,使用容器化部署

  1. [root@vm1 ~]# docker run -d --restart always -p 8400:8400 -p 8500:8500 -p 8600:53/udp -h consul progrium/consul -server -bootstrap -ui-dir /ui

访问浏览器,打开UI界面
image.png

这里为了简单,仅部署一个单节点的Consul集群

配置修改

192.168.121.143 vm1
编辑配置文件/etc/docker/daemon.json

  1. {
  2.    "registry-mirrors": ["https://b7j3uwrc.mirror.aliyuncs.com"],
  3.    "cluster-store":"consul://192.168.184.143:8500",
  4.    "cluster-advertise":"192.168.184.143:2376"
  5. }

cluster-store 表示存储在哪里,这里为consul地址 cluster-advertise 本机物理网卡地址,2376为默认端口

  1. [root@vm1 ~]# service  docker  restart
  2. Redirecting to /bin/systemctl restart docker.service
  3. [root@vm1 ~]# docker info
  4.  Cluster Store: consul://192.168.184.143:8500
  5.  Cluster Advertise: 192.168.184.143:2376

192.168.121.144 vm2
编辑配置文件/etc/docker/daemon.json

  1. {
  2.    "registry-mirrors": ["https://b7j3uwrc.mirror.aliyuncs.com"],
  3.    "cluster-store":"consul://192.168.184.143:8500",
  4.    "cluster-advertise":"192.168.184.144:2376"
  5. }

cluster-store 表示存储在哪里,这里为consul地址 cluster-advertise 本机物理网卡地址,2376为默认端口

  1. [root@vm2 docker]# service docker restart
  2. Redirecting to /bin/systemctl restart docker.service
  3. [root@vm2 docker]# 
  4. [root@vm2 ~]# docker info
  5.  Experimental: false
  6.  Cluster Store: consul://192.168.184.143:8500
  7.  Cluster Advertise: 192.168.184.144:2376

网络创建

192.168.121.143 vm1

[root@vm1 ~]# docker network create --driver overlay consulnet
9af60891175e544733e4d6b742c94c5584c137dde6ef4dc6924e688d98349240
[root@vm1 ~]# docker network ls
NETWORK ID     NAME        DRIVER    SCOPE
c6a4fae460a5   bridge      bridge    local
9af60891175e   consulnet   overlay   global
4a5006c650f6   host        host      local
a027c870d158   none        null      local
[root@vm1 ~]#

global表示全局生效 指定网络范围:docker network create —driver overlay —subnet 10.20.20.0/24 consulnet

192.168.121.144 vm2,vm1上创建的网络会自动同步到vm2上,直接查看即可

[root@vm2 ~]# docker network ls
NETWORK ID     NAME        DRIVER    SCOPE
362173a45382   bridge      bridge    local
9af60891175e   consulnet   overlay   global
4a5006c650f6   host        host      local
a027c870d158   none        null      local
[root@vm2 ~]#

global表示全局生效

容器创建

192.168.121.143 vm1

[root@vm1 ~]# docker run -it --network consulnet centos  /bin/bash
[root@2f8ffa04ed40 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
13: eth1@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth1
       valid_lft forever preferred_lft forever

192.168.121.144 vm2

[root@vm2 ~]# docker run -it --network consulnet centos  /bin/bash
[root@d6040610604b /]# 
[root@d6040610604b /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 02:42:0a:00:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
14: eth1@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth1
       valid_lft forever preferred_lft forever
[root@d6040610604b /]#

网络测试

192.168.121.143 vm1

[root@2f8ffa04ed40 /]# ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.615 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.785 ms
^C
--- 10.0.0.3 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.615/0.700/0.785/0.085 ms
[root@2f8ffa04ed40 /]# ping d6040610604b
PING d6040610604b (10.0.0.3) 56(84) bytes of data.
64 bytes from d6040610604b.consulnet (10.0.0.3): icmp_seq=1 ttl=64 time=0.629 ms
64 bytes from d6040610604b.consulnet (10.0.0.3): icmp_seq=2 ttl=64 time=0.817 ms
64 bytes from d6040610604b.consulnet (10.0.0.3): icmp_seq=3 ttl=64 time=0.817 ms
^C
--- d6040610604b ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.629/0.754/0.817/0.091 ms
[root@2f8ffa04ed40 /]#

192.168.121.144 vm2

[root@d6040610604b /]# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=3.65 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=1.81 ms
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.811/2.731/3.652/0.921 ms
[root@d6040610604b /]# ping 2f8ffa04ed40
PING 2f8ffa04ed40 (10.0.0.2) 56(84) bytes of data.
64 bytes from 2f8ffa04ed40.consulnet (10.0.0.2): icmp_seq=1 ttl=64 time=0.629 ms
64 bytes from 2f8ffa04ed40.consulnet (10.0.0.2): icmp_seq=2 ttl=64 time=0.436 ms
^C
--- 2f8ffa04ed40 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.436/0.532/0.629/0.099 ms
[root@d6040610604b /]#