背景说明

通过静态路由的方式可以实现跨主机的网络通信,需要确保两个宿主机的容器网络范围不在同一个网段。

不能识别容器的主机名称进行PING

解决方案

检查环境

确保宿主机开启了路由转发配置

  1. [root@vm1 ~]#  cat /etc/sysctl.conf
  2. net.ipv4.ip_forward = 1
  3. [root@vm1 ~]#

如果不是这样则使用命令: echo ‘net.ipv4.ip_forward = 1’ >> /etc/sysctl.conf

网段划分

主机 容器网段
192.168.184.143 vm1 192.168.100.1/24
192.168.184.144 vm2 192.168.200.1/24

通过修改bip配置参数对容器网络进行划分
192.168.184.143 vm1

  1. [root@vm1 docker]# ip addr show docker0
  2. 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
  3.     link/ether 02:42:30:d3:8b:ce brd ff:ff:ff:ff:ff:ff
  4.     inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
  5.        valid_lft forever preferred_lft forever
  6.     inet6 fe80::42:30ff:fed3:8bce/64 scope link 
  7.        valid_lft forever preferred_lft forever
  8. [root@vm1 docker]#

192.168.184.144 vm2

  1. [root@vm2 docker]# ip addr show docker0 
  2. 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
  3.     link/ether 02:42:67:f3:66:71 brd ff:ff:ff:ff:ff:ff
  4.     inet 192.168.200.1/24 brd 192.168.200.255 scope global docker0
  5.        valid_lft forever preferred_lft forever
  6. [root@vm2 docker]#

路由配置

192.168.184.143 vm1

  1. [root@vm1 ~]# ip route add 192.168.200.0/24 via 192.168.184.144
  2. [root@vm1 ~]# ip route
  3. default via 192.168.184.2 dev ens33 proto dhcp metric 100 
  4. 192.168.100.0/24 dev docker0 proto kernel scope link src 192.168.100.1 
  5. 192.168.184.0/24 dev ens33 proto kernel scope link src 192.168.184.143 metric 100 
  6. 192.168.200.0/24 via 192.168.184.144 dev ens33 
  7. [root@vm1 ~]#

192.168.184.144 vm2

  1. [root@vm2 ~]# ip route add 192.168.100.0/24 via 192.168.184.143
  2. [root@vm2 ~]# ip route 
  3. default via 192.168.184.2 dev ens33 proto dhcp metric 100 
  4. 192.168.100.0/24 via 192.168.184.143 dev ens33 
  5. 192.168.184.0/24 dev ens33 proto kernel scope link src 192.168.184.144 metric 100 
  6. 192.168.200.0/24 dev docker0 proto kernel scope link src 192.168.200.1 
  7. [root@vm2 ~]#

一定要先创建路由规则,后创建容器,否则可能网络不通。

容器创建

192.168.184.143 vm1

  1. [root@vm1 docker]# docker run -it centos /bin/bash
  2. [root@a92743aa8cf2 /]# 
  3. [root@a92743aa8cf2 /]# ip addr
  4. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  5.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  6.     inet 127.0.0.1/8 scope host lo
  7.        valid_lft forever preferred_lft forever
  8. 6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
  9.     link/ether 02:42:c0:a8:64:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
  10.     inet 192.168.100.2/24 brd 192.168.100.255 scope global eth0
  11.        valid_lft forever preferred_lft forever
  12. [root@a92743aa8cf2 /]#

192.168.184.144 vm2

  1. [root@vm2 docker]# docker run -it centos /bin/bash
  2. [root@45baac99c6ce /]# ip addr
  3. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  4.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  5.     inet 127.0.0.1/8 scope host lo
  6.        valid_lft forever preferred_lft forever
  7. 4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
  8.     link/ether 02:42:c0:a8:c8:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
  9.     inet 192.168.200.2/24 brd 192.168.200.255 scope global eth0
  10.        valid_lft forever preferred_lft forever
  11. [root@45baac99c6ce /]#

网络测试

192.168.184.143 vm1

  1. [root@vm1 ~]# ping 192.168.200.1
  2. PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
  3. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.555 ms
  4. 64 bytes from 192.168.200.1: icmp_seq=2 ttl=64 time=0.478 ms
  5. [root@88330f2865ad /]# ping 192.168.200.1
  6. PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
  7. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=63 time=0.305 ms
  8. 64 bytes from 192.168.200.1: icmp_seq=2 ttl=63 time=0.521 ms

192.168.184.144 vm2

  1. [root@vm2 ~]# ping 192.168.100.2
  2. PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
  3. 64 bytes from 192.168.100.2: icmp_seq=1 ttl=63 time=0.475 ms
  4. 64 bytes from 192.168.100.2: icmp_seq=2 ttl=63 time=0.463 ms
  5. 64 bytes from 192.168.100.2: icmp_seq=3 ttl=63 time=0.515 ms
  6. 64 bytes from 192.168.100.2: icmp_seq=4 ttl=63 time=0.460 ms
  7. 64 bytes from 192.168.100.2: icmp_seq=5 ttl=63 time=0.283 ms
  8. 64 bytes from 192.168.100.2: icmp_seq=6 ttl=63 time=0.390 ms
  9. 64 bytes from 192.168.100.2: icmp_seq=7 ttl=63 time=0.720 ms
  10. 64 bytes from 192.168.100.2: icmp_seq=8 ttl=63 time=0.371 ms
  11. ^C
  12. --- 192.168.100.2 ping statistics ---
  13. 8 packets transmitted, 8 received, 0% packet loss, time 7002ms
  14. rtt min/avg/max/mdev = 0.283/0.459/0.720/0.122 ms
  15. [root@vm2 ~]# 
  16. [root@33e15cf4b0af /]# ping 192.168.100.2
  17. PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
  18. 64 bytes from 192.168.100.2: icmp_seq=1 ttl=62 time=0.329 ms
  19. 64 bytes from 192.168.100.2: icmp_seq=2 ttl=62 time=0.995 ms
  20. 64 bytes from 192.168.100.2: icmp_seq=3 ttl=62 time=0.404 ms
  21. 64 bytes from 192.168.100.2: icmp_seq=4 ttl=62 time=0.841 ms
  22. ^C
  23. --- 192.168.100.2 ping statistics ---
  24. 4 packets transmitted, 4 received, 0% packet loss, time 3004ms
  25. rtt min/avg/max/mdev = 0.329/0.642/0.995/0.282 ms
  26. [root@33e15cf4b0af /]#