1. Current environment
[root@vm1 ~]# ovs-vsctl show c152c245-2f6c-478c-9c07-2e4a3c7a2403 [root@vm1 ~]# cat /proc/sys/net/ipv4/ip_forward 0 [root@vm1 ~]# iptables -t nat -F [root@vm1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.19.0.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.19.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
To install ovs, please refer to Install ovs on Centos
2. Simulate docker with ovs
Add an ovs bridge br0 and configure ip to 192.168.1.250/24
[root@vm1 ~]# ovs-vsctl add-br br0 [root@vm1 ~]# ovs-vsctl show c152c245-2f6c-478c-9c07-2e4a3c7a2403 Bridge "br0" Port "br0" Interface "br0" type: internal ovs_version: "2.5.1" [root@vm1 ~]# ifconfig br0 192.168.1.250/24 [root@vm1 ~]# ifconfig br0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.250 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::c0b6:92ff:fe4d:7649 prefixlen 64 scopeid 0x20<link> ether c2:b6:92:4d:76:49 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 8 overruns 0 frame 0 TX packets 6 bytes 508 (508.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Create a network namespace ns1, create a pair of veths as veth0 and veth1, add veth0 to br0, add veth1 to ns1, and configure ip for ns1 as 192.168.1.1/24.
// Create a network namespace ns1 [root@vm1 ~]# ip netns add ns1 // Create a veth pair (veth0 and veth1) [root@vm1 ~]# ip link add veth0 type veth peer name veth1 // Add veth0 to br0 [root@vm1 ~]# ip link set veth0 up [root@vm1 ~]# ovs-vsctl add-port br0 veth0 [root@vm1 ~]# ovs-vsctl show c152c245-2f6c-478c-9c07-2e4a3c7a2403 Bridge "br0" Port "veth0" Interface "veth0" Port "br0" Interface "br0" type: internal ovs_version: "2.5.1" [root@vm1~]# // Add veth1 to ns1 [root@vm1 ~]# ip link set veth1 netns ns1 // Set veth1 ip and br0 to be the same network [root@vm1 ~]# ip netns exec ns1 ip addr add 192.168.1.1/24 dev veth1 [root@vm1 ~]# ip netns exec ns1 ip link set veth1 up [root@vm1 ~]# ip netns exec ns1 ip link set lo up // ping br0 in ns1 succeeds [root@vm1 ~]# ip netns exec ns1 ping -c 1 192.168.1.250 PING 192.168.1.250 (192.168.1.250) 56(84) bytes of data. 64 bytes from 192.168.1.250: icmp_seq=1 ttl=64 time=0.392 ms --- 192.168.1.250 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.392/0.392/0.392/0.000 ms
Add routing to ns1
[root@vm1 ~]# ip netns exec ns1 route add default gw 192.168.1.250 [root@vm1 ~]# ip netns exec ns1 ping -c 1 172.19.0.12 PING 172.19.0.12 (172.19.0.12) 56(84) bytes of data. 64 bytes from 172.19.0.12: icmp_seq=1 ttl=64 time=0.224 ms --- 172.19.0.12 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.224/0.224/0.224/0.000 ms
3. ovs-docker
3.1 Configuration
[root@vm1 ~]# docker version Client: Version: 18.09.6 [root@vm1 ~]# docker run -d --name con1 --net=none busybox top [root@vm1 ~]# docker exec -it con1 ifconfig lo Link encap:Local Loopback inet addr: 127.0.0.1 Mask: 255.0.0.0 UP LOOPBACK RUNNING MTU: 65536 Metric: 1 RX packets:0 errors:0 dropped:0 overruns:0 frames:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions: 0 txqueuelen: 1000 RX bytes: 0 (0.0 B) TX bytes: 0 (0.0 B) // At this time, use ovs-docker to set the container ip address to 192.168.1.2/24 and the gateway to 192.168.1.250 [root@vm1 ~]# ovs-docker add-port br0 eth0 con1 --ipaddress=192.168.1.2/24 --gateway=192.168.1.250 [root@vm1 ~]# docker exec -it con1 ifconfig eth0 Link encap:Ethernet HWaddr 56:39:36:6A:B0:61 inet addr: 192.168.1.2 Bcast: 0.0.0.0 Mask: 255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions: 0 txqueuelen: 1000 RX bytes: 578 (578.0 B) TX bytes: 0 (0.0 B) lo Link encap:Local Loopback inet addr: 127.0.0.1 Mask: 255.0.0.0 UP LOOPBACK RUNNING MTU: 65536 Metric: 1 RX packets:0 errors:0 dropped:0 overruns:0 frames:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions: 0 txqueuelen: 1000 RX bytes: 0 (0.0 B) TX bytes: 0 (0.0 B) [root@vm1 ~]# docker exec -it con1 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.250 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 [root@vm1 ~]# ovs-vsctl show c152c245-2f6c-478c-9c07-2e4a3c7a2403 Bridge "br0" Port "veth0" Interface "veth0" Port "7506959a37594_l" Interface "7506959a37594_l" Port "br0" Interface "br0" type: internal ovs_version: "2.5.1" [root@vm1 ~]#
From the above results, we can know that what ovs-docker does is 2. Use ovs to simulate what is done in docker. To put it bluntly, it is a collection of some shell
commands.
3.2 Testing
// visit br0 [root@vm1 ~]# docker exec -it con1 ping -c 1 192.168.1.250 PING 192.168.1.250 (192.168.1.250): 56 data bytes 64 bytes from 192.168.1.250: seq=0 ttl=64 time=3.972 ms --- 192.168.1.250 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.972/3.972/3.972 ms // access ns1 [root@vm1 ~]# docker exec -it con1 ping -c 1 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: seq=0 ttl=64 time=3.751 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.751/3.751/3.751 ms // access local ip [root@vm1 ~]# docker exec -it con1 ping -c 1 172.19.0.12 PING 172.19.0.12 (172.19.0.12): 56 data bytes 64 bytes from 172.19.0.12: seq=0 ttl=64 time=4.743 ms --- 172.19.0.12 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 4.743/4.743/4.743 ms // Access another machine vm2 [root@vm1 ~]# docker exec -it con1 ping -c 1 172.19.0.8 PING 172.19.0.8 (172.19.0.8): 56 data bytes 64 bytes from 172.19.0.8: seq=0 ttl=63 time=3.829 ms --- 172.19.0.8 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 3.829/3.829/3.829 ms // access the internet [root@vm1 ~]# docker exec -it con1 ping -c 1 www.baidu.com PING www.baidu.com (119.63.197.151): 56 data bytes 64 bytes from 119.63.197.151: seq=0 ttl=49 time=50.983 ms --- www.baidu.com ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 50.983/50.983/50.983 ms
Access con1 from ns1
[root@vm1 ~]# ip netns exec ns1 ping -c 1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.230 ms --- 192.168.1.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.230/0.230/0.230/0.000 ms [root@vm1 ~]#
Learning address: Dpdk/network protocol stack/vpp/OvS/DDos/NFV/virtualization/high performance expert (free subscription, permanent learning)
[Article benefits] Need more DPDK/SPDK learning materials to add group 793599096 (materials include C/C++, Linux, golang technology, kernel, Nginx, ZeroMQ, MySQL, Redis, fastdfs, MongoDB, ZK, CDN, P2P, K8S , Docker, TCP/IP, Coroutine, DPDK, Dachang interview questions, etc.) You can add your own learning and exchange groups by clicking here~
If the ovs-docker configuration is unsuccessful, you can add --privileged=true
when creating the container.
3.3 Principle of ovs-docker
Source code visit http://github.com/openvswitch/ovs/raw/master/utilities/ovs-docker
... add_port() { BRIDGE="$1" INTERFACE="$2" CONTAINER="$3" if [ -z "$BRIDGE" ] || [ -z "$INTERFACE" ] || [ -z "$CONTAINER" ]; then echo > & amp;2 "$UTIL add-port: not enough arguments (use --help for help)" exit 1 the fi shift 3 while [ $# -ne 0 ]; do case $1 in --ipaddress=*) ADDRESS=`expr X"$1" : 'X[^=]*=\(.*\)'` shift ;; --macaddress=*) MACADDRESS=`expr X"$1" : 'X[^=]*=\(.*\)'` shift ;; --gateway=*) GATEWAY=`expr X"$1" : 'X[^=]*=\(.*\)'` shift ;; --mtu=*) MTU=`expr X"$1" : 'X[^=]*=\(.*\)'` shift ;; *) echo > & amp;2 "$UTIL add-port: unknown option "$1"" exit 1 ;; esac done # Check if a port is already attached for the given container and interface PORT=`get_port_for_container_interface "$CONTAINER" "$INTERFACE" \ 2>/dev/null` if [ -n "$PORT" ]; then echo > & amp;2 "$UTIL: Port already attached" \ "for CONTAINER=$CONTAINER and INTERFACE=$INTERFACE" exit 1 the fi if ovs_vsctl br-exists "$BRIDGE" || \ ovs_vsctl add-br "$BRIDGE"; then :; else echo > & amp;2 "$UTIL: Failed to create bridge $BRIDGE" exit 1 the fi if PID=`docker inspect -f '{<!-- -->{.State.Pid}}' "$CONTAINER"`; then:; else echo > & amp;2 "$UTIL: Failed to get the PID of the container" exit 1 the fi create_netns_link # Create a veth pair. ID=`uuidgen | sed 's/-//g'` PORTNAME="${ID:0:13}" ip link add "${PORTNAME}_l" type veth peer name "${PORTNAME}_c" # Add one end of veth to OVS bridge. if ovs_vsctl --may-exist add-port "$BRIDGE" "${PORTNAME}_l" \ -- set interface "${PORTNAME}_l" \ external_ids:container_id="$CONTAINER" \ external_ids:container_iface="$INTERFACE"; then :; else echo > & amp;2 "$UTIL: Failed to add "${PORTNAME}_l" port to bridge $BRIDGE" ip link delete "${PORTNAME}_l" exit 1 the fi ip link set "${PORTNAME}_l" up # Move "${PORTNAME}_c" inside the container and changes its name. ip link set "${PORTNAME}_c" netns "$PID" ip netns exec "$PID" ip link set dev "${PORTNAME}_c" name "$INTERFACE" ip netns exec "$PID" ip link set "$INTERFACE" up if [ -n "$MTU" ]; then ip netns exec "$PID" ip link set dev "$INTERFACE" mtu "$MTU" the fi if [ -n "$ADDRESS" ]; then ip netns exec "$PID" ip addr add "$ADDRESS" dev "$INTERFACE" the fi if [ -n "$MACADDRESS" ]; then ip netns exec "$PID" ip link set dev "$INTERFACE" address "$MACADDRESS" the fi if [ -n "$GATEWAY" ]; then ip netns exec "$PID" ip route add default via "$GATEWAY" the fi } ...
It is easy to see that this method is the operation process of ovs-docker just now, which is basically 2. Using ovs to simulate docker with some judgments added.
4. Reference
1. https://blog.csdn.net/silvester123/article/details/80867168
2. https://blog.csdn.net/yeya24/article/details/79829240
Reposted from: https://www.jianshu.com/p/0237e9fec