CENTOS7 installation of Docker (15.3 cross-host network-macvlan)

In addition to Ovrlay,docker has developed another driver:macvlan that supports cross-host containers

Macvlan itself is the Linu kernel module, its function is to allow the same physical network card configured with more MAC address, that is: multiple interface, each interface can configure their own IP. Macvlan itself is a network card virtualization technology, Docker with Macvlan to implement the container network is not surprising

the biggest advantage of Macvlan is the excellent performance, compared to other scenarios, Macvlan does not need to create a Linux bridge, but directly through the Ethernet interface connected to the physical network .

Prepare the lab environment:

We will create Macvlan using separate NIC ens192 and ens160 on Docker1 and Docker2. To ensure that multiple MAC address network packets can be passed from ens190 or ens160, we need to turn on the NIC promiscuous mode

Because the Docker1 number Docker2 is a virtual machine, set promiscuous mode in the NIC configuration options

The current test environment is as follows: Theft map

Create a Macvlan network

Docker network create-d Macvlan--subnet 192.168.2.1/24--gateway 192.168.2.1-o parent=ens160 Macnet1

Note: Macvlan network is the local network, in order to ensure that cross-host communication, users need to manage their own IP subnet

Unlike other networks, Docker does not create a gateway for the Macvlan network, where the gateway should be real, or the route will not pass

-O parent Specifies the network interface to use

The same command is also executed in Docker2: Docker network create-d macvlan--subnet 192.168.2.1/24--gateway 192.168.2.1-o parent=ens160 Macnet1

Running the container in Docker1

Docker network create-d Macvlan--subnet 192.168.2.1/24--gateway 192.168.2.1-o parent=ens160 Macnet1

Perform the same operation in Docker2:

Verify the connectivity of the MAC1 on the Docker1 to the MAC2 on the Docker2

The containers between the two different hosts can ping each other, but the host name of the container cannot be resolved, and Docker does not provide DNS services for Macvlan, which is different from overlay

Note: Macvlan is a real network in physics, Macvlan is actually the sub-interface of our commonly used NIC, similar to: eth0:1

MACVLAN Network Structure Analysis:

Macvlan does not rely on Linux Bridge,brctl Show can confirm that Macvlan did not create a new bridge

Check the network device for the container MAC1:

In addition to Lo, the container has only one eth0, please note: Eth0 is also followed by @if2, indicating that the NIC has a corresponding interface, the global number is 2,. According to the principle of macvlan, we suspect that this interface is ens192,

Confirm as follows:

As can be seen, the eth0 of the container is ens192 through Macvlan virtual interface. The interface of the container is directly connected to the host's NIC, which means that the container can communicate directly with the external network without NAT and port mapping (as long as there is a gateway) there is no difference from other independent hosts on the network

Current network:

CENTOS7 installation of Docker (15.3 cross-host network-macvlan)