Docker+openvswitch Building Vxlan Experimental environment

I. Overview

1. Environment: I am here 2 Linux machines (Host1 and Host2), the release version is kali2.0, the kernel version is 4.3. Each machine is equipped with Docker,openvswitch(OVS).

2.host1 and Host2 launch 1 ubuntu docker containers respectively.

3. Network structure:

2.1:host1 eth0:192.168.2.1, host1 the Docker container IP address is 10.1.2.3

2.2:host2 eth0:192.168.2.2, host2 the Docker container IP address is 10.1.2.4

The eth0 of 2.3:host1 and host2 can be ping-through.

4. The goal is to establish a vxlan tunnel between Docker containers of 2 different host hosts so that they can communicate !

Two. Install the basic software

1. Install Docker and get Ubuntu image

1 sudo Install Docket.io 2 sudo Docker pull Ubuntu

2. Installing the Docker auxiliary scripts for Openvswitch and OvS

1 sudo The install openvswitch-switc2//Openvswitch Project provides support scripts for Docker containers Ovs-docker  3wget https://Github.com/openvswitch/ovs/raw/master/utilities/ovs-docker  4chmod a+x ovs-docker

Three. Configuration

1. Create a virtual bridge with OvS above Host1 and give the bridge an IP

1 sudo ovs-vsctl add-br vxbr2sudoifconfig10.1. 2.1/24

2. Add a Vxlan type port to the bridge, and Remote_ip is the eth0 address of HOST2 !!!

1 sudo ovs-vsctl add-port vxbr Vxlan-set interface Vxlan Type=vxlan options:remote_ip= 192.168. c14>2.2

3. Start a Docker container with no Ethernet card

1 sudo Docker run--net=none--privileged=true -it Ubuntu

And note the ID of this container, and here I am:b062406bc6b6. At this point in the container ifconfig can only see a lo device.

4. Assign a eth0 to the container machine and bind to the VXBR Bridge of the host

1 sudo B062406bc6b6

At this point back to the container, Ifconfig will see the emergence of a eht0. Give it an IP:

1 ifconfig 10.1. 2.3/

5. View OvS Configuration

1 sudo ovs-vsctl Show

We can see that there are 3 ports on the VXBR Bridge, one is the port that communicates with native (here is the eth0 of this machine), one is the port of Vxlan, the last one is the eth0 of the Docker container machine.

Host2 configuration is similar to the above, the Host2 virtual bridge VXBR changed to 10.1.2.2/24,vxlan Remote_ip changed to host1 the 192.168.2.1,host2 of the Docker container machine IP changed to 10.1.2.4/24

Four. Verification

The network structure at this time:

Host1 's eth0:192.168.2. 1, Virtual Bridge vxbr:10.1.2. 1, the eth0:10.1.2 of the Docker container machine. 3. The eth0 of the Docker container is plugged into the virtual bridge VXBR of the host host1.

Host2 's eth0:192.168.2. 2, Virtual Bridge vxbr:10.1.2. 2, the eth0:10.1.2 of the Docker container machine. 4. The eth0 of the Docker container is plugged into the virtual bridge VXBR of the host host2.

Ping Host2 's Docker container machine in the Host1 Docker container machine,Wireshark grab the bag :

You can see that the communication between the container machine is encapsulated in a UDP message , and this UDP communication is forwarded through the eth0 of Host1 and Host2.

Docker+openvswitch Building Vxlan Experimental environment