Docker Network Infrastructure---Docker access to traffic across host containers

The Docker containers under the same host are mutually connected by default. The IP address can be viewed by Docker inspect ID or name. Ping can be ping in a container that does not pass.

But we found by observation that each boot container's IP address is not fixed, so if we use IP address to achieve interconnection is obviously not reliable. But we found that these IP is in the same network segment and the default is 127.0.0.X, this is the Docker container default across the host of the method of linking the first: Network Bridge implementation

Running the ifconfig command on the Docker host can be seen in the presence of a DOCKER0 network bridge. Docker container through the Docker0 Bridge to achieve the same host, the container IP address allocation and access, so if you want to Docker access across the host, the simplest way is to set the Docker0 of different hosts to the same network segment.

This is how the overall network topology is structured:

However, with this bridging, all network cards are under one network segment, so the allocation of IP to each Docker daemon is limited:

Here, we'll implement this structure:

Two sets of Ubuntu IP:

host1:10.211.55.3 Network card: eth0

host2:10.211.55.5 Network card eth1

Gateway: 10.211.55.1

The Division of the container IP:

Host1:10.211.55.64/26

Address range: 10.211.55.65~10.211.55.126

Host2:10.211.55.128/26

Address range: 10.211.55.129~10.211.55.190

Action required:

The following, to Host1 as an example, Host2 operation similar, but the name of the network card is not the same, I am here, no we do not use the default Docker0 Network Bridge, but their own new network bridge:

Virtual Bridge is established on the Docker host, respectively:

Host1: $ sudo brctl addbr br0

Assigning a network segment IP to a bridge

Host1: $ sudo ifconfig br0 10.211.55.10 netmask 255.255.255.0

Host2: $ sudo ifconfig br0 10.211.55.20 netmask 255.255.255.0

Bridge Local network card:

Host1: $ sudo brctl addif br0 eth0

Here, we're ready for the bridge setup

Let's modify the configuration of the Docker and use our new bridge to replace Docker0:

modifying/etc/default/docker files

$sudo Vim/etc/default/docker

To add a daemon's startup options:

host1:docker_opts= "-b=br0–fixed-cidr= ' 10.211.55.64/26 '"

host2:docker_opts= "-b=br1–fixed-cidr= ' 10.211.55.128/26 '"
　　
Here, the bridge name used to specify the container connection

–fixed-cidr used to qualify the range of IP addresses assigned to a container

Save file and restart Docker service

$ sudo service docker restart
　　
Below, you can verify that:

1. Start a container on the two host, respectively

$ docker run-it Ubuntu/bin/bash
　　
2. Run the ping command in the container to see if the connection is found to be interoperable.

Docker cross-host container link method two: Open VSwitch
Abbreviation OvS is a virtual exchange software. The goal is to allow large-scale network automation to be extended programmatically.

Let's take a look at the conditions for connecting this way:
1. Dual Nic, Host-only & NAT
2. Install open Vswitch:apt-get Install Openvswitch-switch

Operation steps: 1. Establish the OvS Network bridge in the virtual Machine 2. Add GRE Connection 3. Configure Docker container Virtual Bridge 4. Add OvS interface 5 for Virtual Bridge. Adding different Docker container Network segment routes

Some of the specific commands to be implemented are as follows:
For 10.211.55.3 settings

sudo ovs-vsctl show  #ovs状态
sudo add-br obr0  #增加ovs网桥名为obr0
sudo ovs-vsctl add-port obr0 gre0< c4/># adds GRE interface named Obr0
sudo ovs-vsctl set interface gre0 type=gre options:remote_ip=10.211.55.5 
 # Set interface Specifies the link type is GRE and specifies the remote link IP
sudo ovs-vsctl show  
   #接下来设计本机docker网桥
sudo brctl addbr br0  
sudo ifconfig Br0 10.211.55.1 netmask 255.255.255.0 sudo brctl addif the br0 obr0#  
for local network Bridge settings OvS Bridge link  
sudo brctl show  
   # Finally set to Docker Bridge Br0
   #这样本机就可以链接10.211.55.5

For 10.211.55.5 to Unicom 10.221.55.3 only need to set the routing table to:

Route  
sudo ip route add 10.211.55.0/24 via 10.211.55.5 Dev eth0  

Docker cross-host container link method three: Weave

Create a virtual network to connect the Docker containers running on different hosts.
The conditions required to implement this approach are as follows:
Dual Nic, Host-only & NAT
host1:10.0.2.6
host2:10.0.2.8
Application Container 1:192.168.0.2/24 on host1
Application Container 1:192.168.0.3/24 on Host2
Both Docker and weave are installed on both machines, and all the weave routing containers are started
An application container is started on both machines. You can use the Weave Run command directly, or you can use Docker run to start a good container, and then use the Weave attach command to bind the container to the IP address

After the Weava is installed, the binding is performed:
Among the 10.0.2.6:

c2=$ (Weava run 192.168.0.2/24-ti ubuntu/bin/bash)
in the network segment of the Weava launch 10.0.2.8 #配置docker处于192.168.0.2/24 Docker Attach $c 2

After the method is done as above, the container inside the host is usually all linked successfully, but it is generally not safe to do so:

We use –link to configure-icc=false (reject all links to the container) and –iptables=true (to boot host firewall rules) in/etc/default/docker. –link container Name: the alias you define