Kubernetes Integrated Calico Network

Last Update:2017-01-25 Source: Internet

Author: User

Tags reflector

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1. Physical Environment 172.16.0.55 k8s1  master172.16.0.57 k8s2  node172.16.0.47 k8s3   node[[email protected] ~]# docker ps |grep pera394542f2340         alectolytic/netperf:latest                                      "sleep 36000000"           16 hours ago        Up 16  hours                              k8s_netperf.468d5a53_ netperf-903608992-kbdqx_default_fe8c2f70-e21a-11e6-9e5d-0025904aabd6_101520d3c951205fcdb5         gcr.io/google_containers/pause-amd64:3.0                       "/pause"                   16 hours ago         Up 16 hours                              k8s_ pod.d8dbe16c_netperf-903608992-kbdqx_default_fe8c2f70-e21a-11e6-9e5d-0025904aabd6_cdb8ccde6be27d13d319         networkstatic/iperf3:latest                                     "sleep 3600000"            16 hours ago        up 16 hours                               k8s_iperf3.77255c12_iperf3-225180425-dkqlp_default_ 8586bf7c-e217-11e6-9e5d-0025904aabd6_2d2f3f610911410b49ff         gcr.io/google_containers/pause-amd64:3.0                       "/pause"                   16 hours ago         Up 16 hours                               k8s_pod.d8dbe16c_iperf3-225180425-dkqlp_default_8586bf7c-e217-11e6-9e5d-0025904aabd6_c86ee5f0[[email protected] ~]# [[email protected]  ~]# docker inspect 6be27d13d319|grep Pid              "Pid": 21333,              "Pidmode":  ",            " Pidslimit ":  0,[[email protected] ~]# [[email protected] ~]# mkdir /var /run/netnetreport/ net-snmp/  [[email protected] ~]# mkdir /var/run/netns[[ Email protected] ~]# [[email protected] ~]# ln -s /proc/21333/ns/net  /var/run/netns/6be27d13d319[[email protected] ~]# ip netns6be27d13d319  (ID: &NBSP;4) [[EMAIL&NBSP;PROTECTED]&NBSP;~]#&NBSP;IP&NBSP;NETNS&NBSP;EXEC&NBSP;6BE27D13D319&NBSP;IP&NBSP;ADDR1:  lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state unknown      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet  127.0.0.1/8 scope host lo       valid_lft forever  preferred_lft forever    inet6 ::1/128 scope host         valid_lft forever preferred_lft forever3: [email  Protected]: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state  UP     link/ether b2:2f:eb:0f:9d:04 brd ff:ff:ff:ff:ff:ff  link-netnsid 0    inet 192.168.167.84/32 scope global eth0        valid_lft forever preferred_lft forever     inet6 fe80::b02f:ebff:fe0f:9d04/64 scope link        valid_lft forever  Preferred_lft foreveryou have mail in /var/spool/mail/root[[email protected]  ~]# [[email protected] ~]# ip netns exec 6be27d13d319 tcpdump  -i any icmp tcpdump: verbose output suppressed, use -v or  -vv for full protocol decode

[[Email protected] ~]# ip netns exec 6be27d13d319 ip addr1: lo:  <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo       valid_lft  forever preferred_lft forever    inet6 ::1/128 scope host         valid_lft forever preferred_lft forever3:  [email protected]: <broadcast,multicast,up,lower_up> mtu 1500 qdisc  NOQUEUE&NBSP;STATE&NBSP;UP&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;LINK/ETHER&NBSP;B2:2F:EB:0F:9D:04&NBSP;BRD&NBSP;FF:FF: Ff:ff:ff:ff link-netnsid 0    inet 192.168.167.84/32 scope global  eth0  &nbSp;    valid_lft forever preferred_lft forever    inet6  fe80::b02f:ebff:fe0f:9d04/64 scope link        valid_ Lft forever preferred_lft forever[[email protected] ~]# [[email protected]  ~]# ip netns exec 6be27d13d319 ethtool -s eth0nic statistics:      peer_ifindex: 29[[email protected] ~]# [[email  protected] ~]# ip route default via 172.16.0.254 dev enp1s0f0   proto static  metric 100 172.16.0.0/24 dev enp1s0f0  proto  kernel  scope link  src 172.16.0.57  metric 100  172.17.0.0/16 dev docker0  proto kernel  scope link  src  172.17.0.1 192.168.23.192/26 via 172.16.0.49 dev enp1s0f0  proto bird 192.168.86.0/26 via  172.16.0.55 dev enp1s0f0  proto bird blackhole 192.168.167.64/26   proto bird 192.168.167.84 dev caliab5c3cbfda4  scope link  192.168.167.85 dev caliec347e5f7b0  scope link 192.168.167.87 dev  Cali59ee912b1e2  scope link 192.168.167.124 dev calia1345165869  scope  link 192.168.167.125 dev calif8ea0c0f011  scope link [[email  protected] ~]# [[email protected] ~]# ip addr2: enp1s0f0: < broadcast,multicast,up,lower_up> mtu 1500 qdisc mq state up qlen  1000    link/ether 00:25:90:4a:ad:ea brd ff:ff:ff:ff:ff:ff     inet 172.16.0.57/24&nbSp;brd 172.16.0.255 scope global enp1s0f0       valid_ LFT&NBSP;FOREVER&NBSP;PREFERRED_LFT&NBSP;FOREVER&NBSP;&NBSP;&NBSP;&NBSP;INET6&NBSP;2001:470:FB3C:0:225:90FF: fe4a:adea/64 scope global mngtmpaddr dynamic        &NBSP;VALID_LFT&NBSP;2455832SEC&NBSP;PREFERRED_LFT&NBSP;468632SEC&NBSP;&NBSP;&NBSP;&NBSP;INET6&NBSP;FE80: :225:90ff:fe4a:adea/64 scope link        valid_lft  forever preferred_lft forever4: docker0: <no-carrier,broadcast,multicast,up>  MTU&NBSP;1500&NBSP;QDISC&NBSP;NOQUEUE&NBSP;STATE&NBSP;DOWN&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;LINK/ETHER&NBSP;02:42: ae:fa:da:33 brd ff:ff:ff:ff:ff:ff    inet 172.17.0.1/16 scope  global docker0       valid_lft forever preferred_lft  Forever5: [email protected]: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state  up     link/ether ce:b2:25:23:f9:87 brd ff:ff:ff:ff:ff:ff  link-netnsid 0    inet6 fe80::ccb2:25ff:fe23:f987/64 scope link         valid_lft forever preferred_lft forever6: [email  protected]: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue &NBSP;STATE&NBSP;UP&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;LINK/ETHER&NBSP;DE:81:BC:83:0D:B5&NBSP;BRD&NBSP;FF:FF:FF:FF: FF:FF&NBSP;LINK-NETNSID&NBSP;1&NBSP;&NBSP;&NBSP;&NBSP;INET6&NBSP;FE80::d c81:bcff:fe83:db5/64 scope  LINK&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;VALID_LFT&NBSP;FOREVER&NBSP;PREFERRED_LFT&NBSP;FOREVER29:  [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc  Noqueue state up     link/ether 76:b0:6b:12:ef:4d brd ff:ff:ff:ff:ff:ff  link-netnsid 4    inet6 fe80::74b0:6bff:fe12:ef4d/64 scope link         valid_lft forever preferred_lft forever

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/8D/1C/wKioL1iIHIbQ9DbQAAFT_hOZy8E651.png "title=" 1.png " alt= "Wkiol1iihibq9dbqaaft_hozy8e651.png"/>

Use the following two containers as examples to illustrate container communication across host nodes

IPERF3-225180425-00PSW (Container 1) 192.168.23.194 k8s3

IPERF3-225180425-DKQLP (Container 2) 192.168.167.84 k8s2

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8D/1C/wKioL1iIHLjjTgaqAAA9wfnhVv4549.png "title=" 1.png " alt= "Wkiol1iihljjtgaqaaa9wfnhvv4549.png"/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/8D/1F/wKiom1iIHOOQt4vBAAAPucCxTKU662.png "title=" 1.png " alt= "Wkiom1iihooqt4vbaaapuccxtku662.png"/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/8D/1F/wKiom1iIHO6znZGaAAAjRWgr_Bg849.png "title=" 2.png " alt= "Wkiom1iiho6znzgaaaajrwgr_bg849.png"/>

Peer-to-peer physical host

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/8D/1C/wKioL1iIHRzyCcbmAAAd-uBW9OU676.png "title=" 1.png " alt= "Wkiol1iihrzyccbmaaad-ubw9ou676.png"/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/8D/1C/wKioL1iIHSfBlCnvAABhedurkvE086.png "title=" 2.png " alt= "Wkiol1iihsfblcnvaabhedurkve086.png"/>

Calico Architecture

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/8D/1F/wKiom1iIHU_BZ5tjAAD_a84zAgk188.png "title=" 1.png " alt= "Wkiom1iihu_bz5tjaad_a84zagk188.png"/>

Felix,Calico Agent, runs on each node that needs to run Workload , and is primarily responsible for configuring routing and ACLs and other information to ensure the connectivity of Endpoint;

ETCD, distributed key-value storage, mainly responsible for network metadata consistency, to ensure The accuracy of Calico network status;

BGP Client(BIRD), primarily responsible for writing Felix to Kernel Routing information to the current Calico Network to ensure the effectiveness of communication between the Workload ;

BGP Route Reflector(BIRD), used in large-scale deployments, abandons the mesh mode of all nodes interconnection , through one or more BGP Route Reflector to complete the centralized routing distribution.

[[email protected] ~]# calicoctl config get ASNumber

64512

[[email protected] ~]# calicoctl config get Nodetonodemesh

[Email protected] ~]# calicoctl node status

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/8D/1C/wKioL1iIHX6jCNDeAAAavuukWzY685.png "title=" 1.png " alt= "Wkiol1iihx6jcndeaaaavuukwzy685.png"/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/8D/1F/wKiom1iIHYuiVcFTAADTUdWPQ0Q690.png "title=" 2.png " alt= "Wkiom1iihyuivcftaadtudwpq0q690.png"/>

This article from "Thick tak" blog, declined reprint!

Kubernetes Integrated Calico Network

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More