1. Install 3 CENTOS7 Linux virtual machines,
The public network is: 114.112.62.75,114.112.62.76,114.112.62.77
Private nets are: 192.168.1.4, 192.168.1.5, 192.168.1.6
2. Install Openvswitch 2.5 on 3 machines.
Based on the Openvswitch document build RPM package, then on each machine yum localinstall rpm
3. Install Docker,yum installed Docker on 3 machines.
4. On 3 machines yum install iptables-services.
5. Configuring the Openvswitch Environment
For example, on the 192.168.1.4:
Ovs-vsctl ADD-BR Br-int
Ovs-vsctl ADD-BR Br-tun
IP link Add br-int-pair type Veth peer name Br-tun-pair
IP link Set br-int-pair up
IP link Set br-tun-pair up
Ovs-vsctl Add-port Br-int Br-int-pair
Ovs-vsctl Add-port Br-tun Br-tun-pair
IP link Add vnic0 type Veth peer name Vnic0-br-int
IP link Set vnic0 up
IP link Set vnic0-br-int up
Ovs-vsctl Add-port Br-int Vnic0-br-int
Ifconfig vnic0 10.0.0.1/24
IP link Add vnic1 type Veth peer name Vnic1-br-int
IP link Set vnic1 up
IP link Set vnic1-br-int up
Ovs-vsctl Add-port Br-int Vnic1-br-int
Ifconfig Vnic1 10.0.1.1/24
Ovs-vsctl Set Port vnic0-br-int tag=1
Ovs-vsctl Set Port vnic1-br-int tag=2
Ovs-vsctl add-port Br-tun vxlan0--set Interface vxlan0 type=vxlan options:local_ip=192.168.1.4 options:in_key=flow Opti ons:remote_ip=192.168.1.5 Options:out_key=flow
Ovs-vsctl add-port Br-tun vxlan1--set Interface vxlan1 type=vxlan options:local_ip=192.168.1.4 options:in_key=flow Opti ons:remote_ip=192.168.1.6 Options:out_key=flow
6. Configure the flow table on the Br-tun:
Ovs-ofctl del-flows Br-tun
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 in_port=1 actions=resubmit (, 1)"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 in_port=2 actions=resubmit (, 3)"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 in_port=3 actions=resubmit (, 3)"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=0 Actions=drop"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=1 dl_dst=00:00:00:00:00:00/ 01:00:00:00:00:00 Actions=resubmit (, 20) "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=1 dl_dst=01:00:00:00:00:00/ 01:00:00:00:00:00 Actions=resubmit (, 21) "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=2 actions=drop"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=3 tun_id=0x1 actions=mod_vlan_vid:1,resubmit (, 10) "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=3 tun_id=0x2 actions=mod_vlan_vid:2,resubmit (, 10) "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=3 actions=drop"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=10 Actions=learn (table=20,priority=1,hard_ Timeout=300,nxm_of_vlan_tci[0..11],nxm_of_eth_dst[]=nxm_of_eth_src[],load:0->nxm_of_vlan_tci[],load:nxm_nx_ Tun_id[]->nxm_nx_tun_id[],output:nxm_of_in_port[]), output:1 "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=20 actions=resubmit (, 21)"
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=21 dl_vlan=1 actions=strip_vlan,set_tunnel:0 X1,output:2,output:3 "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=21 dl_vlan=2 actions=strip_vlan,set_tunnel:0 X2,output:2,output:3 "
Ovs-ofctl add-flow Br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=21 actions=drop"
Ovs-ofctl dump-flows Br-tun
7. Start two docker:container1,container2 on 114.112.62.75,114.112.62.76
Docker Pull CentOS
Docker RUN-ITD--name=container1--net=none Centos/bin/bash
Docker RUN-ITD--name=container2--net=none Centos/bin/bash
Check the PID of two container:
Docker Inspect--format "{{. State.pid}} "Container1
62323
Docker Inspect--format "{{. State.pid}} "Container2
62390
Move the Vnic0,vnic1 to two Docker, respectively:
IP link set vnic0 netns 62323
IP link set vnic1 netns 62390
IP link Set vnic0-br-int up
IP link Set vnic1-br-int up
Nsenter-t 62323-n IP addr add 10.0.0.1/24 dev vnic0
NSENTER-T 62323-n IP link set vnic0 up
Nsenter-t 62390-n IP addr add 10.0.1.1/24 dev Vnic1
NSENTER-T 62390-n IP link set vnic1 up
8. Modify the Iptables,/etc/sysconfig/iptables of 3 machines and restart the iptables.
9. On the 114.112.62.75, set up a virtual router.
Set up gateways in other machines ' Docker
For example: on Machine 76,
Docker Attach Container1
IP route add default via 10.0.0.1
To Machine 77,
Docker Attach Container1
IP route add default via 10.0.0.1
Test the routing does not pass, Ping, two network segments of the route all pass.
Add an IP to the ens256:
IP addr Add 172.10.0.101/24 dev ens256
Add three rules to iptables:
Iptables-t nat-a output-d 172.10.0.101/32-j DNAT--to-destination 10.0.0.2
Iptables-t nat-a prerouting-d 172.10.0.101/32-j DNAT--to-destination 10.0.0.2
Iptables-t nat-a postrouting-s 10.0.0.2/32-j SNAT--to-source 172.10.0.101
Implement a cross-host Docker network environment and network control nodes