OpenvSwitch enables interconnection between Docker containers and hosts

OpenvSwitch enables interconnection between Docker containers and hosts

1. Introduction to OpenvSwitch

Open vSwitch (OVS) is a virtual switch dominated by Nicira Networks that runs on a virtualization platform (such as KVM and Xen. On the virtualization platform, OVS can provide a layer-2 switching function for dynamically changing endpoints to control access policies, network isolation, and traffic monitoring in virtual networks. The main implementation code is the portable C code.

It aims to enable large-scale network automation to be extended through programming, while still supporting standard management interfaces and protocols (such as NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag ). In addition, it is designed to support distributed environments that span multiple physical servers, similar to vmware's vmnetwork distributed switch or cisconexus 1000 v. Open vSwitch supports multiple Linux virtualization protocols, including Xen/Xen Server, KVM, and VirtualBox.

2. implement cross-host container communication through VxLAN

In this test, the VxLAN network of OpenvSwitch enables mutual access between two physical host containers.

2.1 Topology

2.2 configure ovs

(1) Use two scripts to configure the OpenvSwitch of the host10 and host11 hosts. As follows:

# Host10 [root @ host10 ~] # Catvsctl-add.sh #! /Bin/bashovs-vsctladd-brbr0 # create two virtual switch ovs-vsctladd-brbr1ifconfigeth00up # assign the physical Host ip to br1ifconfigbr1194251.10/24uprouteadddefaultgw192. 168.1.1ovs-vsctladd-portbr1eth0 # Add eth0 to the br1ovs-vsctladd-portbr0docker0 # Add docker0 to container/24up # configure br0 and docker0 IPifconfigdocker0172.17.0.1/24up # host11 [root @ host11 ~] # Catvsctl-add.sh #! /Bin/bashovs-vsctladd-brbr0ovs-vsctladd-brbr1ifconfigeth00upifconfigbr1192.168.1.11/24uprouteadddefaultgw192. 168.1.1ovs-vsctladd-portbr1eth0ovs-vsctladd-portbr0docker0ifconfigbr0172.17.0.4/24upifconfigdocker0172. 17.0.3/24up: When the above two scripts are executed through ssh on the physical host, nohup is used. /vsctl-add.sh & mode execution, otherwise the network will be disconnected and the execution fails.

(2) Configure VxLAN for cross-host Interconnection

# Host10ovs-vsctladd-portbr0vx1 -- setinterfacevx1type = vxlanoptions: remote_ip = 192.168.1.11 # host11ovs-vsctladd-portbr0vx1 -- setinterfacevx1type = vxlanoptions: remote_ip = 192.168.1.10 # view after execution [root @ host10 ~] # Ovs-vsctlshowa8251e22-bb31-4ee6-8321-49fbd0f1b735Bridge "br0" Port "vx1" Interface "vx1" type: vxlanoptions: {remote_ip = "192.168.1.11"} Port "veth1pl5407" Interface "veth1pl5407" Port "br0" Interface "br0" type: internalPort "docker0" Interface "docker0" Port "veth1pl4977" Interface "veth1pl4977" Bridge "br1" Port "eth0" Interface "eth0" Port "br1" Interface "br1" type: internal

2.3 create four containers

Here, you can use pipework to fix the container IP address and add it to/etc/rc. local to enable automatic configuration during startup.

#host10dockerrun-itd--net=none--nametest1centos:6/bin/bashdockerrun-itd--net=none--nametest2centos:6/bin/bashpipeworkbr0test1172.17.0.101/[email protected]pipeworkbr0test2172.17.0.102/[email protected]#host11dockerrun-itd--net=none--nametest3centos:6/bin/bashdockerrun-itd--net=none--nametest4centos:6/bin/bashpipeworkbr0test3172.17.0.103/[email protected]pipeworkbr0test4172.17.0.104/[email protected]

2.4 Test

Access the other three containers from the test1 container to communicate normally.

 

3. Summary

With this configuration, we can see the power of OpenvSwitch. ovs is not only used for docker containers, but also for virtual host networks. Software-defined networks greatly simplify network configuration. Docker joins the overlay network after version 1.9 and uses ovs technology.