zoukankan      html  css  js  c++  java

  • 068、Calico的网络结构是什么?(2019-04-11 周四)

     
     
    root@host1:~# docker run -itd --name bbox1 --network cal_net1 busybox
    470754e0c3603397575d8f3b3ef45aac4035a4c410c82a7245792139808f3dba
    root@host1:~# docker exec bbox1 ip address
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    7: cali0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
        link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff
        inet 192.168.119.0/32 brd 192.168.119.0 scope global cali0
           valid_lft forever preferred_lft forever
    root@host1:~# ip link
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:4c:70 brd ff:ff:ff:ff:ff:ff
    3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
    4: ens192.10@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
    5: ens192.20@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
    6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
        link/ether 02:42:ec:86:ee:3a brd ff:ff:ff:ff:ff:ff
    8: cali129890bc0f3@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
        link/ether 9e:d1:4e:cd:c8:79 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    root@host1:~# ip route
    default via 10.12.28.6 dev ens160 onlink
    10.2.46.0/24 dev docker0  proto kernel  scope link  src 10.2.46.1 linkdown
    10.12.28.0/22 dev ens160  proto kernel  scope link  src 10.12.31.211
    172.22.0.0/16 via 10.12.28.1 dev ens160
    192.168.119.0 dev cali129890bc0f3  scope link
    blackhole 192.168.119.0/26  proto bird
     
    #    1、以上可以看到容器中的 7:cali0@if8 与 host 上的 8:cali129890bc03@if7 是一对 veth pair
    #    2、host 上自动添加了一条到容器的路由
     
    root@host2:~# docker run -itd --name bbox2 --network cal_net1 busybox
    728576a0057dcf50d7cfe31fcfb1b59a18972d9fea836d4dc433c21ebd677df4
    root@host2:~# docker exec bbox2 ip address
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    7: cali0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
        link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff
        inet 192.168.183.64/32 brd 192.168.183.64 scope global cali0
           valid_lft forever preferred_lft forever
    root@host2:~# ip link
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:13:59 brd ff:ff:ff:ff:ff:ff
    3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
    4: ens192.10@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
    5: ens192.20@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
        link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
    6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
        link/ether 02:42:80:62:ac:7c brd ff:ff:ff:ff:ff:ff
    8: calicb5d10d0884@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
        link/ether 72:86:f2:93:ee:84 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    root@host2:~# ip route
    default via 10.12.28.6 dev ens160 onlink
    10.2.44.0/24 dev docker0  proto kernel  scope link  src 10.2.44.1 linkdown
    10.12.28.0/22 dev ens160  proto kernel  scope link  src 10.12.31.212
    172.22.0.0/16 via 10.12.28.1 dev ens160
    192.168.119.0/26 via 10.12.31.211 dev ens160  proto bird
    192.168.183.64 dev calicb5d10d0884  scope link
    blackhole 192.168.183.64/26  proto bird
    root@host2:~# docker exec bbox2 ping -c 2 bbox1
    PING bbox1 (192.168.119.0): 56 data bytes
    64 bytes from 192.168.119.0: seq=0 ttl=62 time=0.393 ms
    64 bytes from 192.168.119.0: seq=1 ttl=62 time=0.402 ms
    --- bbox1 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 0.393/0.397/0.402 ms
     
    #    1、以上可以看到与 host 也有一对 veth pair
    #    2、host 上自动添加了一条到容器的路由,额外还有一条到host1容器的路由
    #    3、host2上的容器可以使用机器名与host1上的容器通信
     
    root@host1:~# ip route
    default via 10.12.28.6 dev ens160 onlink
    10.2.46.0/24 dev docker0  proto kernel  scope link  src 10.2.46.1 linkdown
    10.12.28.0/22 dev ens160  proto kernel  scope link  src 10.12.31.211
    172.22.0.0/16 via 10.12.28.1 dev ens160
    192.168.119.0 dev cali129890bc0f3  scope link
    blackhole 192.168.119.0/26  proto bird
    192.168.183.64/26 via 10.12.31.212 dev ens160  proto bird
    root@host1:~# docker exec bbox1 ping -c 2 bbox2
    PING bbox2 (192.168.183.64): 56 data bytes
    64 bytes from 192.168.183.64: seq=0 ttl=62 time=0.428 ms
    64 bytes from 192.168.183.64: seq=1 ttl=62 time=0.286 ms
    --- bbox2 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 0.286/0.357/0.428 ms
     
    #    1、在看host1上,自动添加了一条到host2容器的路由
    #    2、host1上的容器也可以与host2上的容器通过机器名通信
     
     
     
     
  • 相关阅读:
    WCF 第八章 安全 确定替代身份(中)使用AzMan认证
    WCF 第八章 安全 总结
    WCF 第八章 安全 因特网上的安全服务(下) 其他认证模式
    WCF Membership Provider
    WCF 第八章 安全 确定替代身份(下)模仿用户
    WCF 第八章 安全 因特网上的安全服务(上)
    WCF 第九章 诊断
    HTTPS的七个误解(转载)
    WCF 第八章 安全 日志和审计
    基于比较的排序算法集
  • 原文地址:https://www.cnblogs.com/www1707/p/10691817.html
Copyright © 2011-2022 走看看