068、Calico的网络结构是什么?(2019-04-11 周四)
参考https://www.cnblogs.com/CloudMan6/p/7520164.html
root@host1:~# docker run -itd --name bbox1 --network cal_net1 busybox
470754e0c3603397575d8f3b3ef45aac4035a4c410c82a7245792139808f3dba
root@host1:~# docker exec bbox1 ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: cali0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff
inet 192.168.119.0/32 brd 192.168.119.0 scope global cali0
valid_lft forever preferred_lft forever
root@host1:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:4c:70 brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
4: ens192.10@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
5: ens192.20@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:22:32 brd ff:ff:ff:ff:ff:ff
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:ec:86:ee:3a brd ff:ff:ff:ff:ff:ff
8: cali129890bc0f3@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 9e:d1:4e:cd:c8:79 brd ff:ff:ff:ff:ff:ff link-netnsid 0
root@host1:~# ip route
default via 10.12.28.6 dev ens160 onlink
10.2.46.0/24 dev docker0 proto kernel scope link src 10.2.46.1 linkdown
10.12.28.0/22 dev ens160 proto kernel scope link src 10.12.31.211
172.22.0.0/16 via 10.12.28.1 dev ens160
192.168.119.0 dev cali129890bc0f3 scope link
blackhole 192.168.119.0/26 proto bird
# 1、以上可以看到容器中的 7:cali0@if8 与 host 上的 8:cali129890bc03@if7 是一对 veth pair
# 2、host 上自动添加了一条到容器的路由
root@host2:~# docker run -itd --name bbox2 --network cal_net1 busybox
728576a0057dcf50d7cfe31fcfb1b59a18972d9fea836d4dc433c21ebd677df4
root@host2:~# docker exec bbox2 ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: cali0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff
inet 192.168.183.64/32 brd 192.168.183.64 scope global cali0
valid_lft forever preferred_lft forever
root@host2:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:13:59 brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
4: ens192.10@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
5: ens192.20@ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:50:56:87:1b:c0 brd ff:ff:ff:ff:ff:ff
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:80:62:ac:7c brd ff:ff:ff:ff:ff:ff
8: calicb5d10d0884@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 72:86:f2:93:ee:84 brd ff:ff:ff:ff:ff:ff link-netnsid 0
root@host2:~# ip route
default via 10.12.28.6 dev ens160 onlink
10.2.44.0/24 dev docker0 proto kernel scope link src 10.2.44.1 linkdown
10.12.28.0/22 dev ens160 proto kernel scope link src 10.12.31.212
172.22.0.0/16 via 10.12.28.1 dev ens160
192.168.119.0/26 via 10.12.31.211 dev ens160 proto bird
192.168.183.64 dev calicb5d10d0884 scope link
blackhole 192.168.183.64/26 proto bird
root@host2:~# docker exec bbox2 ping -c 2 bbox1
PING bbox1 (192.168.119.0): 56 data bytes
64 bytes from 192.168.119.0: seq=0 ttl=62 time=0.393 ms
64 bytes from 192.168.119.0: seq=1 ttl=62 time=0.402 ms
--- bbox1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.393/0.397/0.402 ms
# 1、以上可以看到与 host 也有一对 veth pair
# 2、host 上自动添加了一条到容器的路由,额外还有一条到host1容器的路由
# 3、host2上的容器可以使用机器名与host1上的容器通信
root@host1:~# ip route
default via 10.12.28.6 dev ens160 onlink
10.2.46.0/24 dev docker0 proto kernel scope link src 10.2.46.1 linkdown
10.12.28.0/22 dev ens160 proto kernel scope link src 10.12.31.211
172.22.0.0/16 via 10.12.28.1 dev ens160
192.168.119.0 dev cali129890bc0f3 scope link
blackhole 192.168.119.0/26 proto bird
192.168.183.64/26 via 10.12.31.212 dev ens160 proto bird
root@host1:~# docker exec bbox1 ping -c 2 bbox2
PING bbox2 (192.168.183.64): 56 data bytes
64 bytes from 192.168.183.64: seq=0 ttl=62 time=0.428 ms
64 bytes from 192.168.183.64: seq=1 ttl=62 time=0.286 ms
--- bbox2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.286/0.357/0.428 ms
# 1、在看host1上,自动添加了一条到host2容器的路由
# 2、host1上的容器也可以与host2上的容器通过机器名通信