Difference between revisions of "Docker networking"
From Teknologisk videncenter
m |
m |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=docker networks= | =docker networks= | ||
| + | {{Source cli}} | ||
| + | == Overview == | ||
On a docker swarm | On a docker swarm | ||
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$ docker network ls | heth@docker1:~$ docker network ls | ||
NETWORK ID NAME DRIVER SCOPE | NETWORK ID NAME DRIVER SCOPE | ||
| Line 9: | Line 11: | ||
p3lm08ns2mrq ingress overlay swarm | p3lm08ns2mrq ingress overlay swarm | ||
ba8252e136b1 none null local | ba8252e136b1 none null local | ||
| − | </source | + | </source> |
| − | on each run | + | on each node in swarm run: |
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$ docker network inspect ingress | grep Address | heth@docker1:~$ docker network inspect ingress | grep Address | ||
"MacAddress": "02:42:0a:00:00:02", | "MacAddress": "02:42:0a:00:00:02", | ||
| Line 17: | Line 19: | ||
"IPv6Address": "" | "IPv6Address": "" | ||
</source> | </source> | ||
| − | <source lang= | + | <source lang=text> |
heth@docker3:~$docker network inspect ingress | grep Address | heth@docker3:~$docker network inspect ingress | grep Address | ||
"MacAddress": "02:42:0a:00:00:03", | "MacAddress": "02:42:0a:00:00:03", | ||
| Line 23: | Line 25: | ||
"IPv6Address": "" | "IPv6Address": "" | ||
</source> | </source> | ||
| − | <source lang= | + | <source lang=text> |
heth@docker3:~$ docker network inspect ingress | grep Address | heth@docker3:~$ docker network inspect ingress | grep Address | ||
"MacAddress": "02:42:0a:00:00:04", | "MacAddress": "02:42:0a:00:00:04", | ||
| Line 29: | Line 31: | ||
"IPv6Address": "" | "IPv6Address": "" | ||
</source> | </source> | ||
| + | == Creating an overlay network == | ||
| + | <source lang=text> | ||
| + | heth@docker1:~$docker network create --driver overlay hethnet | ||
| + | </source> | ||
| + | |||
| + | Run containers on swarm | ||
| + | <source lang=text> | ||
| + | heth@docker1:~$docker service create --replicas 3 --network hethnet --name helloworld alpine ping docker.com | ||
| + | heth@docker1:~$ docker service ps helloworld | ||
| + | ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS | ||
| + | 3lgo2gz3a4yb helloworld.1 alpine:latest docker2 Running Running 24 minutes ago | ||
| + | u6e8agzh22az helloworld.2 alpine:latest docker3 Running Running 24 minutes ago | ||
| + | 9ix7pu6m9hpf helloworld.3 alpine:latest docker1 Running Running 24 minutes ago | ||
| + | </source> | ||
| + | |||
| + | Create traffic between nodes | ||
| + | <source lang=text> | ||
| + | heth@docker1:~$ docker exec -it 1f sh | ||
| + | / # ip a | ||
| + | 31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP | ||
| + | link/ether 02:42:0a:00:01:03 brd ff:ff:ff:ff:ff:ff | ||
| + | inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0 | ||
| + | valid_lft forever preferred_lft forever | ||
| + | / # ping 10.0.1.5 | ||
| + | PING 10.0.1.5 (10.0.1.5): 56 data bytes | ||
| + | 64 bytes from 10.0.1.5: seq=0 ttl=64 time=0.338 ms | ||
| + | 64 bytes from 10.0.1.5: seq=1 ttl=64 time=0.270 ms | ||
| + | ... | ||
| + | </source> | ||
| + | |||
| + | On another terminal start tcpdump while ping still running | ||
| + | <Source lang=text> | ||
| + | root@docker1:/home/heth# sudo tcpdump -i ens160 -w /tmp/swarm.pcap | ||
| + | </source> | ||
| + | Transfer swarm.pcap to host with wireshark and notice VxLAN tunneling | ||
| + | [[image:Vxlan tunneling.png|500px]] | ||
=Bridged interfaces= | =Bridged interfaces= | ||
| Line 35: | Line 73: | ||
Install with (debian like): sudo apt install bridge-utils | Install with (debian like): sudo apt install bridge-utils | ||
| − | <source lang= | + | <source lang=text> |
heth@ub1:~$ brctl show | heth@ub1:~$ brctl show | ||
bridge name bridge id STP enabled interfaces | bridge name bridge id STP enabled interfaces | ||
| Line 57: | Line 95: | ||
</source> | </source> | ||
=== bridge command === | === bridge command === | ||
| − | <source lang= | + | <source lang=text> |
heth@ub1:~$ bridge -d vlan | heth@ub1:~$ bridge -d vlan | ||
port vlan-id | port vlan-id | ||
Latest revision as of 06:11, 26 September 2024
Contents
docker networks
Overview
On a docker swarm
heth@docker1:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
76a4537b0654 bridge bridge local
d6ae77b0b494 docker_gwbridge bridge local
cc493462394a host host local
p3lm08ns2mrq ingress overlay swarm
ba8252e136b1 none null local
on each node in swarm run:
heth@docker1:~$ docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:02",
"IPv4Address": "10.0.0.2/24",
"IPv6Address": ""
heth@docker3:~$docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:03",
"IPv4Address": "10.0.0.3/24",
"IPv6Address": ""
heth@docker3:~$ docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:04",
"IPv4Address": "10.0.0.4/24",
"IPv6Address": ""
Creating an overlay network
heth@docker1:~$docker network create --driver overlay hethnet
Run containers on swarm
heth@docker1:~$docker service create --replicas 3 --network hethnet --name helloworld alpine ping docker.com
heth@docker1:~$ docker service ps helloworld
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
3lgo2gz3a4yb helloworld.1 alpine:latest docker2 Running Running 24 minutes ago
u6e8agzh22az helloworld.2 alpine:latest docker3 Running Running 24 minutes ago
9ix7pu6m9hpf helloworld.3 alpine:latest docker1 Running Running 24 minutes ago
Create traffic between nodes
heth@docker1:~$ docker exec -it 1f sh
/ # ip a
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:0a:00:01:03 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 10.0.1.5
PING 10.0.1.5 (10.0.1.5): 56 data bytes
64 bytes from 10.0.1.5: seq=0 ttl=64 time=0.338 ms
64 bytes from 10.0.1.5: seq=1 ttl=64 time=0.270 ms
...
On another terminal start tcpdump while ping still running
root@docker1:/home/heth# sudo tcpdump -i ens160 -w /tmp/swarm.pcap
Transfer swarm.pcap to host with wireshark and notice VxLAN tunneling
Bridged interfaces
Example
brctl command
Install with (debian like): sudo apt install bridge-utils
heth@ub1:~$ brctl show
bridge name bridge id STP enabled interfaces
br-501d0044fabe 8000.0242a9d6ae8d no veth413579c
veth6d6fce4
vethd3cbce2
br-ded1f2526def 8000.0242a675d928 no
crc 8000.525400fdbed0 yes
docker0 8000.02420af91289 no veth180ce2d
virbr0 8000.5254009d12fa yes
heth@ub1:~$ brctl showmacs br-501d0044fabe
port no mac addr is local? ageing timer
1 02:42:ac:13:00:02 no 3.96
2 02:42:ac:13:00:03 no 3.96
1 46:b0:4b:02:26:99 yes 0.00
1 46:b0:4b:02:26:99 yes 0.00
2 96:fb:5a:ff:2c:9d yes 0.00
2 96:fb:5a:ff:2c:9d yes 0.00
3 aa:2c:8a:2b:06:81 yes 0.00
3 aa:2c:8a:2b:06:81 yes 0.00
bridge command
heth@ub1:~$ bridge -d vlan
port vlan-id
virbr0 1 PVID Egress Untagged
state forwarding
crc 1 PVID Egress Untagged
state forwarding
docker0 1 PVID Egress Untagged
state forwarding
br-ded1f2526def 1 PVID Egress Untagged
state forwarding
veth180ce2d 1 PVID Egress Untagged
state forwarding
br-501d0044fabe 1 PVID Egress Untagged
state forwarding
veth413579c 1 PVID Egress Untagged
state forwarding
vethd3cbce2 1 PVID Egress Untagged
state forwarding
veth6d6fce4 1 PVID Egress Untagged
state forwarding