Difference between revisions of "Docker networking"
From Teknologisk videncenter
m |
m |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=docker networks= | =docker networks= | ||
| + | {{Source cli}} | ||
== Overview == | == Overview == | ||
On a docker swarm | On a docker swarm | ||
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$ docker network ls | heth@docker1:~$ docker network ls | ||
NETWORK ID NAME DRIVER SCOPE | NETWORK ID NAME DRIVER SCOPE | ||
| Line 12: | Line 13: | ||
</source> | </source> | ||
on each node in swarm run: | on each node in swarm run: | ||
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$ docker network inspect ingress | grep Address | heth@docker1:~$ docker network inspect ingress | grep Address | ||
"MacAddress": "02:42:0a:00:00:02", | "MacAddress": "02:42:0a:00:00:02", | ||
| Line 18: | Line 19: | ||
"IPv6Address": "" | "IPv6Address": "" | ||
</source> | </source> | ||
| − | <source lang= | + | <source lang=text> |
heth@docker3:~$docker network inspect ingress | grep Address | heth@docker3:~$docker network inspect ingress | grep Address | ||
"MacAddress": "02:42:0a:00:00:03", | "MacAddress": "02:42:0a:00:00:03", | ||
| Line 24: | Line 25: | ||
"IPv6Address": "" | "IPv6Address": "" | ||
</source> | </source> | ||
| − | <source lang= | + | <source lang=text> |
heth@docker3:~$ docker network inspect ingress | grep Address | heth@docker3:~$ docker network inspect ingress | grep Address | ||
"MacAddress": "02:42:0a:00:00:04", | "MacAddress": "02:42:0a:00:00:04", | ||
| Line 31: | Line 32: | ||
</source> | </source> | ||
== Creating an overlay network == | == Creating an overlay network == | ||
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$docker network create --driver overlay hethnet | heth@docker1:~$docker network create --driver overlay hethnet | ||
</source> | </source> | ||
Run containers on swarm | Run containers on swarm | ||
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$docker service create --replicas 3 --network hethnet --name helloworld alpine ping docker.com | heth@docker1:~$docker service create --replicas 3 --network hethnet --name helloworld alpine ping docker.com | ||
heth@docker1:~$ docker service ps helloworld | heth@docker1:~$ docker service ps helloworld | ||
| Line 46: | Line 47: | ||
Create traffic between nodes | Create traffic between nodes | ||
| − | <source lang= | + | <source lang=text> |
heth@docker1:~$ docker exec -it 1f sh | heth@docker1:~$ docker exec -it 1f sh | ||
/ # ip a | / # ip a | ||
| Line 53: | Line 54: | ||
inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0 | inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0 | ||
valid_lft forever preferred_lft forever | valid_lft forever preferred_lft forever | ||
| − | / # ping 10.0.1. | + | / # ping 10.0.1.5 |
| − | PING 10.0.1. | + | PING 10.0.1.5 (10.0.1.5): 56 data bytes |
| − | 64 bytes from 10.0.1. | + | 64 bytes from 10.0.1.5: seq=0 ttl=64 time=0.338 ms |
| − | 64 bytes from 10.0.1. | + | 64 bytes from 10.0.1.5: seq=1 ttl=64 time=0.270 ms |
... | ... | ||
</source> | </source> | ||
| + | |||
| + | On another terminal start tcpdump while ping still running | ||
| + | <Source lang=text> | ||
| + | root@docker1:/home/heth# sudo tcpdump -i ens160 -w /tmp/swarm.pcap | ||
| + | </source> | ||
| + | Transfer swarm.pcap to host with wireshark and notice VxLAN tunneling | ||
| + | [[image:Vxlan tunneling.png|500px]] | ||
=Bridged interfaces= | =Bridged interfaces= | ||
| Line 65: | Line 73: | ||
Install with (debian like): sudo apt install bridge-utils | Install with (debian like): sudo apt install bridge-utils | ||
| − | <source lang= | + | <source lang=text> |
heth@ub1:~$ brctl show | heth@ub1:~$ brctl show | ||
bridge name bridge id STP enabled interfaces | bridge name bridge id STP enabled interfaces | ||
| Line 87: | Line 95: | ||
</source> | </source> | ||
=== bridge command === | === bridge command === | ||
| − | <source lang= | + | <source lang=text> |
heth@ub1:~$ bridge -d vlan | heth@ub1:~$ bridge -d vlan | ||
port vlan-id | port vlan-id | ||
Latest revision as of 05:11, 26 September 2024
Contents
docker networks
Overview
On a docker swarm
heth@docker1:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
76a4537b0654 bridge bridge local
d6ae77b0b494 docker_gwbridge bridge local
cc493462394a host host local
p3lm08ns2mrq ingress overlay swarm
ba8252e136b1 none null local
on each node in swarm run:
heth@docker1:~$ docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:02",
"IPv4Address": "10.0.0.2/24",
"IPv6Address": ""
heth@docker3:~$docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:03",
"IPv4Address": "10.0.0.3/24",
"IPv6Address": ""
heth@docker3:~$ docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:04",
"IPv4Address": "10.0.0.4/24",
"IPv6Address": ""
Creating an overlay network
heth@docker1:~$docker network create --driver overlay hethnet
Run containers on swarm
heth@docker1:~$docker service create --replicas 3 --network hethnet --name helloworld alpine ping docker.com
heth@docker1:~$ docker service ps helloworld
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
3lgo2gz3a4yb helloworld.1 alpine:latest docker2 Running Running 24 minutes ago
u6e8agzh22az helloworld.2 alpine:latest docker3 Running Running 24 minutes ago
9ix7pu6m9hpf helloworld.3 alpine:latest docker1 Running Running 24 minutes ago
Create traffic between nodes
heth@docker1:~$ docker exec -it 1f sh
/ # ip a
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:0a:00:01:03 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 10.0.1.5
PING 10.0.1.5 (10.0.1.5): 56 data bytes
64 bytes from 10.0.1.5: seq=0 ttl=64 time=0.338 ms
64 bytes from 10.0.1.5: seq=1 ttl=64 time=0.270 ms
...
On another terminal start tcpdump while ping still running
root@docker1:/home/heth# sudo tcpdump -i ens160 -w /tmp/swarm.pcap
Transfer swarm.pcap to host with wireshark and notice VxLAN tunneling
Bridged interfaces
Example
brctl command
Install with (debian like): sudo apt install bridge-utils
heth@ub1:~$ brctl show
bridge name bridge id STP enabled interfaces
br-501d0044fabe 8000.0242a9d6ae8d no veth413579c
veth6d6fce4
vethd3cbce2
br-ded1f2526def 8000.0242a675d928 no
crc 8000.525400fdbed0 yes
docker0 8000.02420af91289 no veth180ce2d
virbr0 8000.5254009d12fa yes
heth@ub1:~$ brctl showmacs br-501d0044fabe
port no mac addr is local? ageing timer
1 02:42:ac:13:00:02 no 3.96
2 02:42:ac:13:00:03 no 3.96
1 46:b0:4b:02:26:99 yes 0.00
1 46:b0:4b:02:26:99 yes 0.00
2 96:fb:5a:ff:2c:9d yes 0.00
2 96:fb:5a:ff:2c:9d yes 0.00
3 aa:2c:8a:2b:06:81 yes 0.00
3 aa:2c:8a:2b:06:81 yes 0.00
bridge command
heth@ub1:~$ bridge -d vlan
port vlan-id
virbr0 1 PVID Egress Untagged
state forwarding
crc 1 PVID Egress Untagged
state forwarding
docker0 1 PVID Egress Untagged
state forwarding
br-ded1f2526def 1 PVID Egress Untagged
state forwarding
veth180ce2d 1 PVID Egress Untagged
state forwarding
br-501d0044fabe 1 PVID Egress Untagged
state forwarding
veth413579c 1 PVID Egress Untagged
state forwarding
vethd3cbce2 1 PVID Egress Untagged
state forwarding
veth6d6fce4 1 PVID Egress Untagged
state forwarding