| |
I. Overview
1. Environment: I have here is two linux machines (host1 and host2), release is kali2.0, kernel version is 4.3. Each machine installed Docker, OpenvSwitch (ovs).
2.host1 and host2 are to start an Ubuntu the docker container.
3. Network structure:
2.1: eth0 host1 is: 192.168.2.1, host1 inside docker container ip address 10.1.2.3
2.2: eth0 host2 of: 192.168.2.2, host2 inside docker container ip address 10.1.2.4
2.3: host1 and host2 of eth0 can ping.
4. The goal is to establish VxLAN tunnel between two different host of docker container, so that they can communicate!
II. Basic software installation
1. Install docker and get ubuntu mirror
1 sudo apt-get install docket.io
2 sudo docker pull ubuntu
2. Install openvswitch and ovs the docker helper scripts
1 sudo apt-get install openvswitch-switc
2 // OpenvSwitch project support provided Docker container helper scripts ovs-docker
3 wget https://github.com/openvswitch/ovs/raw/master/utilities/ovs-docker
4 chmod a + x ovs-docker
III. Configuration
1. Create a virtual bridge with ovs in host1 above, and to bridge a ip
1 sudo ovs-vsctl add-br vxbr
2 sudo ifconfig vxbr 10.1.2.1/24
2. Add a bridge to vxlan types of ports, remote_ip host2 is the eth0 address! ! !
1 sudo ovs-vsctl add-port vxbr vxlan - set interface vxlan type = vxlan options: remote_ip = 192.168.2.2
3. Start a docker container without Ethernet card
1 sudo docker run --net = none --privileged = true -it ubuntu
And note that the container ID, I am here: b062406bc6b6. At this point ifconfig lo you can only see a device in the inside container.
4. Give the container assign an eth0 and bind to host the vxbr bridge
1 sudo ./ovs-docker add-port vxbr eth0 b062406bc6b6
At this time back into the container inside, ifconfig will see the emergence of a eht0. Give it a ip:
1 ifconfig eth0 10.1.2.3/24
5. Check the configuration ovs
1 sudo ovs-vsctl show
We can see that there are three ports vxbr bridge above, is himself a native communication with (here eth0 native) port, a port is vxlan last one is eth0 docker container machines.
host2 with the above configuration is similar to the virtual bridge vxbr host2 to host1 remote_ip into the 192.168.2.1 10.1.2.2/24,vxlan of, docker container machine host2 to the ip 10.1.2.4/24
IV. Verify
In this case the network structure:
eth0 10.1.2.1, docker container machine:: host1 of eth0: 192.168.2.1, virtual bridge vxbr 10.1.2.3. eth0 docker container is inserted in the host host1 virtual bridge vxbr above.
eth0 10.1.2.2, docker container machine:: host2 of eth0: 192.168.2.2, virtual bridge vxbr 10.1.2.4. eth0 docker container is inserted in the host host2 virtual bridge vxbr above.
The docker container in host1 machine inside ping host2 the docker container machine, wireshark capture:
You can see the communication between the container machine is encapsulated in a UDP packet inside, the UDP communication is via host1 and host2 of eth0 forwarding. |
|
|
|