Docker Macvlan网络创建及通信配置

环境说明

4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7c:83:34:bc:e0:c2 brd ff:ff:ff:ff:ff:ff
    inet 10.5.1.33/24 brd 10.5.1.255 scope global dynamic bond0

宿主机配置

变量配置

eth=bond0 # 宿主机网卡名称
subnet=10.5.1.0/24 # 宿主机IP网段
host_ip=10.5.1.33/32 # 宿主机IP地址
gateway=10.5.1.1 # 宿主机网关
container_ip1=10.5.1.201 # 容器1 IP
container_ip2=10.5.1.202 # 容器2 IP
docker_macvlan_name=macvlan0 # Docker新建MacVlan网络名称
host_macvlan_name=bond0s

下面命令均通过变量实现,方便理解语法

推荐提前通过变量设置好，后面直接复制粘贴,不需要修改任何内容

开启混杂模式

首先执行下面的命令查看网卡是否开启混杂模式

ip address show ${eth} | grep PROMISC

如果有输出就是开启了,例如

root@EQ12-Debian:~# ip address show  ${eth} | grep PROMISC
4: bond0: <BROADCAST,MULTICAST,PROMISC,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

如果没有开启,可以使用下面的命令打开

ip link set ${eth} promisc on

开启路由转发

echo -e "net.ipv4.ip_forward=1\nvm.max_map_count=655360" > /etc/sysctl.conf;sysctl -p

Docker配置

网络创建

docker network create --driver macvlan --subnet=${subnet} --gateway=${gateway} -o parent=${eth} ${docker_macvlan_name}

创建容器

docker run -tid --name ubuntu --net=${docker_macvlan_name} --ip=${container_ip1} liuyi778/ubuntu-22.04_pip3 /bin/bash

docker run -tid --name ubuntu2 --net=${docker_macvlan_name} --ip=${container_ip2} liuyi778/ubuntu-22.04_pip3 /bin/bash

路由配置

ip link add ${host_macvlan_name} link ${eth} type macvlan mode bridge
ip addr add ${ip} dev ${name}
ip link set ${host_macvlan_name} up
ip route add ${container_ip1} dev ${host_macvlan_name}
ip route add ${container_ip2} dev ${host_macvlan_name}

实践操作

root@EQ12-Debian:~# eth=bond0 # 宿主机网卡名称
subnet=10.5.1.0/24 # 宿主机IP网段
host_ip=10.5.1.33/32 # 宿主机IP地址
gateway=10.5.1.1 # 宿主机网关
container_ip1=10.5.1.201 # 容器1 IP
container_ip2=10.5.1.202 # 容器2 IP
docker_macvlan_name=macvlan0 # Docker新建MacVlan网络名称
host_macvlan_name=bond0s
root@EQ12-Debian:~# 
root@EQ12-Debian:~# ip address show ${eth} | grep PROMISC
4: bond0: <BROADCAST,MULTICAST,PROMISC,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
root@EQ12-Debian:~# echo -e "net.ipv4.ip_forward=1\nvm.max_map_count=655360" > /etc/sysctl.conf;sysctl -p
net.ipv4.ip_forward = 1
vm.max_map_count = 655360
root@EQ12-Debian:~# docker network ls
NETWORK ID     NAME                DRIVER    SCOPE
61f710e81024   bridge              bridge    local
91c66270dbaf   data_halo_network   bridge    local
1f6d72d10049   host                host      local
d5efc9813726   none                null      local
root@EQ12-Debian:~# docker network create --driver macvlan --subnet=${subnet} --gateway=${gateway} -o parent=${eth} ${docker_macvlan_name}
6ca2023e3224149530b4a6653055135fa6a40af94b7de4ad6e8ecd4ab452e432
root@EQ12-Debian:~# docker run -tid --name ubuntu --net=${docker_macvlan_name} --ip=${container_ip1} liuyi778/ubuntu-22.04_pip3 /bin/bash
f0b8195e949892ae91d974da55fcc33d88e0bb9eb0f571c688bbd28cc6493ccf
root@EQ12-Debian:~# docker run -tid --name ubuntu2 --net=${docker_macvlan_name} --ip=${container_ip2} liuyi778/ubuntu-22.04_pip3 /bin/bash
995e585e4d83272e4a36dc7c39e1e8178d0bfe5c222671eb003a09b05e336ee6
root@EQ12-Debian:~# ip link add ${host_macvlan_name} link ${eth} type macvlan mode bridge
ip addr add ${ip} dev ${name}
ip link set ${host_macvlan_name} up
ip route add ${container_ip1} dev ${host_macvlan_name}
ip route add ${container_ip2} dev ${host_macvlan_name}
Command line is not complete. Try option "help"
root@EQ12-Debian:~# docker exec -ti ubuntu
ubuntu   ubuntu2  
root@EQ12-Debian:~# docker exec -ti ubuntu /bin/bash
root@f0b8195e9498:~# apt install net-tools
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  net-tools
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 204 kB of archives.
After this operation, 819 kB of additional disk space will be used.
Get:1 http://mirrors.tencent.com/ubuntu jammy/main amd64 net-tools amd64 1.60+git20181103.0eebece-1ubuntu5 [204 kB]
Fetched 204 kB in 0s (928 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 18038 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20181103.0eebece-1ubuntu5_amd64.deb ...
Unpacking net-tools (1.60+git20181103.0eebece-1ubuntu5) ...
Setting up net-tools (1.60+git20181103.0eebece-1ubuntu5) ...
root@f0b8195e9498:~# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.5.1.201  netmask 255.255.255.0  broadcast 10.5.1.255
        ether 02:42:0a:05:01:c9  txqueuelen 0  (Ethernet)
        RX packets 74  bytes 209395 (209.3 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 55  bytes 3258 (3.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 597 (597.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 597 (597.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@f0b8195e9498:~# 
exit
root@EQ12-Debian:~# ping  10.5.1.201
PING 10.5.1.201 (10.5.1.201) 56(84) bytes of data.
64 bytes from 10.5.1.201: icmp_seq=1 ttl=64 time=0.150 ms
64 bytes from 10.5.1.201: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 10.5.1.201: icmp_seq=3 ttl=64 time=0.050 ms
64 bytes from 10.5.1.201: icmp_seq=4 ttl=64 time=0.055 ms
^C
--- 10.5.1.201 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.046/0.075/0.150/0.043 ms
root@EQ12-Debian:~#