标签:
1. 安装3台centos7 Linux虚机,
公网分别是:114.112.62.75,114.112.62.76,114.112.62.77
私网分别是:192.168.1.4, 192.168.1.5, 192.168.1.6
2. 在3台机器上安装openvswitch 2.5。
根据openvswitch文档build RPM包,然后在每台机器上yum localinstall rpm
3. 在3台机器上安装docker,yum install docker。
4. 在3台机器上yum install iptables-services。
5. 配置openvswitch环境
例如,在192.168.1.4上:
ovs-vsctl add-br br-int
ovs-vsctl add-br br-tun
ip link add br-int-pair type veth peer name br-tun-pair
ip link set br-int-pair up
ip link set br-tun-pair up
ovs-vsctl add-port br-int br-int-pair
ovs-vsctl add-port br-tun br-tun-pair
ip link add vnic0 type veth peer name vnic0-br-int
ip link set vnic0 up
ip link set vnic0-br-int up
ovs-vsctl add-port br-int vnic0-br-int
ifconfig vnic0 10.0.0.1/24
ip link add vnic1 type veth peer name vnic1-br-int
ip link set vnic1 up
ip link set vnic1-br-int up
ovs-vsctl add-port br-int vnic1-br-int
ifconfig vnic1 10.0.1.1/24
ovs-vsctl set Port vnic0-br-int tag=1
ovs-vsctl set Port vnic1-br-int tag=2
ovs-vsctl add-port br-tun vxlan0 -- set Interface vxlan0 type=vxlan options:local_ip=192.168.1.4 options:in_key=flow options:remote_ip=192.168.1.5 options:out_key=flow
ovs-vsctl add-port br-tun vxlan1 -- set Interface vxlan1 type=vxlan options:local_ip=192.168.1.4 options:in_key=flow options:remote_ip=192.168.1.6 options:out_key=flow
6. 配置br-tun上的流表:
ovs-ofctl del-flows br-tun
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 in_port=1 actions=resubmit(,1)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 in_port=2 actions=resubmit(,3)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 in_port=3 actions=resubmit(,3)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=0 actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=1 dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=1 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,21)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=2 actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=3 tun_id=0x1 actions=mod_vlan_vid:1,resubmit(,10)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=3 tun_id=0x2 actions=mod_vlan_vid:2,resubmit(,10)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=3 actions=drop"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=10 actions=learn(table=20,priority=1,hard_timeout=300,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=20 actions=resubmit(,21)"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=21 dl_vlan=1 actions=strip_vlan,set_tunnel:0x1,output:2,output:3"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=1 table=21 dl_vlan=2 actions=strip_vlan,set_tunnel:0x2,output:2,output:3"
ovs-ofctl add-flow br-tun "hard_timeout=0 idle_timeout=0 priority=0 table=21 actions=drop"
ovs-ofctl dump-flows br-tun
7. 在114.112.62.75,114.112.62.76上分别启动两个docker:container1,container2
docker pull centos
docker run -itd --name=container1 --net=none centos /bin/bash
docker run -itd --name=container2 --net=none centos /bin/bash
查询两个container的PID:
docker inspect --format "{{.State.Pid}}" container1
62323
docker inspect --format "{{.State.Pid}}" container2
62390
把vnic0,vnic1分别挪到两个docker里:
ip link set vnic0 netns 62323
ip link set vnic1 netns 62390
ip link set vnic0-br-int up
ip link set vnic1-br-int up
nsenter -t 62323 -n ip addr add 10.0.0.1/24 dev vnic0
nsenter -t 62323 -n ip link set vnic0 up
nsenter -t 62390 -n ip addr add 10.0.1.1/24 dev vnic1
nsenter -t 62390 -n ip link set vnic1 up
8.修改3台机器的iptables,/etc/sysconfig/iptables,重启iptables。
9. 在114.112.62.75上,建立虚拟路由器。
在其他机器的docker里设置一下网关
例如:到机器76上,
docker attach container1
ip route add default via 10.0.0.1
到机器77上,
docker attach container1
ip route add default via 10.0.0.1
测试一下路由通不通,ping一下,两个网段的路由全都通了。
在ens256上增加一个IP:
ip addr add 172.10.0.101/24 dev ens256
在iptables增加三条规则:
iptables -t nat -A OUTPUT -d 172.10.0.101/32 -j DNAT --to-destination 10.0.0.2
iptables -t nat -A PREROUTING -d 172.10.0.101/32 -j DNAT --to-destination 10.0.0.2
iptables -t nat -A POSTROUTING -s 10.0.0.2/32 -j SNAT --to-source 172.10.0.101
标签:
原文地址:http://www.cnblogs.com/laoleecloud/p/5747913.html
