vhost1: 192.168.2.182
vhost2: 192.168.2.80
操作系统:CentOS7.7
[root@vhost1 ~]# ovs-vsctl add-br ovs-br0 #创建网桥
[root@vhost1 ~]# ovs-vsctl add-port ovs-br0 vxlan1-- set interface vxlan1 type=vxlan options:remote_ip=192.168.2.80
[root@vhost1 ~]# ifconfig ovs-br0 192.168.100.1
[root@vhost1 ~]# docker run -d --name con1 --privileged=true --net=none busybox top
如果con1已经存在,则直接使用docker start con1启动,即可
[root@vhost1 ~]# ovs-docker add-port vxbr eth0 con1
[root@vhost1 ~]# docker exec -it con1 ifconfig eth0 192.168.100.3
[root@vhost1 ~]# systemctl stop firewalld
[root@vhost2 ~]# ovs-vsctl add-br ovs-br0 #创建网桥
[root@vhost2 ~]# ovs-vsctl add-port ovs-br0 vxlan1-- set interface vxlan1 type=vxlan options:remote_ip=192.168.2.182
[root@vhost2 ~]# ifconfig ovs-br0 192.168.100.2
[root@vhost2 ~]# docker run -d --name con1 --privileged=true --net=none busybox top
[root@vhost2 ~]# ovs-docker add-port vxbr eth0 con1
[root@vhost2 ~]# docker exec -it con1 ifconfig eth0 192.168.100.4
[root@vhost2 ~]# systemctl stop firewalld
[root@vhost1 ~]# docker exec -it con1 ping 192.168.100.1
[root@vhost1 ~]# docker exec -it con1 ping 192.168.100.2
[root@vhost1 ~]# docker exec -it con1 ping 192.168.100.4
[root@vhost1 ~]# ping 192.168.100.2
[root@vhost1 ~]# ping 192.168.100.3
[root@vhost1 ~]# ping 192.168.100.4
[root@vhost2 ~]# docker exec -it con1 ping 192.168.100.1
[root@vhost2 ~]# docker exec -it con1 ping 192.168.100.2
[root@vhost2 ~]# docker exec -it con1 ping 192.168.100.3
[root@vhost2 ~]# ping 192.168.100.1
[root@vhost2 ~]# ping 192.168.100.3
[root@vhost2 ~]# ping 192.168.100.4
备注:
以下操作还存在一些缺陷,即不能直接使用在docker使用ping www.baidu.com或ping 192.168.2.80之类操作~不能共享宿主机的网络
[root@vhost1 ~]# ip netns exec ns1 iptables –t nat –A POSTROUTING –s 192.168.100.1/24 –j SNAT –-to-source 192.168.2.182
[root@vhost1 ~]# ip netns exec ns1 iptables –t nat –A PREROUTING –d 192.168.2.182/24 –j DNAT –-to-destination 192.168.100.1
[root@vhost2 ~]# ip netns exec ns1 iptables –t nat –A POSTROUTING –s 192.168.100.2/24 –j SNAT –-to-source 192.168.2.80
[root@vhost1 ~]# ip netns exec ns1 iptables –t nat –A PREROUTING –d 192.168.2.80/24 –j DNAT –-to-destination 192.168.100.2
以下是ovs-vsctl add-port的同义操作过程:
[root@vhost2 ~]# brctl addbr ovs-br0 #创建网桥
[root@vhost2 ~]# ip link set ovs-br0 up #启动网桥
[root@vhost2 ~]# ip link add vxlan1 type vxlan id 100 remote 192.168.2.182 dstport 4789 dev enp0s3
创建vxlan隧道 remote 为远程地址 dstport 为远程端口 dev 为本地物理出口
[root@vhost2 ~]# ip link set vxlan1 up #开启隧道
[root@vhost2 ~]# brctl addif br-vx vxlan1 #将隧道加入网桥