Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Docker's ovrelay overlay network

2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Docker overlay network driver

The overlay network driver creates a distributed network between multiple docke program hosts, allowing secure communication between containers connected to the network.

When initializing a swarm or docker host to join a swarm cluster, two new networks are created on that docker host:

1. Overlay network ingress, which handles control and data traffic related to cluster services (used in load balancers in clusters). When creating a service, if no user-defined overlay network is specified, the ingree network is used by default

two。 One is called bridging network docker_gwbridge, which connects multiple docker daemons to other daemons of stram.

Create overlay networks and prerequisites

1. Open tcp port 2377 for cluster management communication

two。 Communication ports between cluster nodes: tcp and udp port 7946

3.udp port 4789 is used to cover network traffic

Encrypt the traffic on the network

-- an option that opt encrypted adds when creating an overlay network, but results in a significant performance loss. When override encryption is enabled, Docker creates IPSEC tunnels between all nodes and schedules tasks for services connected to the overlay network on those nodes.

These tunnels also use the AES algorithm in GCM mode, and the manager node automatically rotates the key every 12 hours.

Swarm mode covers the network and stand-alone containers

To create an overlay network that can be used by the cluster service or stand-alone containers to communicate with other stand-alone containers running on other Docker daemons, add the-- attachable flag:

$docker network create-d overlay-- attachable my-attachable-overlay

Custom overlay network ip information

Docker network create\

-- driver overlay\

-- ingress\

-- subnet=10.11.0.0/16\

-- gateway=10.11.0.2\

-- opt com.docker.network.driver.mtu=1200\

My-ingress

Custom docker_gwbridge interface

Docker_gwbridge is a virtual bridge that will cover the physical network of the network and the docker daemon. Docker is created automatically when you initialize a swarm or join a swarm.

Docker_gwbridge needs to delete the default docker_gwbridge before customizing the bridge

1. Stop the docker service

two。 Delete an existing docker_gwbridge

Ip linke set docker_gwbridge down

Ip link del dev docker_gwbridge

3. Start the docker service

4. Create a defined docker_gwbridge bridge using docker network create

$docker network create\

-- subnet 10.11.0.0 Compact 16\

-- opt com.docker.network.bridge.name=docker_gwbridge\

-- opt com.docker.network.bridge.enable_icc=false\

-- opt com.docker.network.bridge.enable_ip_masquerade=true\

Docker_gwbridge

Operation of group service

Publish ports on overlay network

Open the ports on the service to the public through the routing grid covering the network

-Port on the 808080VR 80 service: Port on the routing grid

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report