Shulou(Shulou.com)06/01 Report--

This article shares with you the content of an example analysis of direct routing in Docker container cross-host communication. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Principle analysis of the scheme

Because the IP of the container is used for routing, it is necessary to avoid using the same IP for containers on different hosts, so we should assign different subnets to different hosts to ensure. So we construct a routing scheme for communication between the two containers.

Environment introduction:

The IP address of host 1 is: 192.168.145.128 the IP address of host 2 is: the subnet assigned by 192.168.145.129 to the Docker container on host 1: the subnet assigned by 172.17.1.0 IP 24 to the Docker container on host 2: 172.17.2.0 IP 24, so that the Docker containers on both hosts will definitely not use the same IP address, thus avoiding IP conflicts. To sum up, the transmission process of the packet between the two containers is as follows: the packet sent from container1 to container2 is first sent to the "gateway" docker0 of container1, and then by looking up the route of host 1, we know that the packet needs to be sent to host 2, and then it is forwarded to the docker0 of host 2, and finally the packet is transferred to container2; the reverse principle is the same, so I won't repeat it.

1. Configure the docker0 on host 1 and host 2 respectively.

Edit the / etc/docker/daemon.json file on host 1 and add the following: "bip": "ip/netmask" {"bip", "172.17.1.252and24"} Edit the / etc/docker/daemon.json file on host 2 Add: "bip": "ip/netmask" {"bip", "172.17.2.252 go 24"} restart the docker service by executing the following command on both host 1 and host 2 to make the modified docker0 network segment effective systemctl restart docker

2. Add routing rules

Add routing rules on host 1 as follows: route add-net 172.17.2.0 netmask 255.255.255.0 gw 192.168.145.129 host 2: route add-net 172.17.1.0 netmask 255.255.255.0 gw 192.168.145.128

3. Configure iptables rules

Add the following rule to host 1: iptables-t nat-F POSTROUTINGiptables-t nat-A POSTROUTING-s 172.17.1.0 MASQUERADE 24!-d 172.17.0.0 MASQUERADE 16-j MASQUERADE host 2: iptables-t nat-F POSTROUTINGiptables-t nat-A POSTROUTING-s 172.17.2.0 MASQUERADE 24!-d 172.17.0.0 MASQUERADE

4. Start the container

Launch centos container on host 1: docker run-it-- name container1 centos / bin/bash launch centos container on host 2: docker run-it-- name container2 centos / bin/bash

OK, now the two containers can ping each other.

5. Route persistence (prevent host restart route loss)

Root@rancher:~# vi / etc/rc.local add routing information, remember to write before exit! Route add-net 172.17.2.0 netmask 255.255.255.0 gw 192.168.102.88 Thank you for reading! This is the end of the article on "example Analysis of Direct routing in Docker Container Cross-Host Communication". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.