066、Weave如何与外网通信？（2019-04-09 周二）

佚名 6年前 (2019-04-09) 随笔 1763人围观抢沙发百度已收录

参考 https://www.cnblogs.com/CloudMan6/p/7500550.html Weave是一个私有的vxlan网络，默认与外部网络隔离。外部网络如何才能访问到weave中的容器呢？ 1、将主机加入到weave网络 2、把主机当做访问weave网络的网关 root@host1:~# weave expose # 将主机加入weave网络 10.32.0.3 root@host1:~# ip addr show weave # 查看主机上的weave网络信息 9: weave: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1376 qdisc noqueue state UP group default qlen 1000 link/ether 9a:ac:0e:f3:1a:18 brd ff:ff:ff:ff:ff:ff inet 10.32.0.3/12 brd 10.47.255.255 scope global weave valid_lft forever preferred_lft forever inet6 fe80::98ac:eff:fef3:1a18/64 scope link valid_lft forever preferred_lft forever root@host1:~# ping -c 2 bbox1 # 在主机上无法使用docker dns服务 ping: unknown host bbox1 root@host1:~# ping -c 2 10.32.0.1 # 可以ping通本host上的容器 PING 10.32.0.1 (10.32.0.1) 56(84) bytes of data. 64 bytes from 10.32.0.1: icmp_seq=1 ttl=64 time=0.257 ms 64 bytes from 10.32.0.1: icmp_seq=2 ttl=64 time=0.030 ms --- 10.32.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.030/0.143/0.257/0.114 ms root@host1:~# ping -c 2 10.32.0.2 # 可以ping通本host上的容器 PING 10.32.0.2 (10.32.0.2) 56(84) bytes of data. 64 bytes from 10.32.0.2: icmp_seq=1 ttl=64 time=0.232 ms 64 bytes from 10.32.0.2: icmp_seq=2 ttl=64 time=0.040 ms --- 10.32.0.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.040/0.136/0.232/0.096 ms root@host1:~# ping -c 2 10.44.0 # 可以ping通其他host上的容器 PING 10.44.0 (10.44.0.0) 56(84) bytes of data. 64 bytes from 10.44.0.0: icmp_seq=1 ttl=64 time=1.03 ms 64 bytes from 10.44.0.0: icmp_seq=2 ttl=64 time=0.326 ms --- 10.44.0 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.326/0.680/1.034/0.354 ms

想让非weave主机访问到bbox1、bbox2、bbox3，只需非weave网络的网关指向host1 root@host2:~# docker exec bbox3 ip r # 查看host2上bbox3 IP地址 default via 10.2.44.1 dev eth0 10.2.44.0/24 dev eth0 scope link src 10.2.44.2 10.32.0.0/12 dev ethwe scope link src 10.44.0.0 224.0.0.0/4 dev ethwe scope link root@host2:~# ping -c 2 10.44.0.0 # 在host2上ping bbox3 不通 PING 10.44.0.0 (10.44.0.0) 56(84) bytes of data. --- 10.44.0.0 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1000ms root@host2:~# route add -net 10.32.0.0/12 gw 10.12.31.211 # 添加到weave网络的路由，网关指向host1 root@host2:~# ping -c 2 10.44.0.0 # 测试可以ping通 host2 上的 bbox3 PING 10.44.0.0 (10.44.0.0) 56(84) bytes of data. 64 bytes from 10.44.0.0: icmp_seq=1 ttl=63 time=1.04 ms 64 bytes from 10.44.0.0: icmp_seq=2 ttl=63 time=0.861 ms --- 10.44.0.0 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.861/0.951/1.042/0.095 ms root@host2:~# ping -c 2 10.32.0.1 # 测试可以ping通host1 上的 bbox1 PING 10.32.0.1 (10.32.0.1) 56(84) bytes of data. 64 bytes from 10.32.0.1: icmp_seq=1 ttl=63 time=0.349 ms 64 bytes from 10.32.0.1: icmp_seq=2 ttl=63 time=0.229 ms --- 10.32.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.229/0.289/0.349/0.060 ms root@host2:~# ping -c 2 10.32.0.2 # 测试可以ping通host1 上的 bbox2 PING 10.32.0.2 (10.32.0.2) 56(84) bytes of data. 64 bytes from 10.32.0.2: icmp_seq=1 ttl=63 time=0.287 ms 64 bytes from 10.32.0.2: icmp_seq=2 ttl=63 time=0.172 ms --- 10.32.0.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.172/0.229/0.287/0.059 ms IPAM 10.32.0.0/12 是weave网络使用的默认 subnet ，如果此地址空间与现有IP冲突，可以通过 --ipalloc-range 分配特定的subnet 不过请确保所有host都使用相同的 subnet weave launch --ipalloc-range 10.2.0.0/16