模拟IPIP跨主机通信 · calico

[TOC] ### **目标** 模拟calico的跨主机容器网络通信，架构图如下： ![](https://img.kancloud.cn/ad/e0/ade00a13211fca3a8bd3f800e4b524f6_854x406.png) ### **步骤** 首先，根据上一篇文章的步骤配置好Pod与主机之间的通信。然后，在104主机上执行以下命令： ``` $ modprobe -v ipip $ ip link set tunl0 up $ ip link set tunl0 mtu 1440 $ ip addr add 172.26.104.0/32 dev tunl0 broadcast 172.26.104.0 $ ip route add blackhole 172.26.104.0/24 proto bird $ ip route add 172.26.105.0/24 via 192.168.2.105 dev tunl0 onlink ``` 在105主机上执行以下命令： ``` $ modprobe -v ipip $ ip link set tunl0 up $ ip link set tunl0 mtu 1440 $ ip addr add 172.26.105.0/32 dev tunl0 broadcast 172.26.105.0 $ ip route add blackhole 172.26.105.0/24 proto bird $ ip route add 172.26.104.0/24 via 192.168.2.104 dev tunl0 onlink ``` ### **验证** 然后，我们查看主机的路由与网卡情况，104主机的如下： ``` $ ip route show default via 192.168.2.2 dev ens33 proto static metric 100 blackhole 172.26.104.0/24 proto bird 172.26.104.1 dev cali0001 scope link 172.26.105.0/24 via 192.168.2.105 dev tunl0 onlink 192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.104 metric 100 $ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:6e:a5:50 brd ff:ff:ff:ff:ff:ff inet 192.168.2.104/24 brd 192.168.2.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever 4: cali0001@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default qlen 1000 link/ether 72:15:53:e5:21:ae brd ff:ff:ff:ff:ff:ff link-netnsid 0 6: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0 inet 172.26.104.0/32 brd 172.26.104.0 scope global tunl0 valid_lft forever preferred_lft forever ``` 然后，我们验证一下，从104的pod1 ping一下105的pod1，在104上执行 ``` $ ip netns exec pod1 ping -c 1 172.26.105.1 PING 172.26.105.1 (172.26.105.1) 56(84) bytes of data. 64 bytes from 172.26.105.1: icmp_seq=1 ttl=62 time=3.21 ms --- 172.26.105.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.217/3.217/3.217/0.000 ms ``` ### **Q&A** **Q：IPIP的大致原理是什么？** A： **Q：onlink和scope link有什么区别？** A： ### **参考** * http://www.asznl.com/post/83 * http://www.asznl.com/post/85