环境说明
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 7c:83:34:bc:e0:c2 brd ff:ff:ff:ff:ff:ffinet 10.5.1.33/24 brd 10.5.1.255 scope global dynamic bond0
宿主机配置
变量配置
eth=bond0 # 宿主机网卡名称subnet=10.5.1.0/24 # 宿主机IP网段host_ip=10.5.1.33/32 # 宿主机IP地址gateway=10.5.1.1 # 宿主机网关container_ip1=10.5.1.201 # 容器1 IPcontainer_ip2=10.5.1.202 # 容器2 IPdocker_macvlan_name=macvlan0 # Docker新建MacVlan网络名称host_macvlan_name=bond0s
下面命令均通过变量实现,方便理解语法
推荐提前通过变量设置好,后面直接复制粘贴,不需要修改任何内容
开启混杂模式
首先执行下面的命令查看网卡是否开启混杂模式
ip address show ${eth} | grep PROMISC
如果有输出就是开启了,例如
root@EQ12-Debian:~# ip address show${eth} | grep PROMISC4: bond0: <BROADCAST,MULTICAST,PROMISC,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
如果没有开启,可以使用下面的命令打开
ip link set ${eth} promisc on
开启路由转发
echo -e "net.ipv4.ip_forward=1\nvm.max_map_count=655360" > /etc/sysctl.conf;sysctl -p
Docker配置
网络创建
docker network create --driver macvlan --subnet=${subnet} --gateway=${gateway} -o parent=${eth} ${docker_macvlan_name}
创建容器
docker run -tid --name ubuntu --net=${docker_macvlan_name} --ip=${container_ip1} liuyi778/ubuntu-22.04_pip3 /bin/bash
docker run -tid --name ubuntu2 --net=${docker_macvlan_name} --ip=${container_ip2} liuyi778/ubuntu-22.04_pip3 /bin/bash
路由配置
ip link add ${host_macvlan_name} link ${eth} type macvlan mode bridgeip addr add ${ip} dev ${name}ip link set ${host_macvlan_name} upip route add ${container_ip1} dev ${host_macvlan_name}ip route add ${container_ip2} dev ${host_macvlan_name}
实践操作
root@EQ12-Debian:~# eth=bond0 # 宿主机网卡名称subnet=10.5.1.0/24 # 宿主机IP网段host_ip=10.5.1.33/32 # 宿主机IP地址gateway=10.5.1.1 # 宿主机网关container_ip1=10.5.1.201 # 容器1 IPcontainer_ip2=10.5.1.202 # 容器2 IPdocker_macvlan_name=macvlan0 # Docker新建MacVlan网络名称host_macvlan_name=bond0sroot@EQ12-Debian:~# root@EQ12-Debian:~# ip address show ${eth} | grep PROMISC4: bond0: <BROADCAST,MULTICAST,PROMISC,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000root@EQ12-Debian:~# echo -e "net.ipv4.ip_forward=1\nvm.max_map_count=655360" > /etc/sysctl.conf;sysctl -pnet.ipv4.ip_forward = 1vm.max_map_count = 655360root@EQ12-Debian:~# docker network lsNETWORK ID NAMEDRIVERSCOPE61f710e81024 bridgebridgelocal91c66270dbaf data_halo_network bridgelocal1f6d72d10049 hosthostlocald5efc9813726 nonenulllocalroot@EQ12-Debian:~# docker network create --driver macvlan --subnet=${subnet} --gateway=${gateway} -o parent=${eth} ${docker_macvlan_name}6ca2023e3224149530b4a6653055135fa6a40af94b7de4ad6e8ecd4ab452e432root@EQ12-Debian:~# docker run -tid --name ubuntu --net=${docker_macvlan_name} --ip=${container_ip1} liuyi778/ubuntu-22.04_pip3 /bin/bashf0b8195e949892ae91d974da55fcc33d88e0bb9eb0f571c688bbd28cc6493ccfroot@EQ12-Debian:~# docker run -tid --name ubuntu2 --net=${docker_macvlan_name} --ip=${container_ip2} liuyi778/ubuntu-22.04_pip3 /bin/bash995e585e4d83272e4a36dc7c39e1e8178d0bfe5c222671eb003a09b05e336ee6root@EQ12-Debian:~# ip link add ${host_macvlan_name} link ${eth} type macvlan mode bridgeip addr add ${ip} dev ${name}ip link set ${host_macvlan_name} upip route add ${container_ip1} dev ${host_macvlan_name}ip route add ${container_ip2} dev ${host_macvlan_name}Command line is not complete. Try option "help"root@EQ12-Debian:~# docker exec -ti ubuntuubuntu ubuntu2root@EQ12-Debian:~# docker exec -ti ubuntu /bin/bashroot@f0b8195e9498:~# apt install net-toolsReading package lists... DoneBuilding dependency tree... DoneReading state information... DoneThe following NEW packages will be installed:net-tools0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.Need to get 204 kB of archives.After this operation, 819 kB of additional disk space will be used.Get:1 http://mirrors.tencent.com/ubuntu jammy/main amd64 net-tools amd64 1.60+git20181103.0eebece-1ubuntu5 [204 kB]Fetched 204 kB in 0s (928 kB/s)debconf: delaying package configuration, since apt-utils is not installedSelecting previously unselected package net-tools.(Reading database ... 18038 files and directories currently installed.)Preparing to unpack .../net-tools_1.60+git20181103.0eebece-1ubuntu5_amd64.deb ...Unpacking net-tools (1.60+git20181103.0eebece-1ubuntu5) ...Setting up net-tools (1.60+git20181103.0eebece-1ubuntu5) ...root@f0b8195e9498:~# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500inet 10.5.1.201netmask 255.255.255.0broadcast 10.5.1.255ether 02:42:0a:05:01:c9txqueuelen 0(Ethernet)RX packets 74bytes 209395 (209.3 KB)RX errors 0dropped 0overruns 0frame 0TX packets 55bytes 3258 (3.2 KB)TX errors 0dropped 0 overruns 0carrier 0collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>mtu 65536inet 127.0.0.1netmask 255.0.0.0looptxqueuelen 1000(Local Loopback)RX packets 4bytes 597 (597.0 B)RX errors 0dropped 0overruns 0frame 0TX packets 4bytes 597 (597.0 B)TX errors 0dropped 0 overruns 0carrier 0collisions 0root@f0b8195e9498:~# exitroot@EQ12-Debian:~# ping10.5.1.201PING 10.5.1.201 (10.5.1.201) 56(84) bytes of data.64 bytes from 10.5.1.201: icmp_seq=1 ttl=64 time=0.150 ms64 bytes from 10.5.1.201: icmp_seq=2 ttl=64 time=0.046 ms64 bytes from 10.5.1.201: icmp_seq=3 ttl=64 time=0.050 ms64 bytes from 10.5.1.201: icmp_seq=4 ttl=64 time=0.055 ms^C--- 10.5.1.201 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3002msrtt min/avg/max/mdev = 0.046/0.075/0.150/0.043 msroot@EQ12-Debian:~#