Detailed explanation of direct routing mode in cross host communication of Docker container

Overview

As far as the default network of Docker itself is concerned, Different Docker containers on a single host can communicate directly via the docker0 bridge, There is nothing wrong with this, and Docker containers on different hosts can only communicate with each other by mapping ports on the hosts. Sometimes this way is very inconvenient and even can not meet our requirements. Therefore, it is necessary for Docker containers located on different physical machines to communicate directly with their own IP addresses. Furthermore, if the Docker container is located on different physical hosts, we will inevitably encounter the cross-host communication problem of the Docker container. This article will try 1.

Principle analysis of scheme

Because the container's IP is used for routing, it is necessary to avoid containers on different hosts using the same IP, so we should assign different subnets to different hosts to ensure that. So we construct a routing scheme for communication between two containers under 1.

Environmental introduction:

 Host 1 Adj. IP The address is: 192.168.145.128
 Host 2 Adj. IP The address is: 192.168.145.129
 For the host 1 Above Docker Subnets assigned by the container: 172.17.1.0/24
 For the host 2 Above Docker Subnets assigned by the container: 172.17.2.0/24
 After this configuration, the Docker Container will definitely not use the same IP Address, thus avoiding IP Conflict. 

 To sum up, the delivery process of packets between two containers is as follows: 
 From container1  Send to  container2  Is sent first to the container1 "Gateway" of docker0 And then find the host 1 The route of knows that the packet needs to be sent to the host 2 The packet arrives at the host 2 And then forward it to the host 2 Adj. docker0 Which eventually transfers the packet to the container2 Medium; The reverse principle is the same, so it will not be repeated here. 

1. Configure docker0 on Host 1 and Host 2, respectively

 Edit host 1 Above  /etc/docker/daemon.json  File, add content: "bip" : "ip/netmask"
{ "bip", "172.17.1.252/24" }

 Edit host 2 Above  /etc/docker/daemon.json  File, add content: "bip" : "ip/netmask"
{ "bip", "172.17.2.252/24" }

 Restart docker Services 
 Host 1 And host 2 Execute the following command to restart docker Service to make the modified docker0 Network segment effective 
systemctl restart docker

2. Add routing rules

 Host 1 Add the following routing rules on: 
route add -net 172.17.2.0 netmask 255.255.255.0 gw 192.168.145.129

 Host 2 Add the following routing rules on: 
route add -net 172.17.1.0 netmask 255.255.255.0 gw 192.168.145.128

3. Configure iptables rules

 Host 1 Add the following rules to: 
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 ! -d 172.17.0.0/16 -j MASQUERADE

 Host 2 Add the following rules to: 
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 172.17.2.0/24 ! -d 172.17.0.0/16 -j MASQUERADE

4. Start the container

 Host 1 Start up centos Container: 
docker run -it --name container1 centos /bin/bash

 Host 2 Start up centos Container: 
docker run -it --name container2 centos /bin/bash

Ok, now the two containers can communicate with each other ping.

5. Route persistence (to prevent host restart route loss)

root@rancher:~# vi /etc/rc.local

 To add routing information, remember to write to exit Before! ! ! : 
route add -net 172.17.2.0 netmask 255.255.255.0 gw 192.168.102.88

The above is all about Docker container cross-host communication knowledge points, thank you for learning and support for this site.