使用macVLAN网络模式的容器连通性和延迟的测试

创建docker及其macVLAN网络环境

准备

• 使用VMWARE创建两台虚拟机，master : 192.168.91.133.，node : 192.168.91.134

• 在两台虚拟机中安装docker，配置docker加速仓库

  国内可使用阿里云加速仓库：https://dev.aliyun.com/search.html
  登陆后，在加速器中可以看到自己的加速地址
  然后配置两个虚拟机的docker文件

  sudo tee /etc/docker/daemon.json <<-'EOF'
  {
    "registry-mirrors": ["https:// [ YOUR OWN CODE ].mirror.aliyuncs.com"]
  }
  EOF
  sudo systemctl daemon-reload
  sudo systemctl restart docker

• 下载docker镜像

[root@master docker]# docker pull docker.io/busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ... 
latest: Pulling from docker.io/library/busybox
1cae461a1479: Pull complete 
Digest: sha256:c79345819a6882c31b41bc771d9a94fc52872fa651b36771fbe0c8461d7ee558
[root@master docker]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker.io/busybox   latest              c75bebcdd211        2 weeks ago         1.106 MB

创建macVLAN网络

• 设置master和node的网络类型为混杂模式

[root@master ~]# ip link set ens33 promisc on
[root@master ~]# ifconfig ens33
ens33: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 192.168.91.133  netmask 255.255.255.0  broadcast 192.168.91.255
        inet6 fe80::1e97:b457:c2a8:10b2  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:b7:61:15  txqueuelen 1000  (Ethernet)
        RX packets 180518  bytes 211043955 (201.2 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 22461  bytes 2168198 (2.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node ~]# ip link set ens33 promisc on
[root@node ~]# ifconfig ens33
ens33: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 192.168.91.134  netmask 255.255.255.0  broadcast 192.168.91.255
        inet6 fe80::1e97:b457:c2a8:10b2  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:b7:61:15  txqueuelen 1000  (Ethernet)
        RX packets 180518  bytes 211043955 (201.2 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 22461  bytes 2168198 (2.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

• 分别创建docker网络，macvlan模式采用bridge

[root@node ~]# docker network create -d macvlan --subnet 192.168.91.0/24 --gateway 192.168.91.2 -o parent=ens33 -o macvlan_mode=bridge macnet
acbe125bd16f97d3922294ed5c2bc9b76b1036ee2c0274d7b1af90b988574525
[root@node ~]# docker network list
NETWORK ID          NAME                DRIVER              SCOPE
2ca267d05a8d        bridge              bridge              local               
19abb1689b41        host                host                local               
acbe125bd16f        macnet              macvlan             local               
4bcffff15284        none                null                local      

[root@master docker]# docker network create -d macvlan --subnet 192.168.91.0/24 --gateway 192.168.91.2 -o parent=ens33 -o macvlan_mode=bridge macnet
35551f92a13aeb061b3fb78a23c079651c3de1753c9fe486f39037f50c0968aa
[root@master ~]# docker network list
NETWORK ID          NAME                DRIVER              SCOPE
fa248c027d7f        bridge              bridge              local               
e3cd0c7dd8c2        host                host                local               
35551f92a13a        macnet              macvlan             local               
313e639a0dde        none                null                local               

创建容器

在master上创建c1 : 192.168.91.100 , c2 : 192.168.91.101

在node上创建c3 : 192.168.91.102 , c4 : 192.168.91.103

[root@master docker]# docker run -id --net macnet --ip 192.168.91.101 --name c2 docker.io/busybox sh
6c147982a1b2c90bef61758db9de3f4caaa718ab1df8e2648ae06706704c0a08
[root@master docker]# docker run -id --net macnet --ip 192.168.91.100 --name c1 docker.io/busybox sh
b94eef6f4ae9ec64b9de9ed6396e4c1be17dac1503671e22ffdfee4b80511f04
[root@master docker]# docker exec c1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
7: eth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:c0:a8:5b:64 brd ff:ff:ff:ff:ff:ff
    inet 192.168.91.100/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:c0ff:fea8:5b64/64 scope link 
       valid_lft forever preferred_lft forever

测试是否work

[root@master ~]# docker exec c1 ping c1
PING c1 (192.168.91.100): 56 data bytes
64 bytes from 192.168.91.100: seq=0 ttl=64 time=0.091 ms
64 bytes from 192.168.91.100: seq=1 ttl=64 time=0.134 ms
64 bytes from 192.168.91.100: seq=2 ttl=64 time=0.143 ms

说明容器可以联通自己的IP地址，工作正常

联通性测试

背景

为了弄明白采用macVLAN网络模式的容器对外、对自己联通性如何，在c1上分别ping其他IP, 然后在master上也进行相同测试

结果

	192.2(网关)	c1(容器名称)	192.100(c1的IP)	192.133(master)	192.134(node)	c2	192.101(c2的IP)	c3(不同宿主机容器名)	192.102(c3的IP)
c1	√	√	√	×	√	√	√	×	√

	192.2(网关)	192.100(c1的IP)	192.134(node)	192.102(c3的IP,跨主机容器)
master	√	×	√	√

延迟

背景

为了大致验证容器使用macVLAN后，从容器出发的数据包相比裸机直接通讯具有多少延迟，做此测试。

先测试从master到node的平均延迟：

	node
master	0.426ms

结果

	c1	c2(同宿主机)	node	c3(不同宿主机)
c1	0.174ms	0.185ms	0.731ms	0.771ms

结论

• 使用macVLAN模式的容器，==无法ping通宿主机==，==宿主机也无法ping通该容器==。对其他服务器和所有的容器都可以联通。
• 相比宿主机的通讯延迟，从c1到c3的延迟有所增加(==本测试增加了0.35ms==)