编程技术网

关注微信公众号,定时推送前沿、专业、深度的编程技术资料。

 找回密码
 立即注册

QQ登录

只需一步,快速开始

极客时间

docker macvlan-没有路由到主机(容器):docker macvlan - no route to host (container)

Ezz 云计算 2022-5-10 14:48 8人围观

腾讯云服务器
docker macvlan-没有路由到主机(容器)的处理方法

我正在尝试了解"macvlan"网络从码头工人.我创建了一个新网络:

Im trying to understand the "macvlan" network from docker. I create a new network:

docker network create -d macvlan \ --subnet=192.168.2.0/24 \ --gateway=192.168.2.1 \ -o parent=eno1 \ pub_net 

并使用新的网络启动新的容器:

And start new container with the new network:

docker run --rm -d --net=pub_net --ip=192.168.2.74 --name=whoami -t jwilder/whoami 

当我尝试从容器中访问服务或对其进行ping操作时,我会得到:

When i try to access the service from the container or ping it i get:

curl: (7) Failed to connect to 192.168.2.74 port 8000: no route to host 

已在Ubuntu 16.04,Ubuntu 18.04&CentOS的7.从docker主机本身或网络上的其他客户端都无法访问该容器.

Tested with Ubuntu 16.04, Ubuntu 18.04 & CentOS 7. Neither from the docker host itself or other clients on the network can reach the container.

我在码头工人站点上跟踪了此示例: https://docs.docker.com/network/network-tutorial-macvlan/#bridge-example

I followed the example fromt he docker site: https://docs.docker.com/network/network-tutorial-macvlan/#bridge-example

我还缺少什么?

我在此处阅读在Docker macvlan中绑定地址以执行这些命令(不知道如何解决)他们的工作):

I read here Bind address in Docker macvlan to execute these commands (no clue what they do):

sudo ip link add pub_net link eno1 type macvlan mode bridge sudo ip addr add 192.168.2.22/24 dev pub_net 

但这对我的机器没有任何作用

But this does nothing on my machine(s)

问题解答

我认为,主机设计上无法通过macvlan网络访问其自己的容器.我将其留给其他人解释为什么会这样,但是要验证这是您的问题所在,您可以尝试从网络上的另一台主机甚至 192.168.2.74 ping您的容器来自同一主机上的另一个容器或虚拟机.如果您可以从其他计算机而不是主机访问容器,则一切正常.

I believe it is by design that host cannot reach its own containers through a macvlan network. I leave it to others to explain why exactly this is so, but to verify that this is where your problem lies, you can try to ping your container at 192.168.2.74 from another host on the network or even from another container or vm on the same host. If you can reach the container from other machines but not from the host, everything is working as it should.

根据此博客文章,您仍然可以通过在主机 sub -接口上创建macvlan接口,然后在主机中创建macvlan接口,以允许其访问容器的macvlan,来允许主机与容器的通信.在里面.

According to this blog post, you can nevertheless allow for host-container communication by creating a macvlan interface on the host sub-interface and then create a macvlan interface in host in order to let it access the macvlan that the container is in.

我自己还没有尝试过,我不确定确切的结果,所以我引用了

I have not tried this myself yet and I'm not sure about the exact consequences, so I quote the instructions from the blog post here so that others can add to it where necessary:

在主机子接口上创建一个macvlan接口:

Create a macvlan interface on host sub-interface:

docker network create -d macvlan \ –subnet=192.168.0.0/16 \ –ip-range=192.168.2.0/24 \ -o macvlan_mode=bridge \ -o parent=eth2.70 macvlan70 

在该macvlan界面上创建容器:

Create container on that macvlan interface:

docker run -d –net=macvlan70 –name nginx nginx 

找到容器的IP地址:

docker inspect nginx | grep IPAddress "SecondaryIPAddresses": null, "IPAddress": "", "IPAddress": "192.168.2.1", 

目前,我们无法从主机ping容器IP"192.168.2.1".

At this point, we cannot ping container IP "192.168.2.1" from host machine.

现在,让我们在同一网络中的地址为"192.168.2.10"的主机中创建macvlan接口.

Now, let’s create macvlan interface in host with address "192.168.2.10" in same network.

sudo ip link add mymacvlan70 link eth2.70 type macvlan mode bridge sudo ip addr add 192.168.2.10/24 dev mymacvlan70 sudo ifconfig mymacvlan70 up 

现在,我们应该能够ping通容器IP并从主机访问"nginx"容器.

Now, we should be able to ping the Container IP as well as access "nginx" container from host machine.

$ ping -c1 192.168.2.1 PING 192.168.2.1 (192.168.2.1): 56 data bytes 64 bytes from 192.168.2.1: seq=0 ttl=64 time=0.112 ms — 192.168.2.1 ping statistics — 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.112/0.112/0.112 ms 

这篇关于docker macvlan-没有路由到主机(容器)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程技术网(www.editcode.net)!

腾讯云服务器 阿里云服务器
关注微信
^