Ipvlan enables communication between containers and nodes

Environmental information

Two nodes: 192.168.25.129 and 192.168.49.101

configuration

Start configuration on node 192.168.25.129:

ip netns add net1

ip netns add net2

ip link add ipv1 link eth0 type ipvlan mode l3

ip link add ipv2 link eth0 type ipvlan mode l3

ip link set ipv1 netns net1

ip link set ipv2 netns net2

ip netns exec net1 ip link set ipv1 up

ip netns exec net2 ip link set ipv2 up

IP netns exec net1 IP addr add 100.200.25.100/24 dev ipv1

IP netns exec net2 IP addr add 200.100.25.100/24 dev ipv2

ip netns exec net1 ip route add default dev ipv1

ip netns exec net2 ip route add default dev ipv2

After the configuration, Net1 can ping Net2, but cannot access the host.

Use veTH-pair to communicate with the host:

ip link add veth1 type veth peer name veth1-peer

ip link set veth1-peer netns net1

ip netns exec net1 ip link set veth1-peer up

ip link set veth1 up

IP route add 100.200.25.100/32 dev veth1

IP netns exec net1 IP route add 192.168.25.129/32 dev veth1-peer

The host and Net1 can communicate with each other by configuring the directional route and VETH pair. However, Net1 cannot access other hosts. You can modify the route and iptable to implement the following:

Iptables -t NAT -A POSTROUTING -s 100.200.25.100/24 -j MASQUERADE

IP netns exec net1 IP route add 192.168.49.0/24 via 192.168.25.129 dev veth1-peer

After the configuration, Net1 can access another host 192.168.49.101.

Ipvlan enables communication between containers and nodes

Environmental information

configuration

Related Posts

One Linux command per day (35) : the top command

Unsupported major. Minor version 51.0,

HTTPS must know must know