Docker containers communicate directly through routing to achieve network communication

Overview

As for the current default network of Docker itself, different Docker containers on a single host can communicate directly with the help of the docker0 bridge, which is fine. However, Docker containers on different hosts can only communicate by mapping ports on the host. Sometimes this method is inconvenient and may not even meet our requirements. Therefore, it is necessary for Docker containers on different physical machines to communicate directly using their own IP addresses. Furthermore, if we start Docker containers on different physical hosts, we will inevitably encounter cross-host communication problems of Docker containers. Let’s try it in this article.

How can the Docker containers on the two hosts communicate directly through IP addresses at this time?

One solution that comes to mind is to enable direct communication between two centos containers by adding routes in their respective hosts.

Analysis of the scheme principle

Since the container's IP is used for routing, it is necessary to avoid containers on different hosts using the same IP. To this end, we should assign different subnets to different hosts to ensure this. So we construct a routing solution for communication between two containers, as shown in the following figure.

The configurations are as follows:

• The IP address of Host 1 is: 192.168.18.162
• The IP address of Host 2 is: 192.168.18.141
• Subnet assigned to Docker containers on Host 1: 192.168.100.0/24
• Subnet assigned to Docker containers on Host 2: 192.168.200.0/24

After this configuration, the Docker containers on the two hosts will definitely not use the same IP address, thus avoiding IP conflicts.

Next, we define two routing rules:

• All packets with a destination address of 192.168.100.0/24 are forwarded to host 1
• All packets with a destination address of 192.168.200.0/24 are forwarded to Host 2

To summarize, the data packet transmission process between two containers is as follows:

• The data packet sent from container1 to container2 is first sent to the "gateway" docker0 of container1, and then by looking up the route of host 1, it is known that the data packet needs to be sent to host 2. After the data packet arrives at host 2, it is forwarded to docker0 of host 2, and finally it is transferred to container2; the reverse principle is the same and will not be repeated.

This is what we have in mind. Let's put it into practice to see if it is feasible.

Actual test

• 1. Configure docker0 on host 1 and host 2 respectively

Edit the /etc/docker/daemon.json file on host 1 and add the following content: "bip": "ip/netmask"

{ "bip":"192.168.100.252/24" }

Edit the /etc/docker/daemon.json file on host 2 and add the following content: "bip": "ip/netmask"

{ "bip":"192.168.200.252/24" }

• 2. Restart the docker service

Run the following command on both host 1 and host 2 to restart the docker service to make the modified docker0 network segment take effect

systemctl restart docker

• 3. Add routing rules

Add routing rules on host 1 as follows:

route add -net 192.168.200.0 netmask 255.255.255.0 gw 192.168.18.141

Add routing rules on host 2 as follows:

route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.18.162

• 4. Configure iptables rules

Add the following rules on host 1:

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 ! -d 192.168.0.0/16 -j MASQUERADE

Add the following rules on host 2:

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 ! -d 192.168.0.0/16 -j MASQUERADE

• 5. Start the container

Start the centos container on host 1:

docker run -it --name container1 centos /bin/bash

Start the centos container on host 2:

docker run -it --name container2 centos /bin/bash

• Install ifconfig on both machines and check the container's IP address using the command:

[root@695ba390d221 /]# yum search ifconfig
[root@695ba390d221 /]# yum install net-tools.x86_64

Container ip address on host 1:

Container ip on host 2:

• 6. Direct communication between containers

OK, now the two containers can ping each other.

Ping on host 1:

Ping on host 2:

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM. If you want to learn more about this, please check out the following links