This article describes how to use Open vSwitch to provide network support for Docker 1.9.0 and later. Make sure you have compiled as install. md or installed Open vSwitch through the package manager.

Docker has cross-host networking support since version 1.9.0. By integrating Docker and Open vSwitch, the Open vSwitch Virtual Network (OVN) can be used for interconnection.

The installation

To implement Docker’s cross-host network using OVN, Docker must specify a distributed key-value storage service when starting up. For example, if you plan to use Consul as key-value storage, use the following parameters when starting Docker Daemon:

Docker daemon --cluster-store=consul://127.0.0.1:8500 \ --cluster-advertise=$HOST_IP:0Copy the code

$HOST_IP is the local IP address of your host.

OVN provides a virtualized network for containers. Currently, OVN and Docker can be integrated in two ways: “Underlay” mode and “Overlay” mode.

In “underlay” mode, OVN relies on OpenStack to provide networking for containers. In this mode, users can connect containers, independent VMS (without any containers), and physical machines to the same logical network. This is a multi-tenant, multi-host solution.

In “Overlay” mode, OVN can be used to create inter-container networks across hosts. This pattern is a single-tenant (which can of course scale to multi-tenant without additional network isolation), multi-host solution. This mode is independent of OpenStack.

In either mode, Open vSwitch must be installed on all container hosts in order for containers to use OVN.

Overlay mode

Using OVN’s “Overlay” mode requires a minimum Open vSwitch version of 2.5.

Initializing the central node In OVN’s architecture, a central node is required to store network definitions. Select one of the machines to be deployed as the central node. The IP address is $CENTRAL_IP.

Run the following command to start ovsdb-server and listen on TCP port 6640:

ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640
Copy the code

Start the ovN-Northd waiting process, which is used to synchronize the Docker network definitions stored in OVN_Northbound to OVN_Southbound:

/usr/share/openvswitch/scripts/ovn-ctl start_northd
Copy the code

Initialize each node (only once) The following procedure is performed only once on each machine on which you need to start the container (unless the OVS database has been emptied and any other empties performed multiple times will cause problems).

In the following command,

LOCAL_IP refers to the IP address accessible to the host through which OVS will communicate with other hosts.

LOCALIP refers to the IP address accessible to the host through which OVS will communicate with other hosts. ENCAP_TYPE Indicates the channel type. Currently the options are “Geneve” and “STT”. Note that your host kernel must support the kernel of your choice

ENCAP_TYPE type. Both types are included by default in the Open vSwitch kernel module. If your Open vSwitch kernel module comes from an upstream Linux distribution, the minimum kernel version geneve supports is 3.18. The kernel modules in the distribution do not support STT. You can use the lsmod | grep

ENCAPTYPE type. Both types are included by default in the OpenvSwitch kernel module. If your OpenvSwitch kernel module comes from an upstream Linux distribution, the minimum kernel version geneve supports is 3.18. The kernel modules in the distribution do not support STT. You can check with lsmod∣grepENCAP_TYPE to see if the corresponding schema is supported.

ovs-vsctl set Open_vSwitch . external_ids:ovn-remote="tcp:$CENTRAL_IP:6640" \
external_ids:ovn-encap-ip=$LOCAL_IP external_ids:ovn-encap-type="$ENCAP_TYPE"
Copy the code

Finally, start ovN-Controller, remember to add the startup command to the system startup script.

/usr/share/openvswitch/scripts/ovn-ctl start_controller
Copy the code

By default, Docker uses the Linux Bridge as the network driver, although it supports other external drivers. In order for Docker to use Open vSwitch, you need to start the Open vSwitch driver.

The Open vSwitch driver uses Python’s Flask module to listen for Docker network API calls. So if you don’t have Flask installed on your host, install it using the following command:

easy_install -U pip
pip install Flask
Copy the code

Execute the following command to start the driver on all machines that are going to run the Docker container: ovN-Docker-overlay-driver –detach

Docker built-in network and OVN network concept is very consistent, please refer to Docker documentation for a more comprehensive command guide, here is just a simple example.

Create a logical switch Use the following command to create a logical switch named foo with a subnet of 192.168.1.0/24.

NID= 'docker network create -d openVSwitch --subnet=192.168.1.0/24 foo'Copy the code

You can also view logical switches in OVN’s Northbound database by using the following command:

ovn-nbctl --db=tcp:$CENTRAL_IP:6640 lswitch-list
Copy the code

To connect a Docker container to a logical switch for example, to connect a Busybox container to a logical network foo, simply execute:

docker run -itd --net=foo --name=busybox busybox
Copy the code

Docker does not currently provide commands to list switch ports, so you can query the OVN database directly to find out:

ovn-nbctl --db=tcp:$CENTRAL_IP:6640 lport-list $NID
Copy the code

Create logical switches and connect running containers

Docker network create -d openVswitch --subnet=192.168.2.0/24 bar Docker network connect bar busyboxCopy the code

You can disconnect the container from the logical switch by running the following command: docker network Disconnect bar busybox

Example Delete the Docker network RM bar of a logical switch

Underlay Mode This mode requires OpenStack to be installed and running in advance.

To initialize each node (only once), OpenStack tenants create VMS with one or more network ports in their network. The tenant needs to obtain the port ID (port-ID) of the host. To obtain the ID of the network port connected to the VM, run the nova list command

Run the neutron port-list –device_id=$ID command

On the VM, download the OpenStack RC file (‘ openrc.sh ‘) containing tenant information. Edit and add the previously obtained port ID information to this file, for example:

#! / bin/bash export OS_AUTH_URL = http://10.33.75.122:5000/v2.0 export OS_TENANT_ID = fab106b215d943c3bad519492278443d export OS_TENANT_NAME="demo" export OS_USERNAME="demo" export OS_VIF_ID=e798c371-85f4-4f2d-ad65-d09dd1d3c1c9Copy the code

Create an Open vSwitch bridge if your virtual machine has only one network card (such as’ eth0 ‘), you create a bridge named Breth0 and transfer all IP and routing information from eth0 to the bridge. (If you have multiple network cards, you need to do this on the one you want to send network traffic to.)

If you use the DHCP service to obtain an IP address, you need to first stop the DHCP client listening on the physical network card (such as eth0), and then start listening on the newly created bridge (such as Breth0).

Depending on your virtual machine, you’ll need to set this up in your startup script.

For example, if your VM is running Debian/Ubuntu, see OpenVswitch-switch.readme. Debian. If the VM runs RHEL, see ReadMe. RHEL.

The Open vSwitch network driver uses Python’s flask module to listen for Docker network API calls, as well as OpenStack’s Python-NeutronClient library. If you haven’t already installed them, please install them first:

easy_install -U pip
pip install python-neutronclient
pip install Flask
Copy the code

Run the openrc file.. /openrc.sh

Start the network driver and provide your OpenStack tenant password when asked:

ovn-docker-underlay-driver --bridge breth0 --detach
Copy the code

Next, you can use Docker using the commands described above in Overlay mode.