Docker 网络(十四)——Weave for Docker
14 Weave for Docker
Weave 是由Weaveworks针对Docker网络管理开发的,类似于Flannel, Calico 和 Docker重叠网络。Weave处理Docker多主机网络并且管理Docker不同主机上的网络合并,跟另外三种方案相比,weave提供更多特性和选择。
Weave简介
Weave创建一个虚拟网络,跨多台主机连接Docker。在不同主机上的Docker能够互相通信,跟在同一个局域网中一样,在这个局域网中也支持广播。除此之外Docker能够通过主机名互相发现,通过执行Weave DNS发现模块实现,在其它多主机网络解决方案中是不支持的。
Weave也能穿越防火墙并在部署连接的网络中操作。数据包通过最短路径传输到目标主机容器,即使这台主机隐藏在防火墙后,并且发送者主机不能直接访问目标主机。流量也能够被加密,允许主机穿过不受信的网络建立连接。
Weave和Docker可以运行在单主机或重叠网络上,所以在Docker中Weave需要一块独立的网卡,在主机上的weave虚拟网卡能抓取到来自Docker的所有数据包。
安装和配置
环境准备
两台或多台主机(虚机或实机)需要通过weave安装Docker集群,这里使用两台主机(node1:192.168.56.10, node2:192.168.56.20),Ubuntu 14.04
安装和运行Weave集群
$ sudo curl -L git.io/weave -o /usr/local/bin/weave
$ sudo chmod a+x /usr/local/bin/weave启动weave
在Node1执行
ubuntu@node1:~$ weave launch
Unable to find image 'weaveworks/weaveexec:1.5.2' locally
1.5.2: Pulling from weaveworks/weaveexec
8f4ec95ceaee: Pull complete
5086797bdfc4: Pull complete
ubuntu@node1:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37e243f51bae weaveworks/plugin:1.5.2 "/home/weave/plugin" 6 minutes ago Up 6 minutes weaveplugin
bbf3f64f393e weaveworks/weaveexec:1.5.2 "/home/weave/weavepro" 7 minutes ago Up 7 minutes weaveproxy
a40b1d775928 weaveworks/weave:1.5.2 "/home/weave/weaver -" 7 minutes ago Up 7 minutes weaveNode2
ubuntu@node2:~$ weave launch 192.168.56.10
Unable to find image 'weaveworks/weaveexec:1.5.2' locally
1.5.2: Pulling from weaveworks/weaveexec
8f4ec95ceaee: Pull complete
ubuntu@node2:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e6f27a170b85 weaveworks/plugin:1.5.2 "/home/weave/plugin" 22 seconds ago Up 21 seconds weaveplugin
e747b8ae3e97 weaveworks/weaveexec:1.5.2 "/home/weave/weavepro" 57 seconds ago Up 56 seconds weaveproxy
3666205a9380 weaveworks/weave:1.5.2 "/home/weave/weaver -" 58 seconds ago Up 57 seconds weave检查Weave集群状态
ubuntu@node1:~$ weave status connections
<- 192.168.56.20:38183 established fastdp 4e:55:70:61:4d:57(node2)运行Docker
Weave集群启动后,我们就可以在两台节点上运行Docker了
ubuntu@node1:~$ weave run -itd --name=worker-1 ubuntu:14
ubuntu@node2:~$ weave run -itd --name=worker-2 ubuntu:14检查网络
ubuntu@node1:~$ docker exec worker-1 ping worker-2
PING worker-2.weave.local (10.40.0.1) 56(84) bytes of data.
64 bytes from worker-2.weave.local (10.40.0.1): icmp_seq=1 ttl=64 time=2.81 ms
64 bytes from worker-2.weave.local (10.40.0.1): icmp_seq=2 ttl=64 time=0.913 ms简单性能测试
在同一台主机
root@worker-3:/# iperf -c worker-1
------------------------------------------------------------
Client connecting to worker-1, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.32.0.2 port 59915 connected with 10.32.0.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 15.1 GBytes 13.0 Gbits/sec在不同主机
root@worker-2:/# iperf -c worker-1
------------------------------------------------------------
Client connecting to worker-1, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.40.0.1 port 53319 connected with 10.32.0.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 392 MBytes 329 Mbits/sec
