Docker Overlay網絡的MTU

時間  2019-11-11
標籤 docker overlay 網絡 mtu 欄目 Docker 简体版
原文   原文鏈接

原文地址git

Docker Daemon生產環境配置提到了MTU設置,可是這只是針對於名爲bridge的docker bridge network,對於overlay network是無效的。github

若是docker host machine的網卡MTU爲1500,則不須要此步驟docker

設置ingressdocker_gwbridge的MTU

如下步驟得在swarm init或join以前作segmentfault

假設你有三個機器,manager、worker-一、worker-2,準備搞一個Docker swarm集羣bash

1) [manager] docker swarm initapp

2) [manager] 得到docker_gwbridge的參數,注意Subnetoop

$ docker network inspect docker_gwbridge
[
    {
        "Name": "docker_gwbridge",
        ...
        "IPAM": {
            ...
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    ...
                }
            ]
        },
        ...
    }
]

3) [manager] docker swarm leave --forcepost

4) [manager] 停掉docker sudo systemctl stop docker.service.net

5) [manager] 刪掉虛擬網卡docker_gwbridgecode

$ sudo ip link set docker_gwbridge down
$ sudo ip link del dev docker_gwbridge

6) [manager] 啓動docker sudo systemctl start docker.service

7) [manager] 重建docker_gwbridge

記得設置以前獲得的Subnet參數和正確的MTU值

$ docker network rm docker_gwbridge
$ docker network create \
  --subnet 172.18.0.0/16 \
  --opt com.docker.network.bridge.name=docker_gwbridge \
  --opt com.docker.network.bridge.enable_icc=false \
  --opt com.docker.network.bridge.enable_ip_masquerade=true \
  --opt com.docker.network.driver.mtu=1450 \
  docker_gwbridge

再到worker-1和worker-2上執行相同的命令。

8) [manager] docker swarm init

9) [manager] 先觀察ingress network的參數,注意SubnetGateway

$ docker network inspect ingress
[
    {
        "Name": "ingress",
        ...
        "IPAM": {
            ...
            "Config": [
                {
                    "Subnet": "10.255.0.0/16",
                    "Gateway": "10.255.0.1"
                }
            ]
        },
        ...
    }
]

10) [manager] 刪除ingress network,docker network rm ingress

11) [manager] 從新建立ingress network,記得填寫以前獲得的SubnetGateway,以及正確的MTU值:

$ docker network create \
  --driver overlay \
  --ingress \
  --subnet=10.255.0.0/16 \
  --gateway=10.255.0.1 \
  --opt com.docker.network.driver.mtu=1450 \
  ingress

12) [worker-1] [worker-2] join docker swarm join ...

注意:新機器在join到swarm以前,得先執行第7步

驗證:

1) 啓動一個swarm service,docker service create -td --name busybox busybox

2) 觀察虛擬網卡

發現MTU都是1450:

$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether fa:16:3e:71:09:f5 brd ff:ff:ff:ff:ff:ff
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:42:6b:de:95:71 brd ff:ff:ff:ff:ff:ff
298: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:42:ae:7b:cd:b4 brd ff:ff:ff:ff:ff:ff
309: veth7e0f9e5@if308: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default
    link/ether 16:ca:8f:c7:d3:7f brd ff:ff:ff:ff:ff:ff link-netnsid 1
311: vethcb94fec@if310: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP mode DEFAULT group default
    link/ether 9a:aa:de:7b:4f:d4 brd ff:ff:ff:ff:ff:ff link-netnsid 2

3) 觀察容器內網卡

網卡MTU也是1450:

$ docker exec b.1.pdsdgghzyy5rhqkk5et59qa3o ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
310: eth0@if311: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff

自建overlay network的MTU

方法一:在docker compose file設置

...

networks:                                
  my-overlay:                               
    driver: bridge                       
    driver_opts:                         
      com.docker.network.driver.mtu: 1450

不過這樣很差,由於這樣就把docker compose file的內容和生產環境綁定了,換了個環境這個MTU值未必合適。

方法二:外部建立時設置

docker network create \
  -d overlay \
  --opt com.docker.network.driver.mtu=1450 \
  --attachable \
  my-overlay

用法:

  1. 在docker compose file裏這樣用:

    ...

networks:
  app-net:
    external: true
    name: my-overlay
  2. docker run --network my-overlay ...
  3. docker service create --network my-overlay ...

參考資料

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程