이 글 또한 작년 여름에 실습하며 정리한 내용인데, 블로그 활동을 잠시 쉬게 되면서 오늘에서야 포스팅하게 되었다. 이 글을 읽기 전 Cloud 카테고리의 [Network] Prefix가 붙은 글을 먼저 읽는 것을 권장한다.
ONOS란?
ONOS(Open Network Operating System)는 SDN/NFV 솔루션을 구축하기 위한 오픈소스 SDN 컨트롤러이다. (Apache 2.0 라이센스)
ONOS는 단순화된 프로그래밍 상의 인터페이스로 새로운 동적 네트워크 서비스를 생성하고 구축할 수 있는 유연성을 제공하며, 통신사급 솔루션을 구축하고자 하는 사업자의 요구를 충족시키기 위해 설계되었다. ONOS는 네트워크의 구성과 실시간 제어를 모두 제어하므로, 네트워크 패브릭 내에서 라우팅과 스위칭 제어 프로토콜을 실행할 필요가 없다.
ONOS 프로젝트는 고가용성, 확장성, 탄력성을 제공하는 컨트롤러 개발을 목적으로 하며, 대규모 네트워크 사업자들이 사용할 만한 수준의 고성능 SDN 컨트롤러 플랫폼을 지향한다. 또한 ONOS는 OpenFlow를 포함한 다양한 Southbound API 프로토콜을 지원한다.
ONOS 실습 시나리오
실습 내용 및 아키텍처
오늘은 아~주 간단한 SDN 환경을 구성해보려 한다. Open vSwitch로 docker container들 간의 네트워크 통신을 구성하고, SDN 컨트롤러인 ONOS를 통해 이를 제어할 것이다.
실습환경
- vm : AWS EC2
- os : Ubuntu Server 18.04 LTS (HVM)
- spec : 2Core 8GB (t3.large)
- disk : 80GB(ssd)
1. OVS 설치
$ sudo apt install -y openvswitch-switch
ovs 설치 확인
$ sudo ovs-vsctl show
2d739b44-181a-4749-acad-8b4152da30c4
ovs_version: "2.9.8"
$ ps -el | grep ovs
5 S 0 2804 1 0 70 -10 - 5350 poll_s ? 00:00:00 ovsdb-server
5 S 0 2868 1 0 70 -10 - 6734 poll_s ? 00:00:00 ovs-vswitchd
2. Docker 설치
$ sudo apt install docker.io
만약 아래와 같은 에러가 난다면...
E: Unable to locate package docker.io
E: Couldn't find any package by glob 'docker.io'
E: Couldn't find any package by regex 'docker.io'
apt update를 한번 해주자
$ sudo apt-get update
docker 설치 확인
$ docker version
Client:
Version: 20.10.2
API version: 1.41
Go version: go1.13.8
Git commit: 20.10.2-0ubuntu1~18.04.2
Built: Tue Mar 30 21:24:16 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.12)
Go version: go1.13.8
Git commit: 20.10.2-0ubuntu1~18.04.2
Built: Mon Mar 29 19:27:41 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4-0ubuntu1~18.04.2
GitCommit:
runc:
Version: 1.0.0~rc95-0ubuntu1~18.04.1
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
$ docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.2
현재 container를 올리지 않았기 때문에 count가 0 임을 확인할 수 있다.
docker network 확인
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
653f9e41c710 bridge bridge local
f070c409eca0 host host local
babc348f1c09 none null local
$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "653f9e41c710a0ad44198a509be9de04a099d902dace631ca45cf234ec983e44",
"Created": "2021-07-07T07:39:52.188188984Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
3. ovs-docker 설치
ovs와 docker 연결을 간단하게 control 하기 위해 ovs-docker utility를 이용할 것이다.
(자세한 내용은 https://github.com/openvswitch/ovs/blob/master/utilities/ovs-docker 참고)
$ cd /usr/bin
$ sudo wget https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker
--2021-07-07 07:54:06-- https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8064 (7.9K) [text/plain]
Saving to: ‘ovs-docker.1’
ovs-docker.1 100%[==================================>] 7.88K --.-KB/s in 0s
2021-07-07 07:54:06 (74.8 MB/s) - ‘ovs-docker.1’ saved [8064/8064]
4. OVS Bridge 생성
ovs-vsctl(OVS 제어 CLI)로 ovs1 브릿지를 생성한다.
$ ovs-vsctl add-br ovs1
생성한 ovs1 브릿지에 호스트 외부 접속 인터페이스 생성
$ ifconfig ovs1 173.16.1.1 netmask 255.255.255.0 up
ifconfig
명령어로 확인해보면 ovs스위치(ovs1)가 생성된 것을 확인할 수 있다.
$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:0f:30:4d:ce txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 10.0.1.76 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::1b:19ff:feff:ef86 prefixlen 64 scopeid 0x20<link>
ether 02:1b:19:ff:ef:86 txqueuelen 1000 (Ethernet)
RX packets 73502 bytes 106507952 (106.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6360 bytes 625896 (625.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 228 bytes 20072 (20.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 228 bytes 20072 (20.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ovs1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 173.16.1.1 netmask 255.255.255.0 broadcast 173.16.1.255
inet6 fe80::580b:adff:fe18:1348 prefixlen 64 scopeid 0x20<link>
ether 5a:0b:ad:18:13:48 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 516 (516.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5. container 생성
이제 docker container 2개를 생성해주자.
$ sudo docker run -t -i -d --name container1 alpine
4f982ff32be0f196800fd6ac0c389914218f680d583c23d103761944d5d75d8c
$ sudo docker run -t -i -d --name container2 alpine
5a3c1d7d1ec8ba8592d5a8d458ba3ab1aca4f2e9cb623987460292930cc92fcd
Container ID 확인
$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5a3c1d7d1ec8 alpine "/bin/sh" 15 seconds ago Up 13 seconds container2
4f982ff32be0 alpine "/bin/sh" 36 seconds ago Up 34 seconds container1
각 container의 네트워크 인터페이스 확인
$ sudo docker exec container1 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1392 (1.3 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ sudo docker exec container1 ping 1.1.1.1
$ sudo docker exec container2 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4856 (4.7 KiB) TX bytes:3948 (3.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ sudo docker exec container2 ping 1.1.1.1
6. container와 ovs bridge 연결
ovs1과 container를 연결해주기 위해서는 각각 port를 만들고 ip를 할당하고 링크해줘야 하는데, 이걸 간단하게 수행하기 위해 아까 설치한 ovs-docker
를 이용한다.
$ sudo ovs-docker add-port ovs1 eth1 container1 --ipaddress=173.16.1.2/24
$ sudo ovs-docker add-port ovs1 eth1 container2 --ipaddress=173.16.1.3/24
다시 각 container의 네트워크 인터페이스를 확인해보면, OVS와 연결된 eth1
을 확인할 수 있다.
또한 각 container 간 ping 테스트도 정상적으로 수행된다.
(글이 길어져서 container2만 기재함)
$ sudo docker exec container2 ifconfig # check for Internet
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:424 errors:0 dropped:0 overruns:0 frame:0
TX packets:410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39996 (39.0 KiB) TX bytes:38948 (38.0 KiB)
eth1 Link encap:Ethernet HWaddr CE:C5:78:89:8C:50
inet addr:173.16.1.3 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:796 (796.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ sudo docker exec container2 ping 173.16.1.2
PING 173.16.1.2 (173.16.1.2): 56 data bytes
64 bytes from 173.16.1.2: seq=0 ttl=64 time=0.922 ms
64 bytes from 173.16.1.2: seq=1 ttl=64 time=0.176 ms
64 bytes from 173.16.1.2: seq=2 ttl=64 time=0.111 ms
64 bytes from 173.16.1.2: seq=3 ttl=64 time=0.101 ms
64 bytes from 173.16.1.2: seq=4 ttl=64 time=0.114 ms
7. ONOS 설치
지금까지 구성한 환경에서 OVS는 L2 스위치 역할을 수행한다.
이제는 본 포스팅의 목적이었던 SDN Controller ONOS를 설치하고 연결할 것이다.
ONOS 설치
$ sudo docker run -t -d -p 1181:8181 -p 1101:8101 -p 1653:6653 --name onos1 onosproject/onos
latest: Pulling from onosproject/onos
7595c8c21622: Pull complete
d13af8ca898f: Pull complete
70799171ddba: Pull complete
b6c12202c5ef: Pull complete
a3caae5bc1ad: Pull complete
c041e8f95d65: Pull complete
ed1837af27c7: Pull complete
Digest: sha256:f6b624201b99aa3fbfb25ee9410f48c4a1b3be8bf5ebafb62816f1b694142224
Status: Downloaded newer image for onosproject/onos:latest
4916b224f3200337a78489c6a2198a193020daa825be3fec21366a3a78298127
- 8181 : web dashboard 접속을 위한 port
- 8101 : CLI 접속을 위한 ssh port
- 6653 : ovs - onos 통신을 위한 port
여러 개의 ONOS를 구성할 수 있기 때문에 임의로 포트포워딩을 해줬다.
http://{ipaddress:1181}/onos/ui
로 ONOS web에 접속할 수 있다.
(1181로 포트포워딩을 하지 않은 경우 8181로 접속)
default 계정으로 로그인하면 아래와 같은 화면을 볼 수 있다.
(ID : onos, Password : rocks)
ovs 정보를 확인해보자.
$ sudo ovs-vsctl show
2d739b44-181a-4749-acad-8b4152da30c4
Bridge "ovs1"
Port "da5a724dd0214_l"
Interface "da5a724dd0214_l"
Port "7abbaea7e4494_l"
Interface "7abbaea7e4494_l"
Port "ovs1"
Interface "ovs1"
type: internal
ovs_version: "2.9.8"
docker ps 확인
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4916b224f320 onosproject/onos "./bin/onos-service …" 14 hours ago Up 14 hours 6640/tcp, 9876/tcp, 0.0.0.0:1653->6653/tcp, 0.0.0.0:1101->8101/tcp, 0.0.0.0:1181->8181/tcp onos1
5a3c1d7d1ec8 alpine "/bin/sh" 15 hours ago Up 15 hours container2
4f982ff32be0 alpine "/bin/sh" 15 hours ago Up 15 hours container1
8. ONOS(SDN Controller)에 OVS 연결
ovs1을 ONOS controller에 연결한다.
$ sudo ovs-vsctl set-controller ovs1 tcp:172.17.0.4:6653
다시 ovs 정보를 확인해보자.
ovs1 Bridge에 Controller가 추가된 것을 확인할 수 있다.
$ sudo ovs-vsctl show
2d739b44-181a-4749-acad-8b4152da30c4
Bridge "ovs1"
Controller "tcp:172.17.0.4:6653"
Port "da5a724dd0214_l"
Interface "da5a724dd0214_l"
Port "7abbaea7e4494_l"
Interface "7abbaea7e4494_l"
Port "ovs1"
Interface "ovs1"
type: internal
ovs_version: "2.9.8"
vm의 네트워크 인터페이스 구성 확인
$ ifconfig
7abbaea7e4494_l: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5419:c9ff:fead:8bf0 prefixlen 64 scopeid 0x20<link>
ether 56:19:c9:ad:8b:f0 txqueuelen 1000 (Ethernet)
RX packets 71544 bytes 6060936 (6.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 67802 bytes 6979026 (6.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
da5a724dd0214_l: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::8c9b:76ff:fe2c:c856 prefixlen 64 scopeid 0x20<link>
ether 8e:9b:76:2c:c8:56 txqueuelen 1000 (Ethernet)
RX packets 57500 bytes 5465320 (5.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 67852 bytes 6983926 (6.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:fff:fe30:4dce prefixlen 64 scopeid 0x20<link>
ether 02:42:0f:30:4d:ce txqueuelen 0 (Ethernet)
RX packets 191928 bytes 27898779 (27.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 174754 bytes 39969595 (39.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 10.0.1.76 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::1b:19ff:feff:ef86 prefixlen 64 scopeid 0x20<link>
ether 02:1b:19:ff:ef:86 txqueuelen 1000 (Ethernet)
RX packets 717884 bytes 834421238 (834.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 209467 bytes 31302450 (31.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 454 bytes 44426 (44.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 454 bytes 44426 (44.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ovs1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 173.16.1.1 netmask 255.255.255.0 broadcast 173.16.1.255
inet6 fe80::580b:adff:fe18:1348 prefixlen 64 scopeid 0x20<link>
ether 5a:0b:ad:18:13:48 txqueuelen 1000 (Ethernet)
RX packets 55 bytes 4396 (4.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 2616 (2.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth5225a25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::8485:afff:fe25:9c5f prefixlen 64 scopeid 0x20<link>
ether 86:85:af:25:9c:5f txqueuelen 0 (Ethernet)
RX packets 73191 bytes 6952974 (6.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 73227 bytes 6955458 (6.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethb61a685: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc67:f0ff:fe39:9a90 prefixlen 64 scopeid 0x20<link>
ether fe:67:f0:39:9a:90 txqueuelen 0 (Ethernet)
RX packets 73207 bytes 6954486 (6.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 73247 bytes 6957398 (6.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethed92c01: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1cff:1bff:fe40:2d5c prefixlen 64 scopeid 0x20<link>
ether 1e:ff:1b:40:2d:5c txqueuelen 0 (Ethernet)
RX packets 45530 bytes 16678311 (16.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28389 bytes 26064505 (26.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
9. ONOS 설정
최초에는 Default Drivers와 ONOS GUI2 만 running 상태이다.
필요한 Application을 찾아서 올려주자.
토폴로지를 확인하면 OVS bridge에 container 2개가 연결된 것을 확인할 수 있다.
토폴로지 단축키 참고!
10. docker network 확인
bridge 정보 확인
$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "653f9e41c710a0ad44198a509be9de04a099d902dace631ca45cf234ec983e44",
"Created": "2021-07-07T07:39:52.188188984Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"4916b224f3200337a78489c6a2198a193020daa825be3fec21366a3a78298127": {
"Name": "onos1",
"EndpointID": "24f811b1e99723ba5eac54f3754106488a4a7e688283b5e33268135e37382469",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"4f982ff32be0f196800fd6ac0c389914218f680d583c23d103761944d5d75d8c": {
"Name": "container1",
"EndpointID": "9a9012e246ca997921de6b15a75ea60cb81cbe59878e17c4e776a991ad92188a",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"5a3c1d7d1ec8ba8592d5a8d458ba3ab1aca4f2e9cb623987460292930cc92fcd": {
"Name": "container2",
"EndpointID": "858a1b678e7771ffcc439d5594e7c8903a5fca66e4ffb82d84315dcbde4570cc",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
host 정보도 확인해보자
$ docker network inspect host
[
{
"Name": "host",
"Id": "f070c409eca02b9afd47922696154def19c06157830181310936ac09749a6875",
"Created": "2021-07-07T07:39:52.129644722Z",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
iptable 확인
$ iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.4 172.17.0.4 tcp dpt:8181
MASQUERADE tcp -- 172.17.0.4 172.17.0.4 tcp dpt:8101
MASQUERADE tcp -- 172.17.0.4 172.17.0.4 tcp dpt:6653
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1181 to:172.17.0.4:8181
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1101 to:172.17.0.4:8101
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1653 to:172.17.0.4:6653
Reference
- https://opennetworking.org/onos/
- https://wiki.onosproject.org/display/ONOS/ONOS
- https://www.openvswitch.org/
- https://www.koreascience.or.kr/article/JAKO201522562218745.pdf