[Network] ONOS로 Open vSwitch 제어하기
IT/Cloud

[Network] ONOS로 Open vSwitch 제어하기

728x90
반응형

이 글 또한 작년 여름에 실습하며 정리한 내용인데, 블로그 활동을 잠시 쉬게 되면서 오늘에서야 포스팅하게 되었다. 이 글을 읽기 전 Cloud 카테고리의 [Network] Prefix가 붙은 글을 먼저 읽는 것을 권장한다.

 

ONOS란?

ONOS(Open Network Operating System)는 SDN/NFV 솔루션을 구축하기 위한 오픈소스 SDN 컨트롤러이다. (Apache 2.0 라이센스)

 

ONOS는 단순화된 프로그래밍 상의 인터페이스로 새로운 동적 네트워크 서비스를 생성하고 구축할 수 있는 유연성을 제공하며, 통신사급 솔루션을 구축하고자 하는 사업자의 요구를 충족시키기 위해 설계되었다. ONOS는 네트워크의 구성과 실시간 제어를 모두 제어하므로, 네트워크 패브릭 내에서 라우팅과 스위칭 제어 프로토콜을 실행할 필요가 없다.

 

ONOS 프로젝트는 고가용성, 확장성, 탄력성을 제공하는 컨트롤러 개발을 목적으로 하며, 대규모 네트워크 사업자들이 사용할 만한 수준의 고성능 SDN 컨트롤러 플랫폼을 지향한다. 또한 ONOS는 OpenFlow를 포함한 다양한 Southbound API 프로토콜을 지원한다.

 

ONOS 실습 시나리오

실습 내용 및 아키텍처

오늘은 아~주 간단한 SDN 환경을 구성해보려 한다. Open vSwitch로 docker container들 간의 네트워크 통신을 구성하고, SDN 컨트롤러인 ONOS를 통해 이를 제어할 것이다.

 

실습환경

  • vm : AWS EC2
  • os : Ubuntu Server 18.04 LTS (HVM)
  • spec : 2Core 8GB (t3.large)
  • disk : 80GB(ssd)

 

1. OVS 설치

$ sudo apt install -y openvswitch-switch

ovs 설치 확인

$ sudo ovs-vsctl show
  2d739b44-181a-4749-acad-8b4152da30c4
      ovs_version: "2.9.8"

$ ps -el | grep ovs
  5 S     0  2804     1  0  70 -10 -  5350 poll_s ?        00:00:00 ovsdb-server
  5 S     0  2868     1  0  70 -10 -  6734 poll_s ?        00:00:00 ovs-vswitchd

 

2. Docker 설치

$ sudo apt install docker.io

 

만약 아래와 같은 에러가 난다면...

E: Unable to locate package docker.io
E: Couldn't find any package by glob 'docker.io'
E: Couldn't find any package by regex 'docker.io'

apt update를 한번 해주자

$ sudo apt-get update

 

docker 설치 확인

$ docker version
    Client:
     Version:           20.10.2
     API version:       1.41
     Go version:        go1.13.8
     Git commit:        20.10.2-0ubuntu1~18.04.2
     Built:             Tue Mar 30 21:24:16 2021
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true

    Server:
     Engine:
      Version:          20.10.2
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.13.8
      Git commit:       20.10.2-0ubuntu1~18.04.2
      Built:            Mon Mar 29 19:27:41 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.4-0ubuntu1~18.04.2
      GitCommit:
     runc:
      Version:          1.0.0~rc95-0ubuntu1~18.04.1
      GitCommit:
     docker-init:
      Version:          0.19.0
      GitCommit:

$ docker info
    Client:
     Context:    default
     Debug Mode: false

    Server:
     Containers: 0
      Running: 0
      Paused: 0
      Stopped: 0
     Images: 0
     Server Version: 20.10.2

현재 container를 올리지 않았기 때문에 count가 0 임을 확인할 수 있다.

 

docker network 확인

$ docker network ls
    NETWORK ID     NAME      DRIVER    SCOPE
    653f9e41c710   bridge    bridge    local
    f070c409eca0   host      host      local
    babc348f1c09   none      null      local

$ docker network inspect bridge
    [
        {
            "Name": "bridge",
            "Id": "653f9e41c710a0ad44198a509be9de04a099d902dace631ca45cf234ec983e44",
            "Created": "2021-07-07T07:39:52.188188984Z",
            "Scope": "local",
            "Driver": "bridge",
            "EnableIPv6": false,
            "IPAM": {
                "Driver": "default",
                "Options": null,
                "Config": [
                    {
                        "Subnet": "172.17.0.0/16"
                    }
                ]
            },
            "Internal": false,
            "Attachable": false,
            "Ingress": false,
            "ConfigFrom": {
                "Network": ""
            },
            "ConfigOnly": false,
            "Containers": {},
            "Options": {
                "com.docker.network.bridge.default_bridge": "true",
                "com.docker.network.bridge.enable_icc": "true",
                "com.docker.network.bridge.enable_ip_masquerade": "true",
                "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
                "com.docker.network.bridge.name": "docker0",
                "com.docker.network.driver.mtu": "1500"
            },
            "Labels": {}
        }
    ]

 

3. ovs-docker 설치

ovs와 docker 연결을 간단하게 control 하기 위해 ovs-docker utility를 이용할 것이다.

(자세한 내용은 https://github.com/openvswitch/ovs/blob/master/utilities/ovs-docker 참고)

$ cd /usr/bin

$ sudo wget https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker
    --2021-07-07 07:54:06--  https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker
    Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.108.133, ...
    Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 8064 (7.9K) [text/plain]
    Saving to: ‘ovs-docker.1’

    ovs-docker.1             100%[==================================>]   7.88K  --.-KB/s    in 0s

    2021-07-07 07:54:06 (74.8 MB/s) - ‘ovs-docker.1’ saved [8064/8064]

 

4. OVS Bridge 생성

ovs-vsctl(OVS 제어 CLI)로 ovs1 브릿지를 생성한다.

$ ovs-vsctl add-br ovs1

 

생성한 ovs1 브릿지에 호스트 외부 접속 인터페이스 생성

$ ifconfig ovs1 173.16.1.1 netmask 255.255.255.0 up

 

ifconfig 명령어로 확인해보면 ovs스위치(ovs1)가 생성된 것을 확인할 수 있다.

$ ifconfig
    docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
            inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
            ether 02:42:0f:30:4d:ce  txqueuelen 0  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
            inet 10.0.1.76  netmask 255.255.255.0  broadcast 10.0.1.255
            inet6 fe80::1b:19ff:feff:ef86  prefixlen 64  scopeid 0x20<link>
            ether 02:1b:19:ff:ef:86  txqueuelen 1000  (Ethernet)
            RX packets 73502  bytes 106507952 (106.5 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 6360  bytes 625896 (625.8 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 228  bytes 20072 (20.0 KB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 228  bytes 20072 (20.0 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    ovs1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 173.16.1.1  netmask 255.255.255.0  broadcast 173.16.1.255
            inet6 fe80::580b:adff:fe18:1348  prefixlen 64  scopeid 0x20<link>
            ether 5a:0b:ad:18:13:48  txqueuelen 1000  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 6  bytes 516 (516.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

5. container 생성

이제 docker container 2개를 생성해주자.

$ sudo docker run -t -i -d --name container1 alpine
    4f982ff32be0f196800fd6ac0c389914218f680d583c23d103761944d5d75d8c

$ sudo docker run -t -i -d --name container2 alpine
    5a3c1d7d1ec8ba8592d5a8d458ba3ab1aca4f2e9cb623987460292930cc92fcd

 

Container ID 확인

$ sudo docker ps
    CONTAINER ID   IMAGE     COMMAND     CREATED          STATUS          PORTS     NAMES
    5a3c1d7d1ec8   alpine    "/bin/sh"   15 seconds ago   Up 13 seconds             container2
    4f982ff32be0   alpine    "/bin/sh"   36 seconds ago   Up 34 seconds             container1

 

각 container의 네트워크 인터페이스 확인

$ sudo docker exec container1 ifconfig
    eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02
              inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:16 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:1392 (1.3 KiB)  TX bytes:0 (0.0 B)

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
$ sudo docker exec container1 ping 1.1.1.1

$ sudo docker exec container2 ifconfig
    eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03
              inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:54 errors:0 dropped:0 overruns:0 frame:0
              TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:4856 (4.7 KiB)  TX bytes:3948 (3.8 KiB)

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
$ sudo docker exec container2 ping 1.1.1.1

 

6. container와 ovs bridge 연결

ovs1과 container를 연결해주기 위해서는 각각 port를 만들고 ip를 할당하고 링크해줘야 하는데, 이걸 간단하게 수행하기 위해 아까 설치한 ovs-docker를 이용한다.

$ sudo ovs-docker add-port ovs1 eth1 container1 --ipaddress=173.16.1.2/24
$ sudo ovs-docker add-port ovs1 eth1 container2 --ipaddress=173.16.1.3/24

 

다시 각 container의 네트워크 인터페이스를 확인해보면, OVS와 연결된 eth1을 확인할 수 있다.

또한 각 container 간 ping 테스트도 정상적으로 수행된다.

(글이 길어져서 container2만 기재함)

$ sudo docker exec container2 ifconfig # check for Internet
    eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03
              inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:424 errors:0 dropped:0 overruns:0 frame:0
              TX packets:410 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:39996 (39.0 KiB)  TX bytes:38948 (38.0 KiB)

    eth1      Link encap:Ethernet  HWaddr CE:C5:78:89:8C:50
              inet addr:173.16.1.3  Bcast:0.0.0.0  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:10 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:796 (796.0 B)  TX bytes:0 (0.0 B)

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

$ sudo docker exec container2 ping 173.16.1.2
    PING 173.16.1.2 (173.16.1.2): 56 data bytes
    64 bytes from 173.16.1.2: seq=0 ttl=64 time=0.922 ms
    64 bytes from 173.16.1.2: seq=1 ttl=64 time=0.176 ms
    64 bytes from 173.16.1.2: seq=2 ttl=64 time=0.111 ms
    64 bytes from 173.16.1.2: seq=3 ttl=64 time=0.101 ms
    64 bytes from 173.16.1.2: seq=4 ttl=64 time=0.114 ms

 

7. ONOS 설치

지금까지 구성한 환경에서 OVS는 L2 스위치 역할을 수행한다.

이제는 본 포스팅의 목적이었던 SDN Controller ONOS를 설치하고 연결할 것이다.

 

ONOS 설치

$ sudo docker run -t -d -p 1181:8181 -p 1101:8101 -p 1653:6653 --name onos1 onosproject/onos
    latest: Pulling from onosproject/onos
    7595c8c21622: Pull complete
    d13af8ca898f: Pull complete
    70799171ddba: Pull complete
    b6c12202c5ef: Pull complete
    a3caae5bc1ad: Pull complete
    c041e8f95d65: Pull complete
    ed1837af27c7: Pull complete
    Digest: sha256:f6b624201b99aa3fbfb25ee9410f48c4a1b3be8bf5ebafb62816f1b694142224
    Status: Downloaded newer image for onosproject/onos:latest
    4916b224f3200337a78489c6a2198a193020daa825be3fec21366a3a78298127
  • 8181 : web dashboard 접속을 위한 port
  • 8101 : CLI 접속을 위한 ssh port
  • 6653 : ovs - onos 통신을 위한 port

여러 개의 ONOS를 구성할 수 있기 때문에 임의로 포트포워딩을 해줬다.

 

http://{ipaddress:1181}/onos/ui로 ONOS web에 접속할 수 있다.

(1181로 포트포워딩을 하지 않은 경우 8181로 접속)

 

default 계정으로 로그인하면 아래와 같은 화면을 볼 수 있다.

(ID : onos, Password : rocks)

 

ovs 정보를 확인해보자.

$ sudo ovs-vsctl show
    2d739b44-181a-4749-acad-8b4152da30c4
        Bridge "ovs1"
            Port "da5a724dd0214_l"
                Interface "da5a724dd0214_l"
            Port "7abbaea7e4494_l"
                Interface "7abbaea7e4494_l"
            Port "ovs1"
                Interface "ovs1"
                    type: internal
        ovs_version: "2.9.8"

 

docker ps 확인

$ docker ps
    CONTAINER ID   IMAGE              COMMAND                  CREATED        STATUS        PORTS                                                                                        NAMES
    4916b224f320   onosproject/onos   "./bin/onos-service …"   14 hours ago   Up 14 hours   6640/tcp, 9876/tcp, 0.0.0.0:1653->6653/tcp, 0.0.0.0:1101->8101/tcp, 0.0.0.0:1181->8181/tcp   onos1
    5a3c1d7d1ec8   alpine             "/bin/sh"                15 hours ago   Up 15 hours                                                                                                container2
    4f982ff32be0   alpine             "/bin/sh"                15 hours ago   Up 15 hours                                                                                                container1

 

8. ONOS(SDN Controller)에 OVS 연결

ovs1을 ONOS controller에 연결한다.

$ sudo ovs-vsctl set-controller ovs1 tcp:172.17.0.4:6653

 

다시 ovs 정보를 확인해보자.

ovs1 Bridge에 Controller가 추가된 것을 확인할 수 있다.

$ sudo ovs-vsctl show
    2d739b44-181a-4749-acad-8b4152da30c4
        Bridge "ovs1"
            Controller "tcp:172.17.0.4:6653"
            Port "da5a724dd0214_l"
                Interface "da5a724dd0214_l"
            Port "7abbaea7e4494_l"
                Interface "7abbaea7e4494_l"
            Port "ovs1"
                Interface "ovs1"
                    type: internal
        ovs_version: "2.9.8"

 

vm의 네트워크 인터페이스 구성 확인

$ ifconfig
    7abbaea7e4494_l: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::5419:c9ff:fead:8bf0  prefixlen 64  scopeid 0x20<link>
            ether 56:19:c9:ad:8b:f0  txqueuelen 1000  (Ethernet)
            RX packets 71544  bytes 6060936 (6.0 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 67802  bytes 6979026 (6.9 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    da5a724dd0214_l: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::8c9b:76ff:fe2c:c856  prefixlen 64  scopeid 0x20<link>
            ether 8e:9b:76:2c:c8:56  txqueuelen 1000  (Ethernet)
            RX packets 57500  bytes 5465320 (5.4 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 67852  bytes 6983926 (6.9 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
            inet6 fe80::42:fff:fe30:4dce  prefixlen 64  scopeid 0x20<link>
            ether 02:42:0f:30:4d:ce  txqueuelen 0  (Ethernet)
            RX packets 191928  bytes 27898779 (27.8 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 174754  bytes 39969595 (39.9 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
            inet 10.0.1.76  netmask 255.255.255.0  broadcast 10.0.1.255
            inet6 fe80::1b:19ff:feff:ef86  prefixlen 64  scopeid 0x20<link>
            ether 02:1b:19:ff:ef:86  txqueuelen 1000  (Ethernet)
            RX packets 717884  bytes 834421238 (834.4 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 209467  bytes 31302450 (31.3 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 454  bytes 44426 (44.4 KB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 454  bytes 44426 (44.4 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    ovs1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 173.16.1.1  netmask 255.255.255.0  broadcast 173.16.1.255
            inet6 fe80::580b:adff:fe18:1348  prefixlen 64  scopeid 0x20<link>
            ether 5a:0b:ad:18:13:48  txqueuelen 1000  (Ethernet)
            RX packets 55  bytes 4396 (4.3 KB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 36  bytes 2616 (2.6 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    veth5225a25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::8485:afff:fe25:9c5f  prefixlen 64  scopeid 0x20<link>
            ether 86:85:af:25:9c:5f  txqueuelen 0  (Ethernet)
            RX packets 73191  bytes 6952974 (6.9 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 73227  bytes 6955458 (6.9 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    vethb61a685: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::fc67:f0ff:fe39:9a90  prefixlen 64  scopeid 0x20<link>
            ether fe:67:f0:39:9a:90  txqueuelen 0  (Ethernet)
            RX packets 73207  bytes 6954486 (6.9 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 73247  bytes 6957398 (6.9 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    vethed92c01: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::1cff:1bff:fe40:2d5c  prefixlen 64  scopeid 0x20<link>
            ether 1e:ff:1b:40:2d:5c  txqueuelen 0  (Ethernet)
            RX packets 45530  bytes 16678311 (16.6 MB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 28389  bytes 26064505 (26.0 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

9. ONOS 설정

최초에는 Default Drivers와 ONOS GUI2 만 running 상태이다.

필요한 Application을 찾아서 올려주자.

 

토폴로지를 확인하면 OVS bridge에 container 2개가 연결된 것을 확인할 수 있다.

 

토폴로지 단축키 참고!

 

10. docker network 확인

bridge 정보 확인

$ docker network inspect bridge
    [
        {
            "Name": "bridge",
            "Id": "653f9e41c710a0ad44198a509be9de04a099d902dace631ca45cf234ec983e44",
            "Created": "2021-07-07T07:39:52.188188984Z",
            "Scope": "local",
            "Driver": "bridge",
            "EnableIPv6": false,
            "IPAM": {
                "Driver": "default",
                "Options": null,
                "Config": [
                    {
                        "Subnet": "172.17.0.0/16"
                    }
                ]
            },
            "Internal": false,
            "Attachable": false,
            "Ingress": false,
            "ConfigFrom": {
                "Network": ""
            },
            "ConfigOnly": false,
            "Containers": {
                "4916b224f3200337a78489c6a2198a193020daa825be3fec21366a3a78298127": {
                    "Name": "onos1",
                    "EndpointID": "24f811b1e99723ba5eac54f3754106488a4a7e688283b5e33268135e37382469",
                    "MacAddress": "02:42:ac:11:00:04",
                    "IPv4Address": "172.17.0.4/16",
                    "IPv6Address": ""
                },
                "4f982ff32be0f196800fd6ac0c389914218f680d583c23d103761944d5d75d8c": {
                    "Name": "container1",
                    "EndpointID": "9a9012e246ca997921de6b15a75ea60cb81cbe59878e17c4e776a991ad92188a",
                    "MacAddress": "02:42:ac:11:00:02",
                    "IPv4Address": "172.17.0.2/16",
                    "IPv6Address": ""
                },
                "5a3c1d7d1ec8ba8592d5a8d458ba3ab1aca4f2e9cb623987460292930cc92fcd": {
                    "Name": "container2",
                    "EndpointID": "858a1b678e7771ffcc439d5594e7c8903a5fca66e4ffb82d84315dcbde4570cc",
                    "MacAddress": "02:42:ac:11:00:03",
                    "IPv4Address": "172.17.0.3/16",
                    "IPv6Address": ""
                }
            },
            "Options": {
                "com.docker.network.bridge.default_bridge": "true",
                "com.docker.network.bridge.enable_icc": "true",
                "com.docker.network.bridge.enable_ip_masquerade": "true",
                "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
                "com.docker.network.bridge.name": "docker0",
                "com.docker.network.driver.mtu": "1500"
            },
            "Labels": {}
        }
    ]

 

host 정보도 확인해보자

$ docker network inspect host
    [
        {
            "Name": "host",
            "Id": "f070c409eca02b9afd47922696154def19c06157830181310936ac09749a6875",
            "Created": "2021-07-07T07:39:52.129644722Z",
            "Scope": "local",
            "Driver": "host",
            "EnableIPv6": false,
            "IPAM": {
                "Driver": "default",
                "Options": null,
                "Config": []
            },
            "Internal": false,
            "Attachable": false,
            "Ingress": false,
            "ConfigFrom": {
                "Network": ""
            },
            "ConfigOnly": false,
            "Containers": {},
            "Options": {},
            "Labels": {}
        }
    ]

 

iptable 확인

$ iptables -t nat -L -n
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination
    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination
    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0
    MASQUERADE  tcp  --  172.17.0.4           172.17.0.4           tcp dpt:8181
    MASQUERADE  tcp  --  172.17.0.4           172.17.0.4           tcp dpt:8101
    MASQUERADE  tcp  --  172.17.0.4           172.17.0.4           tcp dpt:6653

    Chain DOCKER (2 references)
    target     prot opt source               destination
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1181 to:172.17.0.4:8181
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1101 to:172.17.0.4:8101
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:1653 to:172.17.0.4:6653

 

Reference

 

728x90
반응형