UDN-企业互联网技术人气社区

板块导航

浏览  : 1823
回复  : 0

[教程技巧] Docker网络利用Open vSwitch对广播报文限速

[复制链接]
葡萄柚的头像 楼主
发表于 2016-6-23 11:13:03 | 显示全部楼层 |阅读模式
  1. 准备环境

  CentOS7(1511)

  Docker(1.11.2)

  OpenVswitch(2.4.0-1)

  Iperf(2.0.8-2)

  2. 网络拓扑
2.png

  3. 构建网络

  3.1 创建容器
  1. Docker run -itd --name=magine1 --net=none 10.0.0.100:5000/centos /bin/bash
  2. ddfb7c3015f34f178d7efc112e6d9350b1553c07aaed4164a861c339346dba7e

  3. Docker run -itd --name=magine2 --net=none 10.0.0.100:5000/centos /bin/bash
  4. 67fe66ff23896010e5590dc8f841a82a957fd5b8694ef2d9b04b316a110854dc
复制代码

  3.2 创建虚拟网卡
  1. 容器ddfb7c30
  2. ip link add qbi-ddfb7c30 type veth peer name qbv-ddfb7c30
  3. ip link add qvb-ddfb7c30 type veth peer name qvo-ddfb7c30

  4. 容器f52ebaa9
  5. ip link add qbi-f52ebaa9 type veth peer name qbv-f52ebaa9
  6. ip link add pvb-f52ebaa9 type veth peer name qvo-f52ebaa9
复制代码

  3.3 创建ovs拓扑
  1. 基础网桥
  2. ovs-vsctl add-br br-int
  3. ovs-vsctl add-br br-em1
  4. ovs-vsctl add-port br-em1 em1

  5. 容器ddfb7c30
  6. ovs-vsctl add-br qbr-ddfb7c30
  7. ovs-vsctl add-port br-int qbi-ddfb7c30
  8. ovs-vsctl add-port qbr-ddfb7c30 qbv-ddfb7c30
  9. ovs-vsctl add-port qbr-ddfb7c30 qvb-ddfb7c30

  10. 容器f52ebaa9
  11. ovs-vsctl add-br qbr-f52ebaa9
  12. ovs-vsctl add-port br-int qbi-f52ebaa9
  13. ovs-vsctl add-port qbr-f52ebaa9 qbv-f52ebaa9
  14. ovs-vsctl add-port qbr-f52ebaa9 qvb-f52ebaa9
复制代码

  3.4 构建容器NameSpace
  1. 容器ddfb7c30
  2. Docker inspect -f  '{{ .State.Pid }}' ddfb7c3015f3
  3. 32687

  4. 关联系统namespace路径
  5. ln -s /proc/32687/ns/net /run/netns/ddfb7c3015f3

  6. 查看容器ns
  7. ip netns
  8. ddfb7c3015f3

  9. 容器分入网卡
  10. ip link set qvo-ddfb7c30 netns ddfb7c3015f3

  11. 配置IP
  12. ip netns exec ddfb7c3015f3 ip addr add 10.1.1.2/24 dev qvo-ddfb7c30

  13. 激活网卡
  14. ip netns exec ddfb7c3015f3 ip link set qvo-ddfb7c30 up
  15. ip link set qvb-ddfb7c30 up
  16. ip link set qbi-ddfb7c30 up
  17. ip link set qbv0ddfb7c30 up

  18. 容器f52ebaa9
  19. 以上操作
复制代码

  3.5 ovs创建队列和流表

  容器ddfb7c30

  在qbv-ddfb7c30上创建1条qos,2条队列,其中队列0最高1Gbit,最低500Mbit,队列1最高1Mbit,最低1Mbit
  1. $ ovs-vsctl set port qbv-ddfb7c30 qos=@newqos -- --id=@newqos create qos type=linux-htb other-config:max-rate=1000000000 queues=0=@q0,1=@q1 -- --id=@q0 create queue other-config:min-rate=500000000 other-config:max-rate=1000000000 -- --id=@q1 create queue other-config:min-rate=1000000 other-config:max-rate=1000000

  2. c5c8d139-7443-49f7-81d5-d92c8754e5de
  3. ea91d271-618d-442f-b88c-6ab0bfc377ba
  4. b6f63f0d-193d-4e9d-95c8-2af7e3aac247
复制代码

  查看qbr-ddfb7c30端口信息
  1. $ ovs-ofctl show qbr-ddfb7c30
  2. OFPT_FEATURES_REPLY (xid=0x2): dpid:0000aaee33131e41
  3. n_tables:254, n_buffers:256
  4. capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
  5. actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
  6. 2(qvb-ddfb7c30): addr:96:60:70:41:70:0c
  7. config:     0
  8. state:      0
  9. current:    10GB-FD COPPER
  10. speed: 10000 Mbps now, 0 Mbps max
  11. 3(qbv-ddfb7c30): addr:66:19:ab:4e:7e:09
  12. config:     0
  13. state:      0
  14. current:    10GB-FD COPPER
  15. speed: 10000 Mbps now, 0 Mbps max
  16. LOCAL(qbr-ddfb7c30): addr:aa:ee:33:13:1e:41
  17. config:     PORT_DOWN
  18. state:      LINK_DOWN
  19. speed: 0 Mbps now, 0 Mbps max
  20. OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

  21. 在qbr-ddfb7c30上创建两条流表,用于匹配广播地址和单播地址
  22. $ ovs-ofctl add-flow qbr-ddfb7c30 "table=1, in_port=2, dl_src=00:00:00:00:00:00/01:00:00:00:00:00, actions=enqueue:3:0"

  23. $ ovs-ofctl add-flow qbr-ddfb7c30 "table=0, in_port=2, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=enqueue:3:1"

  24. **查看流表**
  25. $ ovs-ofctl dump-flows qbr-ddfb7c30
  26. NXST_FLOW reply (xid=0x4):
  27. cookie=0x0, duration=264250.612s, table=0, n_packets=1465040, n_bytes=31895512642, idle_age=5938, hard_age=65534, priority=0 actions=NORMAL
  28. cookie=0x0, duration=2.382s, table=0, n_packets=0, n_bytes=0, idle_age=2, in_port=2,dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=enqueue:3:1
  29. cookie=0x0, duration=11.006s, table=1, n_packets=0, n_bytes=0, idle_age=11, in_port=2,dl_src=00:00:00:00:00:00/01:00:00:00:00:00 actions=enqueue:3:0


  30. 容器f52ebaa9
复制代码

  以上操作

  4. 测试

  由于没有测试广播风暴的工具,就以iperf测试单播为准

  4.1 iperf server

  宿主机
  1. iperf -s

  2. Server listening on TCP port 5001
  3. TCP window size: 85.3 KByte (default)
复制代码

  4.2 容器 iperf Client

  不配置qos
  1. [root@Docker1 ~]# ip netns exec ddfb7c3015f3 iperf -c 10.1.1.1 -i 1 -t 10
  2. [ 3] local 10.1.1.2 port 38143 connected with 10.1.1.1 port 5001
  3. [ ID] Interval Transfer Bandwidth
  4. [ 3] 0.0- 1.0 sec 3.05 GBytes 26.2 Gbits/sec
  5. [ 3] 1.0- 2.0 sec 3.24 GBytes 27.9 Gbits/sec
  6. [ 3] 2.0- 3.0 sec 3.24 GBytes 27.8 Gbits/sec
  7. [ 3] 3.0- 4.0 sec 3.29 GBytes 28.3 Gbits/sec
  8. [ 3] 4.0- 5.0 sec 3.35 GBytes 28.8 Gbits/sec
  9. [ 3] 5.0- 6.0 sec 3.31 GBytes 28.4 Gbits/sec
  10. [ 3] 6.0- 7.0 sec 3.29 GBytes 28.2 Gbits/sec
  11. [ 3] 7.0- 8.0 sec 3.32 GBytes 28.5 Gbits/sec
  12. [ 3] 8.0- 9.0 sec 3.28 GBytes 28.2 Gbits/sec
  13. [ 3] 9.0-10.0 sec 3.26 GBytes 28.0 Gbits/sec
  14. [ 3] 0.0-10.0 sec 32.6 GBytes 28.0 Gbits/sec
复制代码

  配置qos,单播走队列0(正常队列。限速1Gbit)
  1. $ ovs-ofctl add-flow qbr-ddfb7c30 "table=0, in_port=2, dl_src=00:00:00:00:00:00/01:00:00:00:00:00, actions=enqueue:3:0"

  2. [root@Docker1 ~]# ip netns exec ddfb7c3015f3 iperf -c 10.1.1.1 -i 1 -t 10
  3. [ 3] local 10.1.1.2 port 38157 connected with 10.1.1.1 port 5001
  4. [ ID] Interval Transfer Bandwidth
  5. [ 3] 0.0- 1.0 sec 117 MBytes 980 Mbits/sec
  6. [ 3] 1.0- 2.0 sec 115 MBytes 965 Mbits/sec
  7. [ 3] 2.0- 3.0 sec 114 MBytes 952 Mbits/sec
  8. [ 3] 3.0- 4.0 sec 114 MBytes 955 Mbits/sec
  9. [ 3] 4.0- 5.0 sec 114 MBytes 955 Mbits/sec
  10. [ 3] 5.0- 6.0 sec 114 MBytes 954 Mbits/sec
  11. [ 3] 6.0- 7.0 sec 114 MBytes 954 Mbits/sec
  12. [ 3] 7.0- 8.0 sec 115 MBytes 967 Mbits/sec
  13. [ 3] 8.0- 9.0 sec 114 MBytes 954 Mbits/sec
  14. [ 3] 9.0-10.0 sec 114 MBytes 955 Mbits/sec
  15. [ 3] 0.0-10.0 sec 1.12 GBytes 958 Mbits/sec
复制代码

  配置qos,单播走队列1(广播队列。限速1Mbit)
  1. $ ovs-ofctl add-flow qbr-ddfb7c30 "table=0, in_port=2, dl_src=00:00:00:00:00:00/01:00:00:00:00:00, actions=enqueue:3:1"

  2. [root@Docker1 ~]# ip netns exec ddfb7c3015f3 iperf -c 10.1.1.1 -i 1 -t 10
  3. [ 3] local 10.1.1.2 port 38177 connected with 10.1.1.1 port 5001
  4. [ ID] Interval Transfer Bandwidth
  5. [ 3] 0.0- 1.0 sec 83.4 KBytes 683 Kbits/sec
  6. [ 3] 1.0- 2.0 sec 12.7 KBytes 104 Kbits/sec
  7. [ 3] 2.0- 3.0 sec 276 KBytes 2.26 Mbits/sec
  8. [ 3] 3.0- 4.0 sec 136 KBytes 1.11 Mbits/sec
  9. [ 3] 4.0- 5.0 sec 127 KBytes 1.04 Mbits/sec
  10. [ 3] 5.0- 6.0 sec 191 KBytes 1.56 Mbits/sec
  11. [ 3] 6.0- 7.0 sec 191 KBytes 1.56 Mbits/sec
  12. [ 3] 7.0- 8.0 sec 255 KBytes 2.09 Mbits/sec
  13. [ 3] 8.0- 9.0 sec 382 KBytes 3.13 Mbits/sec
  14. [ 3] 9.0-10.0 sec 382 KBytes 3.13 Mbits/sec
  15. [ 3] 0.0-10.2 sec 1.99 MBytes 1.64 Mbits/sec
复制代码

  这个编辑器粘贴代码显示很蛋疼啊,chrome下面显示不完整,而safari显示又是正常的。求好心人帮助。

原文作者:magline 来源:http://dockone.io/article/1447

相关帖子

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关于我们
联系我们
  • 电话:010-86393388
  • 邮件:udn@yonyou.com
  • 地址:北京市海淀区北清路68号
移动客户端下载
关注我们
  • 微信公众号:yonyouudn
  • 扫描右侧二维码关注我们
  • 专注企业互联网的技术社区
版权所有:用友网络科技股份有限公司82041 京ICP备05007539号-11 京公网网备安1101080209224 Powered by Discuz!
快速回复 返回列表 返回顶部