VLAN’s for Docker containers using OVS

In this post, I am going to show you how to connect docker containers to OVS and add them to separate VLANS. I am using Centos 7 logged in as superuser.

Step 1: Install Open vSwitch
Install open vswitch using the command
# yum install openvswitch

Step 2: Install ovs-docker utility
To connect docker containers to open vswitch we need this utility
# cd /usr/bin
# wget https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker
# chmod a+rwx ovs-docker

Step 3: Create and Configure OVS bridge
Add a bridge to ovs
# ovs-vsctl add-br br0

Configure IP address to the bridge and change its state to up
# ifconfig br0 172.19.1.1 netmask 255.255.255.0 up

Step 4: Run four containers in docker
I am using four alpine Linux containers for this demonstration
# docker run -itd --name container1 alpine
# docker run -itd --name container2 alpine
# docker run -itd --name container3 alpine
# docker run -itd --name container4 alpine


Step 5: Connect container to OVS bridge and VLAN
Let us connect all the containers to the bridge and add container1, container2 to vlan 10 and container3, contianer4 to vlan 20.
While connecting the containers to OVS bridge we need to assign IP address for each container.
# ovs-docker add-port br0 eth1 container1 --ipaddress=172.19.1.2/24

Now container1 is connected to bridge with a random name and to add the container1 to a vlan 10 we need the port name. To see the port name, use the below command
# ovs-vsctl show


If we enter the above command you can see information like I showed in the below picture


In the above picture, the port name for my contianer1 is “11d9b6e7c0d54_l” (you may get a different name). the basic syntax to add port to a vlan is
# ovs-vsctl set port <port number> tag=VLAN

Now we got the port name and let’s add the container1 to vlan 10
# ovs-vsctl set port 11d9b6e7c0d54_l tag=10

Repeat the same procedure for remaining containers and add container to vlan 10 and container3, contianer4 to vlan 20. The final output of vos-vsctl show command is shown below (the port names will be different)



Step 6: Testing
Attach the docker to the container container1 and try ping ip address of container2, container3, container4.
# docker attach container1
/# ping -w 4 172.19.1.3 //container2 ip address
/# ping -w 4 172.19.1.4 //container3 ip address
/# ping -w 4 172.19.1.5 //container4 ip address

After you ping the remaining containers you can only see reply messages from containers container2 but not container3 container4 because container1, container2 are on same VLAN.
To come out of container container1 press Cltr-p Cltr-q
Now attach the docker to any container in vlan 20 and try ping all the containers.


Comments

  1. UnknownJune 26, 2017 at 2:50 PM

    Update to my post for adding the containers to VLAN

    In step 5 after you connect the docker container to OVS, to add the container easily to the VLAN use the following syntax

    ovs-docker set-vlan BRIDGE INTERFACE CONTAINER VLAN

    To add container1 to vlan 10 rewrite the above command as

    # ovs-docker set-vlan br0 eth1 container1 10

    ReplyDelete

Post a Comment

Popular posts from this blog

User defined network in Docker with an Example

Image
Hello, my name is Sai Ram Peesapati and in this post I am going to walk you through user defined network in docker. I hope by now you know what is docker if not click here to know about it. Docker by default comes with three networks, they are none, bridge and host. if you want to learn more about them click here . But docker also gives you privilege to create your own network and called them as user defined network. What is user defined network? A network which is created by the user, so that containers which are running in that network can talk to each other without using the legacy link . User defined networks will have automatic DNS resolution of container names to IP addresses, because of this containers can talk to each other.  If you already have docker in your computer you are good to go but if you don't have it, no problem click here and follow the installation steps for your operating system. Now let's start running your first container in user define...
Read more