flannel 网络不通的问题


我使用 VirtualBox 的两个虚拟机来搭建 flannel 环境,虚拟机系统为 Ceontos7。

HOST1:
网卡1 enp0s3 : 192.168.1.199 (桥接,用于访问外网)
网卡2 enp0s8 : 192.168.99.100 (host only ,用于宿主机和虚拟机之间通讯,flannel的--iface参数绑定的是这个网口)

HOST2:
网卡1 enp0s3 : 192.168.1.130 (桥接,用于访问外网)
网卡2 enp0s8 : 192.168.99.102 (host only ,用于宿主机和虚拟机之间通讯,flannel的--iface参数绑定的是这个网口)

flannel 使用 yum 安装,版本为 0.2.0。

安装好 flannel 之后, host1 的 flannel0 网口的IP为 172.17.64.0,docker0 网口的ip为 172.17.64.1;host2 的 flannel0 网口的IP为 172.17.46.0,docker0 的ip为 172.17.46.1。

在host1 上面ping 172.17.46.1 (host2上的docker0 ip)可以通:

ping 172.17.46.1

PING 172.17.46.1 (172.17.46.1) 56(84) bytes of data.
64 bytes from 172.17.46.1: icmp_seq=1 ttl=62 time=1.00 ms
64 bytes from 172.17.46.1: icmp_seq=2 ttl=62 time=0.932 ms

在host2 上面ping 172.17.64.1(host1上的docker0 ip)可以通:

ping 172.17.64.1

PING 172.17.64.1 (172.17.64.1) 56(84) bytes of data.
64 bytes from 172.17.64.1: icmp_seq=1 ttl=62 time=0.924 ms
64 bytes from 172.17.64.1: icmp_seq=2 ttl=62 time=1.00 ms

现在的问题是,在host1上面启动的容器,ip为172.17.64.2,在host2没有办法ping通。

ping 172.17.64.2

PING 172.17.64.2 (172.17.64.2) 56(84) bytes of data.
From 172.17.64.0 icmp_seq=1 Destination Host Prohibited
From 172.17.64.0 icmp_seq=2 Destination Host Prohibited
From 172.17.64.0 icmp_seq=3 Destination Host Prohibited
在host1也没有办法ping通host2的容器。


下面的路由表是不是有问题? 第一条就是默认网关的记录,后面的记录还会起效吗?

host1的路由表:

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 enp0s3
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 flannel0
172.17.64.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8
192.168.99.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s8

host2的路由表:

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 enp0s3
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 flannel0
172.17.46.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8
192.168.99.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s8

host1的IP信息:

ifconfig

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1472
inet 172.17.64.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::5484:7aff:fefe:9799 prefixlen 64 scopeid 0x20<link>
ether 56:84:7a:fe:97:99 txqueuelen 0 (Ethernet)
RX packets 3410 bytes 198531 (193.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4312 bytes 21627057 (20.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.199 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fede:684f prefixlen 64 scopeid 0x20<link>
ether 08:00:27:de:68:4f txqueuelen 1000 (Ethernet)
RX packets 171983 bytes 221791168 (211.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49057 bytes 3697723 (3.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.99.100 netmask 255.255.255.0 broadcast 192.168.99.255
inet6 fe80::a00:27ff:fec0:1529 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:c0:15:29 txqueuelen 1000 (Ethernet)
RX packets 13554 bytes 1008411 (984.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11643 bytes 1245972 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

flannel0: flags=81<UP,POINTOPOINT,RUNNING> mtu 1472
inet 172.17.64.0 netmask 255.255.0.0 destination 172.17.64.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 75 bytes 6932 (6.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 108 bytes 8408 (8.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 14195 bytes 750668 (733.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14195 bytes 750668 (733.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vetha5e892c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1472
inet6 fe80::2c65:f7ff:fee8:d3e4 prefixlen 64 scopeid 0x20<link>
ether 2e:65:f7:e8:d3:e4 txqueuelen 0 (Ethernet)
RX packets 3410 bytes 246271 (240.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4320 bytes 21627705 (20.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

host2的IP信息:

ifconfig

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1472
inet 172.17.46.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::5484:7aff:fefe:9799 prefixlen 64 scopeid 0x20<link>
ether 56:84:7a:fe:97:99 txqueuelen 0 (Ethernet)
RX packets 26 bytes 1796 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 2076 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.130 netmask 255.255.255.0 broadcast 192.168.1.255
ether 08:00:27:e6:ab:f8 txqueuelen 1000 (Ethernet)
RX packets 95615 bytes 109059995 (104.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22621 bytes 1689682 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.99.102 netmask 255.255.255.0 broadcast 192.168.99.255
inet6 fe80::a00:27ff:fe2d:4bab prefixlen 64 scopeid 0x20<link>
ether 08:00:27:2d:4b:ab txqueuelen 1000 (Ethernet)
RX packets 10590 bytes 792062 (773.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9356 bytes 1199975 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

flannel0: flags=81<UP,POINTOPOINT,RUNNING> mtu 1472
inet 172.17.46.0 netmask 255.255.0.0 destination 172.17.46.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 90 bytes 7328 (7.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 75 bytes 6932 (6.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 5 bytes 432 (432.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth07c27cb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1472
inet6 fe80::883f:44ff:fedc:6171 prefixlen 64 scopeid 0x20<link>
ether 8a:3f:44:dc:61:71 txqueuelen 0 (Ethernet)
RX packets 26 bytes 2160 (2.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2724 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
已邀请:

longmeng

赞同来自: 一眼的笑意


问题已解决,是防火墙规则的问题。

添加下面的规则就可以了:

iptables -I -s 172.17.0.0/16 FORWARD -j ACCEPT

要回复问题请先登录注册