Understanding Kubernetes Networking. Part 1: Container Networking
Vložit
- čas přidán 16. 12. 2020
- Kubernetes is all about networking. In this series, we will examine various aspects of Kubernetes networking such as cluster and POD networks, Container Network Interface (CNI), services, and network policies. To get started though we need to have a basic understanding of the OSI network model, network appliances (physical and virtual), overlay networks, and container networking fundamentals. In this first installment, we will cover those basics. Hope you will me join in this journey.
Complete playlist for these series: • Kubernetes Networking ...
Keywords: Container network, Container networking, basic networking concepts, OSI model
Thanks!
My Other Videos:
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process • Cilium Kubernetes CNI ...
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
• Cilium Kubernetes CNI ...
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
• What is VXLAN and How ...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
• Managing Linux Logins,...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
• Managing Linux Logins,...
► Sharing Resources between Windows and Linux:
• Sharing Resources betw...
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
• Kubernetes kube-proxy ...
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
• Kubernetes: Configurat...
►Configuring and Managing Storage in Kubernetes:
• Configuring and Managi...
► Istio Service Mesh - Securing Kubernetes Workloads:
• Istio Service Mesh - S...
► Istio Service Mesh - Intro
• Istio Service Mesh (si...
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in: • Understanding Kubernet...
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in-depth:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
• Kubernetes services - ...
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
• Understanding Kubernet...
► A Docker and Kubernetes tutorial for beginners:
• A Docker and Kubernete...
► Setup a "Docker-less" Multi-node Kubernetes Cluster On Ubuntu Server:
• Setup a "Docker-less" ...
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS: • Step by Step Instructi...
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor - CZcams: • Setup and Configure Ce...
►Setup NAT (Network Address Translation) on Hyper-V: • Setup NAT (Network Add...
► Enable Nested Virtualization on Windows to run WSL 2 (Linux) and Hyper-V on a VM: • Enable Nested Virtuali...
►Setup a Multi-Node MicroK8S Cluster on Windows 10: • Setup a Multi Node Mic...
► Detailed Windows Terminal, (WSL 2), Linux, Docker, and Kubernetes Install Guide on Windows 10:
• Detailed Windows Termi... - Věda a technologie
The source code for demos are here: github.com/gary-RR/myCZcams_video_container_networking
this guys is distinguish level engineer and create free content, god bless you and your family
Most comprehensive tutorial I've ever see, thank you mate...
Glad you liked it!
@@TheLearningChannel-Tech If you are someone who really likes learning fundamentals of things, how you can't like it 😉
Highly underrated channel. Awesome explanation.
This video is an incredible asset for learning microservices networking!!! Thank you!
This series is criminally underrated.Good work here boss.
Excellent lesson with a relevant example scenario. Thank you very much.
This series is just brilliant!
I searched the whole internet to found this type of basis to pro series thank you man...
Perfect learning! It was useful as usual. Thank you so much!
This is the most informative you-tube instructional video ever! Thank you!!
Thank you very much, glad it was helpful!
Amazing Explanation of the networking concepts. Great Job. Thank you !
Glad it was helpful!
With this introductory video, you have comforted a lot of DevOps engineers. This is amazing. Thank you!
Thank you and glad you found it helpful!
thanks for the detailed and clear explanation of networking
One of the best explanations, thanks a lot :)
Amazing video/ explanation Sir. Looking forward to go see all videos.
Superb ! one of the best videos i have comes across networking on youtube , Thanks a Lot
This tutorial is so fantastic. I've spent weeks reading netowrking books but could not implement any of their examples. This video put it all in a cleaver and comprehensive example.
Million thanks for the amazing very clear step by step explanations. I watched and implement it step by step. Will continue the other parts.
Thanks a lot for so great teaching video! Networking has been fuzzy for developers and you make it clear and easy!!!
You are very welcome and thank for your kind feedback!
Thank God, finally found an interesting stuff to understand networking internals , thank you so much Sir for investing your time on this...
Best thing found on internet.... Kudos to the efforts 😃
This is an extremely informative and in-depth coverage of different elements in networking.
Kudos to you.
@Chetan Mishra, many thanks for your kind words! Glad you found it useful. Thanks again.
Simply the BEST video on the internet for understanding Docker Networking! Thank you, this must have taken a very long time to setup.
You're very welcome!
Thank you very much. This was so informative and I learned a lot.
Very Great Job, thank's. Pedagogic, methodic and clear explanation. Thank you once again.
@Aboubacar Alain DIOUBATE , many thanks for your kind words, and glad you found it helpful! Thank you again.
Excellent series. I would recommend everyone to watch this. I have recommended my followers for your series as well.
Hi Mohit, thank you very much.
fantastic, thanks for your sharing.
Thanks for sharing, very nice
An excellent deep dive. Better than anything on Udemy or CZcams.
Thanks very much Mitch, much appreciated!
great work and videos brother. i have watched kubeproxy iptables and ipvs earlier, and now i will go through every video you have uploaded.
Such in depth information i was looking for and you have it all. I will become a K8S pro soon.
Keep creating such content.
Thanks very much! Please subscribe to be notified of future videos and spread the word!
Great video,
Thanks for such an elaborated video.
Glad you enjoyed it!
Great video. Excellent explanation.
Thank you
Glad it was helpful!
great detailed videos, thanks a lot
Excellent explanation!!
thank you for you effort
Dude you have done an amazing job. I was looking for this for long time. Thank you
@NABEEL NASIR , many thanks for the kind words and glad you found it helpful! Please consider subscribing as I am working on new materials related to Kubernetes control plane and services that you may also find useful. Thanks again!
@@TheLearningChannel-Tech I have subscribed to your channel. I will share your channel with all my friends.
Will you be making series on kubernetes for beginners from scratch?
@@453nabeel Thank you! I'll put Kubernetes for beginners on my list of future videos. Thank you for your suggestions. Cheers!
@@TheLearningChannel-Tech if you don't mind can you please tell when will you upload kubernetes series. Thanks
@@453nabeel I'm currently in the middle of another video so I'd say it will be a month out.
really helpful. Thank you for making such a wonderful video.
You're very welcome!
concise and clear contents even for non English speaker!
Glad to hear it, thank you!
Fantastic content.
Excellent explanation
Awesome sesion
This is great. Very educational.
Thank you!
Great content, very helpful and gave me a good bit of clarity on some things.. some bits have still gone over my head but still great stuff.
Glad it was helpful!
top class thanks much
Great video! Thank you!
Glad you liked it!
Great Job. Thanks.
Thank you!
Awesome
The illustration at minute 20:00 makes the virtual concepts very easy to assimilate
indeed
great work!
Thank you! Cheers!
Thanks!
Amazing. I am a subscriber now.
Thanks, and welcome aboard!
Great work.
Thank you! Cheers!
Very good explanation. Thank you so much for putting in the effort to prepare this video. I have a dumb question. In VM1 setup, you never really connected bridge to eth0 of VM1. Is connectivity from bridge to eth0 is due to ip forwarding being enabled here or something else?
@vipinchawria , thanks for your kind words! When a bridge is created, it is automatically connected to the default Ethernet adaptor (eth0 in this case), you won't need to run any script. Hope this helps. Thanks again.
@@TheLearningChannel-Tech Thank you
thanks you verry much for a great video
Thank you and glad you liked it!
Great job!! Thanks a ton. This video expose all underlying communication between vm to vm as well as container to container. By the way would you please share the script which is used for readiness of your lab environment?
Thank you for your feedback! You can find the scripts here: github.com/gary-RR/myCZcams_video_container_networking. You'll need two Linux VMs to run these. I used Ubuntu, please read the "README.md" file for more info.
Thanks again for watching an your kind words.
Thanks for your kind information
That diagram at like 20 minutes was really good
Thank you David, glad you liked it!. Thanks again for watching.
Hey! Great video. A quick question about the daigram at 20:40, is NAT part of the router if we everything is a physical device?
Hi, yes, the NAT translation is done within the physical router. I just showed it outside the router for clarity.
@@TheLearningChannel-Tech Thanks a lot for clarification.
Very very good explanation
Many thanks for kind words!
This is an excellent video and the series will clear all the doubts the begineers have, could you please pass the link of the commands you executred in the demo mate, Thanks in advance !
Hi, you can get them here: github.com/gary-RR/myCZcams_video_container_networking
very nice explanation
Thank you!
Nice dude
Glad you like it
Great video!! Liked and subscribed.
I have one question, for the container communication when the nodes are in different networks, what is the role of router and UDP tunnel? Shouldn't the router alone be capable to handle the cross-network communication?
Thanks in advance! 🙏
Tunnels are used when two networks are in different subnets and don't have a direct line of communication. A good example is Kubernetes pods that are created on different nodes. The pods that are on the same node are on the same subnet and can freely communicate with each other, not so with pods on different nodes. In those situations, tunneling is one method of providing an L2 network bridges between pod networks, leveraging an underlaying L3 network.
@@TheLearningChannel-Tech Thank you for the response. Providing connectivity between different networks is job of router, right?
So using the router only these servers can reach to each other, so what is the need of tunnel?
Thanks again!
@@nagendersingh35 Yes, but you'll need to manually define routes for destinations. This is not an issue when there are a limited number of networks but in the case of containers (think Kubernetes), there may be thousands of nodes that host containers, manually creating these routes on routers are impractical. Thus, tunnels are set up, and the router knows how to deliver the message to the destination node. Once the message is delivered, a UDP tunnel is established between the two pod networks where pods can communicate.
@@TheLearningChannel-Tech Totally makes sense now.
Thank you so much! 🙌
Well explained view of how networking components are put together. One question where can the scripts be found to try this out for myself and experiment with? Thanks
Hey Richard, thanks, you can get the scripts here: github.com/gary-RR/myCZcams_video_container_networking.
@@TheLearningChannel-Tech Many Thanks!
Nice 🙏 .I have one query if this is Usecases of cloud k8s or it beyond what cloud platform is using?
@vj gaur, hello and thanks for your feedback. I'm guessing you are asking about the container use cases? If so, no they are not tied to the cloud Kubernetes or even Docker for that matter. Namespaces and containers are Linux kernel constructs. Docker and by extension Kubernetes provide environments to host and manage containers. Kubernetes can be hosted internally or on a public cloud, however, for this course you won't need any cloud or Docker/Kubernetes access. The examples can be run on Linux VM(s). Hope this helps.
Good 👍
Thanks
Hi, great video, learned a ton from it! one question, why do we need a udp tunnel when the vm's ip's are on a different subnet? why a router isn't enough? thanks!
Hi, great question, remember that containers (think Kubernetes PODs) are created at scale and although the container hosts are connected on L3 networks, adjusting routes manually to guide packets from one container on one host to containers on other hosts is not practical. L4 tunnels are an important tool to automate container connectivity in those scenarios. This technique is used in VXLAN.
@@TheLearningChannel-Tech Thanks for the answer! so basically, if there are more than 2 nodes, there will be a "mesh" of tunnels between all nodes bridges?
@@shinemet Hi Ben, in practice such as VXLAN tunnels, these tunnels are temporarily established and torn down once the POD to POD connection and request/response have been completed. So they are not permanent to participate in any mesh.
@@TheLearningChannel-Tech Thanks :), one last question I have. I saw your video about Flannel, basically when you are saying that L4 tunnels are automating containers connectivity, this connectivity is between containers on different nodes, right? and I saw a virtual interface called "flannel" this creature is responsible for this l4 tunneling automation?
@@shinemet Hi Ben,
Correct, only the POD communication that crosses VMs will go through the UPD tunnel. The technology that Flannel uses is called VXLAN. On each node, an adaptor called VXLAN Tunnel Endpoint (VTEP for short) is installed, the "flannel" adaptor you referred to. When a POD calls another POD, the traffic is intercepted by the VTEP and additional ethernet and VXLAN header is added to send the traffic to other side. The VTEP on the destination VM intercepts the packet and routes it to the destination POD. If you want to know more about how VXLAN works, you can watch my VXLAN video: czcams.com/video/WMLSD2y2Ig4/video.html . Hope this helps!
@TheLearningChannel-Tech, I have quick question, is it possible to host a routing OS like OpenWRT or other inside VM or container to provide networking and traffic routing to other containers and/or VM's running on same hardware, knowing that the hardware is intel x86 based mini PC router with 6 LAN ports and 2 WLAN interfaces, reason is that I want to get utmost of this hardware to run app's as well as acting as router, if this is doable, which is best network fabric here? is a bridge or macvlan is better?
I haven't really used OpenWRT but I believe it is meant for embedded devices. For containers you really don't need that. Containers are usually hosted on Kubernetes and CNI provides such as Calico and Cilium provide all the necessary plumbing for containers to talk to each other regardless of location (same node or other nodes). Check out my other videos on Kubernetes. This video is just an intro to container networking to learn some basic ideas. In practice the CNI providers take care of all the details.
@@TheLearningChannel-Tech I guess you're right, the need for routing at layer 1 & 2 can be done without additional software, using k8 CNI at NIC level, but maybe Macvlan is needed to capture traffic from all NIC's, not sure if am right
@TheLearningChannel-Tech -- Question: At 24:40, Why is the eth0 IP 192.168.0.10, shouldn't it be 192.168.0.11, as per the Ubuntu VM2 IP mentioned in the slide before this?
Hi, yes, that is a typo.
Hello,
Is there Any reason why we're assigning IP addresses only to 1 end of the veth cables that connects into the namespace (veth11,21) and not to the other end that is connecting to the bridge network (veth10,20)? I was of the opinion that both the ends need to be assigned with the IP addresses. Thanks
Hi, there is no point in assigning an IP to the host side of veth. Its job is simply to connect the POD's ethernet interface to host, that's all.
@@TheLearningChannel-Tech perfect. Thank you so much.
Thanks
Welcome
HI. thank you so much for this lecture, may i ask please ask for the linux commands you used for this lecture? I would like to save it for a reference. thanks again!
Hi, you can find scripts here: github.com/gary-RR/myCZcams_video_container_networking
Thank you, this is the most helpful content ive seen and it made me understand container networking better. ill be sharing this with my coworkers. thanks again!
@@kernael711 Thank you and glad it was helpful!
Thanks for the excellant content. The IP address for Ubuntu VM2's eth0 should be 192.168.0.11 in the diagram.
Thanks, yes that was a typo.
Hi man! Can you tell me what the problem is when I run socat command the test ip route command shows 172.16.1.2 via _my_home_gateway dev eth0 src 192.168.1.10 instead tundudp. I've noticed that the route to bridge subnet in the second part of your video is omitted. And also in my lab tundudp on both sides in down state. Should I insert missed routes on my home router? And clarify the exact IP addresses in your last part of video - 192.168.1.11 and 192.168.0.10? Because in first part IP addressess must be in one network.
@Johnny Russian, Hi Johny,
After successfully establishing the UDP tunnel, the ip route should show something similar to this:
ip route
default via 192.168.0.1 dev eth0 proto static metric 100
169.254.0.0/16 dev eth0 scope link metric 1000
172.16.0.0/16 dev tundudp proto kernel scope link src 172.16.1.100
172.16.1.0/24 dev br0 proto kernel scope link src 172.16.1.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.11 metric 100
Also:
ip link show type tun
8: tundudp: mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500 link/none
Here are my IP addresses and subnet mask on two ubuntu machines:
ubuntu1: 192.168.0.10 (mask 255.255.255.0)
ubuntu2: 192.168.0.11 (mask 255.255.255.0)
Make sure both machines can ping each other and there are no network issues.
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
There is an unfortunate typo on the slide, IPs should read 192.168.0.10 and 192.168.0.11. CZcams does not allow modifying the video once uploaded.
Hope this helps!
@@TheLearningChannel-Tech Thanks man! It helped a lot. You're doing a great job.
Glad you it helped.
Sir, i am very new to all these concepts , but your videos are very easy to understand. I have a question (It may be a stupid question) , bridge is layer 2 device , and layer 2 devices use MAC addresses, so why we assign an IP address to it ?
Hi, IP is still needed for a variety of reasons such as routing out or in calls to/in from other networks. Also, layer 2 doesn't have a concept of lookup like DNS in layer 3. When a device wants to send a message to another device, it will have to send out an ARP request to find the other device's MAC address.
@@TheLearningChannel-Tech Thank you sir
I tried this setup on Aws with two linux vms inside same subnet. I m not able to ping from between network namespaces on different hosts.
I haven't tried it on AWS per se but try the following(change IPs to reflect your scenario):
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
@21:00 you launch into the namespace ethernet isolation with a list of crucial elements. You magically utilize a virtual kernel bridge without having introduced it or explaining it.
Hi, the virtual switch is the gateway through which the containers which are on a different subnet than the host can communicate to the host and the outside world. That concept was discussed in earlier video in case you may be interested to watch: czcams.com/video/PYamsYQSmFY/video.html
Hi. thanks for all your efforts in making complicated topics easily digestable for beginners like me. Is there a way I can get the links to the commands that you've used in this video? I want to experiment them myself.
EDIT: got the Github link from another recent reply. It would really help others, if you could please add it the video description, or you can add a comment and pin it.
Noted.
Thanks for the great video, I tried running same test on my local server (two Ubuntu VMs created). But I was unable to ping from one namespaces to another namespace on same VM (This issue even on another VM also). Can you please let me know what I am missing here.
Hi,
Since I can't see your code, I'll provide the code that I used for the video below, go through it for your trouble shooting, good luck!
#!bash
NS1="NS1"
NS2="NS2"
NODE_IP="192.168.0.10"
BRIDGE_SUBNET="172.16.0.0/24"
BRIDGE_IP="172.16.0.1"
IP1="172.16.0.2"
IP2="172.16.0.3"
TO_NODE_IP="192.168.0.11"
TO_BRIDGE_SUBNET="172.16.1.0/24"
TO_BRIDGE_IP="172.16.1.1"
TO_IP1="172.16.1.2"
TO_IP2="172.16.1.3"
echo "Creating the namespaces"
sudo ip netns add $NS1
sudo ip netns add $NS2
ip netns show
echo "Creating the veth pairs"
sudo ip link add veth10 type veth peer name veth11
sudo ip link add veth20 type veth peer name veth21
ip link show type veth
#ip link show veth11
#ip link show veth20
echo "Adding the veth pairs to the namespaces"
sudo ip link set veth11 netns $NS1
sudo ip link set veth21 netns $NS2
echo "Configuring the interfaces in the network namespaces with IP address"
sudo ip netns exec $NS1 ip addr add $IP1/24 dev veth11
sudo ip netns exec $NS2 ip addr add $IP2/24 dev veth21
echo "Enabling the interfaces inside the network namespaces"
sudo ip netns exec $NS1 ip link set dev veth11 up
sudo ip netns exec $NS2 ip link set dev veth21 up
echo "Creating the bridge"
sudo ip link add br0 type bridge
ip link show type bridge
ip link show br0
#sudo ip link delete br0
echo "Adding the network namespaces interfaces to the bridge"
sudo ip link set dev veth10 master br0
sudo ip link set dev veth20 master br0
echo "Assigning the IP address to the bridge"
sudo ip addr add $BRIDGE_IP/24 dev br0
echo "Enabling the bridge"
sudo ip link set dev br0 up
echo "Enabling the interfaces connected to the bridge"
sudo ip link set dev veth10 up
sudo ip link set dev veth20 up
echo "Setting the loopback interfaces in the network namespaces"
sudo ip netns exec $NS1 ip link set lo up
sudo ip netns exec $NS2 ip link set lo up
sudo ip netns exec $NS1 ip a
sudo ip netns exec $NS2 ip a
echo "Setting the default route in the network namespaces"
sudo ip netns exec $NS1 ip route add default via $BRIDGE_IP dev veth11
sudo ip netns exec $NS2 ip route add default via $BRIDGE_IP dev veth21
@@TheLearningChannel-Tech Thanks for your quick response. I was able to make progress now after disabling docker on my server. But I am still not clear how docker caused this issue . Any IP filtering is done at L2 bridge here ?
@@jayashankaradm1942 Docker also uses a bridged network so it is possible that perhaps there was an IP conflict.
Did you get this squared away and the ping working?
@@TheLearningChannel-Tech Yes, It worked when docker is down. Btw In the demo there two Ubuntu VMs (VM1 and VM2) are these VMs are on same host machine or is it two different physical servers.
I just downloaded the shell script from your github repository, and tried it, but the ping only works for the namespace in the same node, failed to namespace of the other node
I am confused a lot. I really appreciate if you can help.
Make sure you follow the instructions below and change the IP addresses to match your environment:
# ------------------- Overlay setup --------------------- #
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
#echo "Disables reverse path filtering"
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/tundudp/rp_filter
@@TheLearningChannel-Tech The ubuntu1 and ubuntu2 are on the same subnet, is it necessary to set up the UDP tunnel?
I am able to ping bridge from both NS1 AND NS2 but they are not able to communicate with each other.
The scripts are here: github.com/gary-RR/myCZcams_video_container_networking
If after following the scripts still doesn't work then there might be something local on your machines that prevents. This. Good luck.
hi, I created two ec2 in aws and they are in same subnet. On vm1 ping vm2's br0 not working
Hi,
In order for the one container on one machine to be able to communicate to another container on the other VM, you must set up a UDP tunnel as described below:
First, I assume "eth0" on each VM is the interface that has with the one that an IP address is associated with it, you can run the following command to verify:
ip addr
Here are my IP addresses and subnet mask on two ubuntu machines:
ubuntu1: 192.168.0.10 (mask 255.255.255.0)
ubuntu2: 192.168.0.11 (mask 255.255.255.0)
Make sure both machines can ping each other and there are no network issues.
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
#echo "Disables reverse path filtering"
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/tundudp/rp_filter'
#To verify that the tunnel is up, run:
ip link show type tun
8: tundudp: mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500 link/none
Hope this helps.
Did you get this resolved?
Is it possible to provide the commands used in the video?
Hi, you can find scripts here: github.com/gary-RR/myCZcams_video_container_networking
is there a github repo with some of these steps ?
Hi,
Yes, you can get the scripts here: github.com/gary-RR/myCZcams_video_container_networking.
Unfortunately, ping the remote vm (I mean 192.168.0.11) is not working on Ubuntu 20.04: Destination Port Unreachable. Does anyone encounter the same problem?
Hi,
If you have a switch (not router) between two Ubuntu machines then change the IP address of "ubuntu2" to "192.168.0.11". So you should have
ubuntu1: 192.168.0.10
ubuntu2: 192.168.0.11
Make the change and make sure you can ping each machine from the other.
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
Good luck!
@Михаил Поливаха, Where you able to resolve it?
@@TheLearningChannel-Tech I do not have a route between my hosts - they are on the same LAN. I have managed to solve it via linux vxlan interfaces. As far as I know this is the techince which is used by flannel by the way, correct me if I am wrong. But I will retry with you solution. Thank you so much!
Correct, Flannel uses VXLAN which relies on a UDP connection. If you got it working then great, no need to switch to the raw socat.
@@TheLearningChannel-Tech got It, this part make me confused for a while because in the picture of ubuntu2 eth0: 192.168.1.11 but on bash script you executed them as 192.168.0.11/24, which means in the same network with Ubuntu1VM. and we no need to route them.
Gr8 explanation Sir,can you create a video of vxlan
Hi Indranil, thank you for your kind feedback! I'm currently working on a video on Calico but will add your suggestion to the future videos. Thanks.
I think the eth0 in Ubuntu2 VM should be 192.168.0.11 in the picture.
Hi, thanks for your comment, correct, that was a typo in the slide.
sorry but eth0 is 192.168.0.11 right?
Good catch! , it should be 192.168.0.11. Thank you for catching it!
@@TheLearningChannel-Tech It should be 192.168.0.11 or 192.168.0.x and not 192.168.9.1 according to the reply. If it's 192.168.9.1 or 192.168.1.11, they will be on different subnets! Please correct me if I am wrong.
@@pkkurra123 It was a typo, I meant 192.168.0.11. Fixed it, Thanks!
Hi There, I got device not found issue since I was using enp0s5 not eth0, but after my change, I got Error: Nexthop has invalid gateway.... Any suggestion?
Hi Tracy,
First, please issue this command from a terminal:
ip addr
The interface name that has the device IP associated with it is your default interface, assuming you only have one network card associated with your host.
Second, what command you were executing when encountered the error messages?
Thanks.
Please let me know if you still need help with this. The "ip addr" will determine if you should use "eth0" or "enp0s5". Normally "eth0" is the default adaptor but not on all Linux distros. Also mention what command caused the error messages. Thanks and have a god day.
@@TheLearningChannel-Tech Hi thanks a lot !!!! I was still facing the issue please see below reply
@@tracylee8446 Hi Tracy, not sure which reply you are referring to? Please do the the following:
1- Run the following command from a terminal on your Linux VM and copy the results in your post:
ip addr
2- Specify what command caused the errors you mentioned in your original post. Thanks.
@@TheLearningChannel-Tech oh hi what I tried the command is sudo ip route add $TO_BRIDGE_SUBSET via $TO_NODE_IP dev enp0s5, my ip addr is
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s5: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:1c:42:83:5d:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.107/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s5
valid_lft 86388sec preferred_lft 86388sec
inet6 2001:569:524e:d900:794:db69:5ee1:373a/64 scope global temporary dynamic
valid_lft 14682sec preferred_lft 14382sec
inet6 2001:569:524e:d900:9d3e:9042:7dfb:3b22/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 14682sec preferred_lft 14382sec
inet6 fe80::5004:d94:9598:75c0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
awesome useful ,really really awesome video