Docker Daemon生产环境配置提到了MTU设置,但是这只是针对于名为bridge的docker bridge network,对于overlay network是无效的。
判断是否需要本文
如果存在以下任意一种情况,则需要阅读本文:
- Docker machine的MTU不是1500
- Docker swarm创建
ingress和docker_gwbridge网络的子网和现有网络冲突
观察MTU的方法:
1
2
3
|
$ docker network inspect -f '{{json .Options}}' <network-name>
{"com.docker.network.driver.mtu":"1450","com.docker.network.driver.overlay.vxlanid_list":"4099"}
|
如果没有com.docker.network.driver.mtu,那么就是默认的1500。
观察子网的方法:
1
2
3
|
$ docker network inspect -f '{{json .IPAM}}' <network-name>
{"Driver":"default","Options":null,"Config":[{"Subnet":"10.0.0.0/24","Gateway":"10.0.0.1"}]}
|
修改ingress和docker_gwbridge网络
以下步骤得在swarm init或join之前做
假设你有三个机器,manager、worker-1、worker-2,准备搞一个Docker swarm集群
-
[manager] docker swarm init
-
[manager] 获得docker_gwbridge的参数,注意Subnet
1
2
|
$ docker network inspect -f '{{json .IPAM}}' docker_gwbridge
{"Driver":"default","Options":null,"Config":[{"Subnet":"172.18.0.0/16","Gateway":"172.18.0.1"}]}
|
-
[manager] docker swarm leave --force
-
[manager] 停掉docker sudo systemctl stop docker.service
-
[manager] 删掉虚拟网卡docker_gwbridge
1
2
|
$ sudo ip link set docker_gwbridge down
$ sudo ip link del dev docker_gwbridge
|
-
[manager] 启动docker sudo systemctl start docker.service
-
[manager] 重建docker_gwbridge,
记得设置之前得到的Subnet参数和正确的MTU值,如果子网和现有网络冲突,则要修改subnet参数:
1
2
3
4
5
6
7
8
|
$ docker network rm docker_gwbridge
$ docker network create \
--subnet 172.18.0.0/16 \
--opt com.docker.network.bridge.name=docker_gwbridge \
--opt com.docker.network.bridge.enable_icc=false \
--opt com.docker.network.bridge.enable_ip_masquerade=true \
--opt com.docker.network.driver.mtu=1450 \
docker_gwbridge
|
再到worker-1和worker-2上执行相同的命令。
-
[manager] docker swarm init
-
[manager] 先观察ingress network的参数,注意Subnet和Gateway:
1
2
|
$ docker network inspect -f '{{json .IPAM}}' ingress
{"Driver":"default","Options":null,"Config":[{"Subnet":"10.255.0.0/16","Gateway":"10.255.0.1"}]}
|
-
[manager] 删除ingress network,docker network rm ingress。
-
[manager] 重新创建ingress network,记得填写之前得到的Subnet和Gateway,以及正确的MTU值,如果子网和现有网络冲突,则要修改subnet参数::
1
2
3
4
5
6
7
|
$ docker network create \
--driver overlay \
--ingress \
--subnet=10.255.0.0/16 \
--gateway=10.255.0.1 \
--opt com.docker.network.driver.mtu=1450 \
ingress
|
- [worker-1] [worker-2] join
docker swarm join ...
注意:新机器在join到swarm之前,得先执行第7步
验证:
-
启动一个swarm service,docker service create -td --name busybox busybox
-
观察虚拟网卡
发现MTU都是1450:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether fa:16:3e:71:09:f5 brd ff:ff:ff:ff:ff:ff
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:6b:de:95:71 brd ff:ff:ff:ff:ff:ff
298: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:ae:7b:cd:b4 brd ff:ff:ff:ff:ff:ff
309: veth7e0f9e5@if308: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default
link/ether 16:ca:8f:c7:d3:7f brd ff:ff:ff:ff:ff:ff link-netnsid 1
311: vethcb94fec@if310: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 9a:aa:de:7b:4f:d4 brd ff:ff:ff:ff:ff:ff link-netnsid 2
|
- 观察容器内网卡
网卡MTU也是1450:
1
2
3
4
5
|
$ docker exec b.1.pdsdgghzyy5rhqkk5et59qa3o ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
310: eth0@if311: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
|
自建overlay network的MTU和子网
方法一:在docker compose file设置
1
2
3
4
5
6
7
8
9
10
11
|
...
networks:
my-overlay:
driver: overlay
ipam:
driver: default
config:
- subnet: <subnet>
driver_opts:
com.docker.network.driver.mtu: 1450
|
不过这样不好,因为这样就把docker compose file的内容和生产环境绑定了,换了个环境这个MTU值未必合适。
方法二:外部创建时设置
1
2
3
4
5
6
|
docker network create \
-d overlay \
--subnet <subnet-net> \
--opt com.docker.network.driver.mtu=1450 \
--attachable \
my-overlay
|
用法:
- 在docker compose file里这样用:
1
2
3
4
5
6
|
...
networks:
app-net:
external: true
name: my-overlay
|
docker run --network my-overlay ...docker service create --network my-overlay ...
参考资料
评论