containers on an overlay

.gitignore

.vagrant

docker-shell

#!/bin/bash
set -e -u

ROOT_DIR_PATH=$(cd $(dirname $0)/.. && pwd)
cd $ROOT_DIR_PATH

docker run --privileged \
   --rm \
   -it \
   -v $PWD:/ducati-release \
   -e GOPATH=/ducati-release \
   -w /ducati-release \
   c2cnetworking/ducati-dev \
   /bin/bash

Dockerfile

FROM golang:1.6-onbuild

RUN apt-get update -y && apt-get install -y --no-install-recommends \
  ca-certificates \
  curl \
  dnsutils \
  git \
  jq \
  &&  apt-get autoremove -yqq \
  &&  apt-get clean \
  &&  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

RUN curl -o /tmp/golang.tgz https://storage.googleapis.com/golang/go1.6.linux-amd64.tar.gz \
    && tar -C /usr/local -xzf /tmp/golang.tgz \
    && rm /tmp/golang.tgz

ENV GOPATH /gopath
ENV GOBIN /gopath/bin
ENV PATH $PATH:/usr/local/go/bin:$GOPATH/bin

RUN go get github.com/tools/godep
RUN go get github.com/onsi/ginkgo

RUN go install github.com/onsi/ginkgo/ginkgo

CMD /bin/bash

simpler-routing-2.sh

#! /bin/bash
set -u -e

ip netns add container-ns
ip netns exec container-ns ip link set lo up

echo creating vxlan
ip link add vxlan type vxlan vni 1234
ip addr add 10.10.1.1/16 dev vxlan
ip link set vxlan up

echo creating bridge
ip link add bridge type bridge
ip link set bridge up
ip route add 10.10.1.0/24 dev bridge

echo creating veth pair
ip link add dev c-eth0 type veth peer name veth0
ip link set dev c-eth0 address FE:FF:10:10:01:02
ip link set dev c-eth0 netns container-ns
ip link set veth0 up
echo adding address to container
ip netns exec container-ns ip addr add 10.10.1.2/16 dev c-eth0
ip netns exec container-ns ip link set c-eth0 up
ip netns exec container-ns ip route add 0.0.0.0/0 via 10.10.1.1

echo set vxlan and veth0 as bridge slave
ip link set vxlan master bridge
ip link set veth0 master bridge

echo add fdb rule for remote container
bridge fdb add FE:FF:10:10:00:02 dev vxlan dst 192.168.33.10

echo add arp entry for remote container
arp -s 10.10.0.2 FE:FF:10:10:00:02

echo enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

echo setting iptables rules
iptables -t nat -A PREROUTING -i eth1 \
  -p tcp --dport 3333 \
  -j DNAT --to-destination 10.10.1.2:8080

iptables -t nat -A POSTROUTING -s 10.10.0.0/16 ! -d 10.10.0.0/16 -j MASQUERADE

simpler-routing.sh

#! /bin/bash
set -u -e

ip netns add container-ns
ip netns exec container-ns ip link set lo up

echo creating vxlan
ip link add vxlan type vxlan vni 1234
ip addr add 10.10.0.1/16 dev vxlan
ip link set vxlan up

echo creating bridge
ip link add bridge type bridge
ip link set bridge up
ip route add 10.10.0.0/24 dev bridge

echo creating veth pair
ip link add dev c-eth0 type veth peer name veth0
ip link set dev c-eth0 address FE:FF:10:10:00:02
ip link set dev c-eth0 netns container-ns
ip link set veth0 up
echo adding address to container
ip netns exec container-ns ip addr add 10.10.0.2/16 dev c-eth0
ip netns exec container-ns ip link set c-eth0 up
ip netns exec container-ns ip route add 0.0.0.0/0 via 10.10.0.1

echo set vxlan and veth0 as bridge slave
ip link set vxlan master bridge
ip link set veth0 master bridge

echo add fdb rule for remote container
bridge fdb add FE:FF:10:10:01:02 dev vxlan dst 192.168.33.11

echo add arp entry for remote container
arp -s 10.10.1.2 FE:FF:10:10:01:02

echo enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

echo setting iptables rules
iptables -t nat -A PREROUTING -i eth1 \
  -p tcp --dport 3333 \
  -j DNAT --to-destination 10.10.0.2:8080

iptables -t nat -A POSTROUTING -s 10.10.0.0/16 ! -d 10.10.0.0/16 -j MASQUERADE

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure(2) do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://atlas.hashicorp.com/search.

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.

  config.vm.define "deepa" do |deepa|
    deepa.vm.box = "ubuntu/trusty64"
    deepa.vm.network "private_network", ip: "192.168.33.10"
    deepa.vm.provision :shell, inline: "/vagrant/simpler-routing.sh"
  end

  config.vm.define "dave" do |dave|
    dave.vm.box = "ubuntu/trusty64"
    dave.vm.network "private_network", ip: "192.168.33.11"
    dave.vm.provision :shell, inline: "/vagrant/simpler-routing-2.sh"
  end

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"

  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.

  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
  # such as FTP and Heroku are also available. See the documentation at
  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
  # config.push.define "atlas" do |push|
  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
  # end

  # Enable provisioning with a shell script. Additional provisioners such as
  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   sudo apt-get update
  #   sudo apt-get install -y apache2
  # SHELL
end

y-routing-ns-2.sh

#!/bin/bash
set -e -u

set +e
ip netns add routing-ns
ip netns add container-ns
set -e

echo This script will set up a container on overlay with IP 192.168.3.3

echo creating vxlan
ip link add vxlan type vxlan vni 1234 #dstport 4789
ip link set vxlan up

echo creating vxlan bridge
ip link add vxlanbr type bridge
ip addr add 192.168.2.1/24 dev vxlanbr
ip link set vxlanbr up

echo creating host bridge
ip link add hostbr type bridge
ip addr add 192.168.1.1/24 dev hostbr
ip link set hostbr up

echo creating host to routing veth
ip link add dev r-eth0 type veth peer name host-veth0
ip link set dev r-eth0 netns routing-ns
ip link set host-veth0 up
ip netns exec routing-ns ip link set r-eth0 up
ip netns exec routing-ns ip addr add 192.168.1.2/24 dev r-eth0

echo set eth0 and host-veth0 as hostbr slave
ip link set host-veth0 master hostbr

echo creating vxlan to routing veth
ip link add dev r-eth1 type veth peer name host-veth1
ip link set dev r-eth1 netns routing-ns
ip link set host-veth1 up
ip netns exec routing-ns ip link set r-eth1 up
ip netns exec routing-ns ip addr add 192.168.2.2/24 dev r-eth1

echo set vxlan and host-veth1 as vxlanbr slave
ip link set vxlan master vxlanbr
ip link set host-veth1 master vxlanbr

echo creating routing to container veth
ip netns exec routing-ns ip link add dev c-eth0 type veth peer name r-veth0
ip netns exec routing-ns ip link set dev c-eth0 netns container-ns
ip netns exec routing-ns ip link add dev cbridge type bridge
ip netns exec routing-ns ip link set cbridge up
ip netns exec routing-ns ip link set r-veth0 master cbridge
ip netns exec routing-ns ip addr add 192.168.3.1/24 dev cbridge
ip netns exec routing-ns ip link set r-veth0 up
ip netns exec routing-ns sh -c 'echo 1 >> /proc/sys/net/ipv4/ip_forward'
ip netns exec routing-ns ip route add 0.0.0.0/0 via 192.168.1.1
ip netns exec routing-ns ip route add 192.168.4.0/24 via 192.168.2.1

ip netns exec container-ns ip link set c-eth0 up
ip netns exec container-ns ip addr add 192.168.3.3/24 dev c-eth0
ip netns exec container-ns ip route add 0.0.0.0/0 via 192.168.3.1


ip route add 192.168.3.0/24 via 192.168.1.2

bridge fdb add 36:28:02:77:6e:5f dst 192.168.33.10 dev vxlan

echo 1 >> /proc/sys/net/ipv4/ip_forward

echo setting up iptables rules
iptables -t nat -A PREROUTING -i eth1 \
  -p tcp --dport 3333 \
  -j DNAT --to-destination 192.168.3.3:8080

echo
ping -c1 192.168.1.2
ping -c1 192.168.2.2
ping -c1 192.168.4.2
ping -c1 192.168.3.3

y-routing-ns.sh

#!/bin/bash
set -e -u

set +e
ip netns add routing-ns
ip netns add container-ns
set -e

echo This script will set up a container on overlay with IP 192.168.4.2

echo creating vxlan
ip link add vxlan type vxlan vni 1234 #dstport 4789
ip link set vxlan up

echo creating vxlan bridge
ip link add vxlanbr type bridge
ip addr add 192.168.2.1/24 dev vxlanbr
ip link set vxlanbr up

echo creating host bridge
ip link add hostbr type bridge
ip addr add 192.168.1.1/24 dev hostbr
ip link set hostbr up

echo creating host to routing veth
ip link add dev r-eth0 type veth peer name host-veth0
ip link set dev r-eth0 netns routing-ns
ip link set host-veth0 up
ip netns exec routing-ns ip link set r-eth0 up
ip netns exec routing-ns ip addr add 192.168.1.2/24 dev r-eth0

echo set eth0 and host-veth0 as hostbr slave
ip link set host-veth0 master hostbr

echo creating vxlan to routing veth
ip link add dev r-eth1 type veth peer name host-veth1
ip link set dev r-eth1 netns routing-ns
ip link set host-veth1 up
ip netns exec routing-ns ip link set r-eth1 up
ip netns exec routing-ns ip addr add 192.168.2.2/24 dev r-eth1

echo set vxlan and host-veth1 as vxlanbr slave
ip link set vxlan master vxlanbr
ip link set host-veth1 master vxlanbr

echo creating routing to container veth
ip netns exec routing-ns ip link add dev c-eth0 type veth peer name r-veth0
ip netns exec routing-ns ip link set dev c-eth0 netns container-ns
ip netns exec routing-ns ip link add dev cbridge type bridge
ip netns exec routing-ns ip link set cbridge up
ip netns exec routing-ns ip link set r-veth0 master cbridge
ip netns exec routing-ns ip addr add 192.168.4.1/24 dev cbridge
ip netns exec routing-ns ip link set r-veth0 up
ip netns exec routing-ns sh -c 'echo 1 >> /proc/sys/net/ipv4/ip_forward'
ip netns exec routing-ns ip route add 0.0.0.0/0 via 192.168.1.1
ip netns exec routing-ns ip route add 192.168.3.0/24 via 192.168.2.1

ip netns exec container-ns ip link set c-eth0 up
ip netns exec container-ns ip addr add 192.168.4.2/24 dev c-eth0
ip netns exec container-ns ip route add 0.0.0.0/0 via 192.168.4.1

ip route add 192.168.4.0/24 via 192.168.1.2

bridge fdb add to 7a:44:10:f0:6b:8b dst 192.168.33.11 dev vxlan

echo 1 >> /proc/sys/net/ipv4/ip_forward

echo setting up iptables rules
iptables -t nat -A PREROUTING -i eth1 \
  -p tcp --dport 3333 \
  -j DNAT --to-destination 192.168.4.2:8080

echo
ping -c1 192.168.1.2
ping -c1 192.168.2.2
ping -c1 192.168.4.2
ping -c1 192.168.3.3