Docker Swarm 网状路由不适用于独立子网
Docker Swarm mesh routing doesn't work for independent subnets
我有一个管理器和一个工作节点,管理器在云端,工作器是我的个人计算机,所以它们在不同的子网上。两者都被列为活跃。
我的主要问题是创建服务并按预期扩展它,管理器和工作人员都启动了一个容器等,但网状路由器不起作用。容器包含一个简单的乒乓类型的服务器,如果比例为 1 并且只有管理器拥有容器 运行 那么我应该能够 cURL 我的工作人员并通过工作节点从管理器获得响应,对吧?
如果只有一个 worker 和许多容器,负载平衡会按预期工作,但如果有 3 个 worker 和 3 个容器分布在它们之间,则负载平衡不起作用。
我确保打开了所需的端口;
IP Address
Start Port
End Port
Start Port
End Port
Protocol
Description
Enabled
192.168.0.20
8080
8080
8080
8080
Both
test-port
Yes
192.168.0.20
7946
7946
7946
7946
Both
Yes
192.168.0.20
4789
4789
4789
4789
UDP
Yes
192.168.0.20
1234
1234
1234
1234
Both
Yes
192.168.0.20
2377
2377
2377
2377
TCP
Yes
当我检查入口网络时,它显示 Peers 属性中的 worker 和 manager,但 worker 的 IP 显示在本地。
"Peers": [
{
"Name": "1fc94f7e314e",
"IP": "95.***.***.***"
},
{
"Name": "85d4a1a1b3f2",
"IP": "192.168.0.20"
},
]
编辑;添加7946端口的tcpdump,4789端口无声
94.***.***.***.35388 > 95.***.***.***.7946: Flags [P.], cksum 0xea01 (correct), seq 1:302, ack 1, win 502, options [nop,nop,TS val 311036725 ecr 954017851], length 301
14:21:04.266975 IP (tos 0x0, ttl 64, id 54940, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [.], cksum 0x15df (incorrect -> 0x6e42), ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 0
14:21:04.267014 IP (tos 0x0, ttl 47, id 49773, offset 0, flags [DF], proto TCP (6), length 52)
94.***.***.***.35388 > 95.***.***.***.7946: Flags [.], cksum 0x6fbf (correct), ack 1, win 502, options [nop,nop,TS val 311036724 ecr 954017851], length 0
14:21:04.267028 IP (tos 0x0, ttl 64, id 54941, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [.], cksum 0x15df (incorrect -> 0x6e42), ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 0
14:21:04.267720 IP (tos 0x0, ttl 64, id 54942, offset 0, flags [DF], proto TCP (6), length 328)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [P.], cksum 0x16f3 (incorrect -> 0xb31d), seq 1:277, ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 276
14:21:04.267815 IP (tos 0x0, ttl 64, id 54943, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [F.], cksum 0x15df (incorrect -> 0x6d2d), seq 277, ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 0
14:21:04.341436 IP (tos 0x0, ttl 47, id 49775, offset 0, flags [DF], proto TCP (6), length 52)
94.***.***.***.35388 > 95.***.***.***.7946: Flags [.], cksum 0x6cea (correct), ack 277, win 501, options [nop,nop,TS val 311036799 ecr 954017925], length 0
14:21:04.341516 IP (tos 0x0, ttl 47, id 49776, offset 0, flags [DF], proto TCP (6), length 52)
94.***.***.***.35388 > 95.***.***.***.7946: Flags [F.], cksum 0x6ce8 (correct), seq 302, ack 278, win 501, options [nop,nop,TS val 311036799 ecr 954017925], length 0
14:21:04.341554 IP (tos 0x0, ttl 64, id 54944, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [.], cksum 0x15df (incorrect -> 0x6c98), ack 303, win 507, options [nop,nop,TS val 954017999 ecr 311036799], length 0
14:21:04.572411 IP (tos 0x0, ttl 64, id 31955, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
14:21:04.772361 IP (tos 0x0, ttl 64, id 31958, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
14:21:04.972568 IP (tos 0x0, ttl 64, id 31990, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
^[[A14:21:05.172449 IP (tos 0x0, ttl 64, id 32014, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
14:21:05.372687 IP (tos 0x0, ttl 64, id 32045, offset 0, flags [DF], proto UDP (17), length 150)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 122
14:21:05.416490 IP (tos 0x0, ttl 47, id 64487, offset 0, flags [DF], proto UDP (17), length 86)
94.***.***.***.7946 > 95.***.***.***.7946: UDP, length 58
14:21:05.416902 IP (tos 0x0, ttl 64, id 16979, offset 0, flags [DF], proto UDP (17), length 77)
95.***.***.***.7946 > 94.***.***.***.7946: UDP, length 49
14:21:05.873535 IP (tos 0x0, ttl 64, id 24571, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52398 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0x98a2), seq 1269859057, win 64240, options [mss 1460,sackOK,TS val 2080921355 ecr 0,nop,wscale 7], length 0
14:21:06.875553 IP (tos 0x0, ttl 64, id 24572, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52398 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0x94b8), seq 1269859057, win 64240, options [mss 1460,sackOK,TS val 2080922357 ecr 0,nop,wscale 7], length 0
14:21:07.067513 IP (tos 0x0, ttl 64, id 35091, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52396 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0x85cc), seq 2586264232, win 64240, options [mss 1460,sackOK,TS val 2080922549 ecr 0,nop,wscale 7], length 0
14:21:07.372802 IP (tos 0x0, ttl 64, id 25130, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52400 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0xf2ef), seq 603998839, win 64240, options [mss 1460,sackOK,TS val 2080922854 ecr 0,nop,wscale 7], length 0
14:21:07.416945 IP (tos 0x0, ttl 47, id 64591, offset 0, flags [DF], proto UDP (17), length 86)
94.***.***.***.7946 > 95.***.***.***.7946: UDP, length 58
14:21:07.417352 IP (tos 0x0, ttl 64, id 17071, offset 0, flags [DF], proto UDP (17), length 77)
95.***.***.***.7946 > 94.***.***.***.7946: UDP, length 49
14:21:08.379558 IP (tos 0x0, ttl 64, id 25131, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52400 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0xef00), seq 603998839, win 64240, options [mss 1460,sackOK,TS val 2080923861 ecr 0,nop,wscale 7], length 0
14:21:08.572575 IP (tos 0x0, ttl 64, id 32740, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
综上所述;网状路由器的负载平衡适用于本地网络,但不适用于远程 workers/containers.
I made sure that needed ports are open;
但是...
Tcpdump was on the manager side, worker's tcpdump was completely empty for both ports.
这是网络阻止数据包的标志。有不止一个地方可以阻止跨网络的连接,仅打开主机上的端口通常是不够的。您需要通过与这些设备的所有者检查网络上的每一跳来确定数据包被阻止的位置。
我有一个管理器和一个工作节点,管理器在云端,工作器是我的个人计算机,所以它们在不同的子网上。两者都被列为活跃。
我的主要问题是创建服务并按预期扩展它,管理器和工作人员都启动了一个容器等,但网状路由器不起作用。容器包含一个简单的乒乓类型的服务器,如果比例为 1 并且只有管理器拥有容器 运行 那么我应该能够 cURL 我的工作人员并通过工作节点从管理器获得响应,对吧?
如果只有一个 worker 和许多容器,负载平衡会按预期工作,但如果有 3 个 worker 和 3 个容器分布在它们之间,则负载平衡不起作用。
我确保打开了所需的端口;
| IP Address | Start Port | End Port | Start Port | End Port | Protocol | Description | Enabled |
|---|---|---|---|---|---|---|---|
| 192.168.0.20 | 8080 | 8080 | 8080 | 8080 | Both | test-port | Yes |
| 192.168.0.20 | 7946 | 7946 | 7946 | 7946 | Both | Yes | |
| 192.168.0.20 | 4789 | 4789 | 4789 | 4789 | UDP | Yes | |
| 192.168.0.20 | 1234 | 1234 | 1234 | 1234 | Both | Yes | |
| 192.168.0.20 | 2377 | 2377 | 2377 | 2377 | TCP | Yes |
当我检查入口网络时,它显示 Peers 属性中的 worker 和 manager,但 worker 的 IP 显示在本地。
"Peers": [
{
"Name": "1fc94f7e314e",
"IP": "95.***.***.***"
},
{
"Name": "85d4a1a1b3f2",
"IP": "192.168.0.20"
},
]
编辑;添加7946端口的tcpdump,4789端口无声
94.***.***.***.35388 > 95.***.***.***.7946: Flags [P.], cksum 0xea01 (correct), seq 1:302, ack 1, win 502, options [nop,nop,TS val 311036725 ecr 954017851], length 301
14:21:04.266975 IP (tos 0x0, ttl 64, id 54940, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [.], cksum 0x15df (incorrect -> 0x6e42), ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 0
14:21:04.267014 IP (tos 0x0, ttl 47, id 49773, offset 0, flags [DF], proto TCP (6), length 52)
94.***.***.***.35388 > 95.***.***.***.7946: Flags [.], cksum 0x6fbf (correct), ack 1, win 502, options [nop,nop,TS val 311036724 ecr 954017851], length 0
14:21:04.267028 IP (tos 0x0, ttl 64, id 54941, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [.], cksum 0x15df (incorrect -> 0x6e42), ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 0
14:21:04.267720 IP (tos 0x0, ttl 64, id 54942, offset 0, flags [DF], proto TCP (6), length 328)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [P.], cksum 0x16f3 (incorrect -> 0xb31d), seq 1:277, ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 276
14:21:04.267815 IP (tos 0x0, ttl 64, id 54943, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [F.], cksum 0x15df (incorrect -> 0x6d2d), seq 277, ack 302, win 507, options [nop,nop,TS val 954017925 ecr 311036725], length 0
14:21:04.341436 IP (tos 0x0, ttl 47, id 49775, offset 0, flags [DF], proto TCP (6), length 52)
94.***.***.***.35388 > 95.***.***.***.7946: Flags [.], cksum 0x6cea (correct), ack 277, win 501, options [nop,nop,TS val 311036799 ecr 954017925], length 0
14:21:04.341516 IP (tos 0x0, ttl 47, id 49776, offset 0, flags [DF], proto TCP (6), length 52)
94.***.***.***.35388 > 95.***.***.***.7946: Flags [F.], cksum 0x6ce8 (correct), seq 302, ack 278, win 501, options [nop,nop,TS val 311036799 ecr 954017925], length 0
14:21:04.341554 IP (tos 0x0, ttl 64, id 54944, offset 0, flags [DF], proto TCP (6), length 52)
95.***.***.***.7946 > 94.***.***.***.35388: Flags [.], cksum 0x15df (incorrect -> 0x6c98), ack 303, win 507, options [nop,nop,TS val 954017999 ecr 311036799], length 0
14:21:04.572411 IP (tos 0x0, ttl 64, id 31955, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
14:21:04.772361 IP (tos 0x0, ttl 64, id 31958, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
14:21:04.972568 IP (tos 0x0, ttl 64, id 31990, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
^[[A14:21:05.172449 IP (tos 0x0, ttl 64, id 32014, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
14:21:05.372687 IP (tos 0x0, ttl 64, id 32045, offset 0, flags [DF], proto UDP (17), length 150)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 122
14:21:05.416490 IP (tos 0x0, ttl 47, id 64487, offset 0, flags [DF], proto UDP (17), length 86)
94.***.***.***.7946 > 95.***.***.***.7946: UDP, length 58
14:21:05.416902 IP (tos 0x0, ttl 64, id 16979, offset 0, flags [DF], proto UDP (17), length 77)
95.***.***.***.7946 > 94.***.***.***.7946: UDP, length 49
14:21:05.873535 IP (tos 0x0, ttl 64, id 24571, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52398 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0x98a2), seq 1269859057, win 64240, options [mss 1460,sackOK,TS val 2080921355 ecr 0,nop,wscale 7], length 0
14:21:06.875553 IP (tos 0x0, ttl 64, id 24572, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52398 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0x94b8), seq 1269859057, win 64240, options [mss 1460,sackOK,TS val 2080922357 ecr 0,nop,wscale 7], length 0
14:21:07.067513 IP (tos 0x0, ttl 64, id 35091, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52396 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0x85cc), seq 2586264232, win 64240, options [mss 1460,sackOK,TS val 2080922549 ecr 0,nop,wscale 7], length 0
14:21:07.372802 IP (tos 0x0, ttl 64, id 25130, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52400 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0xf2ef), seq 603998839, win 64240, options [mss 1460,sackOK,TS val 2080922854 ecr 0,nop,wscale 7], length 0
14:21:07.416945 IP (tos 0x0, ttl 47, id 64591, offset 0, flags [DF], proto UDP (17), length 86)
94.***.***.***.7946 > 95.***.***.***.7946: UDP, length 58
14:21:07.417352 IP (tos 0x0, ttl 64, id 17071, offset 0, flags [DF], proto UDP (17), length 77)
95.***.***.***.7946 > 94.***.***.***.7946: UDP, length 49
14:21:08.379558 IP (tos 0x0, ttl 64, id 25131, offset 0, flags [DF], proto TCP (6), length 60)
95.***.***.***.52400 > 192.168.0.20.7946: Flags [S], cksum 0x272d (incorrect -> 0xef00), seq 603998839, win 64240, options [mss 1460,sackOK,TS val 2080923861 ecr 0,nop,wscale 7], length 0
14:21:08.572575 IP (tos 0x0, ttl 64, id 32740, offset 0, flags [DF], proto UDP (17), length 115)
95.***.***.***.7946 > 192.168.0.20.7946: UDP, length 87
综上所述;网状路由器的负载平衡适用于本地网络,但不适用于远程 workers/containers.
I made sure that needed ports are open;
但是...
Tcpdump was on the manager side, worker's tcpdump was completely empty for both ports.
这是网络阻止数据包的标志。有不止一个地方可以阻止跨网络的连接,仅打开主机上的端口通常是不够的。您需要通过与这些设备的所有者检查网络上的每一跳来确定数据包被阻止的位置。