Dell wyse 5070,单臂软路由

网络结构图

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
@startuml
card ONU as onu
note left: 联通光猫
card "wndr4300 & wifi" as switch
note left: 交换机,ip: 192.168.50.254

frame DELL-wyse5070{
    card enp1s0
    note top: 宿主机网卡,192.168.50.103

    card macvlan as router_macvlan
    note bottom: subnet:192.168.50.0/24\n gateway:192.168.50.1

    card openwrt as router
    note top: 软路由,docker, LAN IP: 192.168.50.1
}

card R7800


onu -- switch
switch -- enp1s0
switch -- router_macvlan
router_macvlan -- router
@enduml

网络结构图

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
@startuml
card ONU as onu
note left: 联通光猫, vlan 3
card "wndr4300 & wifi" as switch
note left: 交换机,ip: 192.168.50.254

frame DELL-wyse5070{
    card enp1s0
    note right: 宿主机网卡,192.168.50.103

    card enp1s0.1
    note right: vlan 1
    enp1s0 -- enp1s0.1
    card enp1s0.3
    note right: vlan 3
    enp1s0 -- enp1s0.3


    card macvlan.1 as router_macvlan_lan
    note right: subnet:192.168.50.0/24\n gateway:192.168.50.1\n vlan 1
    enp1s0.1 -- router_macvlan_lan

    card macvlan.3 as router_macvlan_wan
    note right: subnet:192.168.2.0/24\n gateway:192.168.2.1\n vlan 3
    enp1s0.3 -- router_macvlan_wan


    card openwrt as router
    note bottom: 软路由,docker, LAN IP: 192.168.50.1

    router_macvlan_lan -- router
    router_macvlan_wan -- router
}

card R7800
card pixelbook
note right: vlan 1
onu -- switch
switch -- enp1s0
switch -- pixelbook
@enduml

交换机配置

路由器当交换机用时,在Lan上禁用dhcp Network>Interfaces>Lan>Edit>DHCP Server>General Setup>勾选 “Ignore interface”

宿主机配置

打开网卡混杂模式

1
ip link set enp1s0 promisc on
系统启动后把网卡设置为混杂模式

vim /usr/lib/systemd/system/promiscuous_mode@.service

[Unit]
Description=Control promiscuous mode for interface %i
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/sbin/ip link set promisc on dev %i
ExecStop=/sbin/ip link set promisc off dev %i
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
systemctl enable
systemctl enable promiscuous_mode@enp1s0.service

加载 PPPOE 内核模块

modprobe pppoe

创建vlan

ip link add link enp1s0 name eth0_vlan1 type vlan id 1
ip link set dev eth0_vlan1 up
ip link add link enp1s0 name eth0_vlan3 type vlan id 3
ip link set dev eth0_vlan3 up
ip -d addr show

创建macvlan网络

podman network create \
--subnet=192.168.50.0/24 \
--gateway=192.168.50.1 \
--macvlan=eth0_vlan1 mac1

cat /etc/cni/net.d/mac1.conflist

podman network create \
--subnet=192.168.2.0/24 \
--gateway=192.168.2.1 \
--macvlan=eth0_vlan3 mac3

cat /etc/cni/net.d/mac3.conflist

podman import openwrt-19.07.2-x86-64-generic-rootfs.tar.gz
podman tag 9937828b9656 openwrt:19.07.2

podman run --name openwrt -d \
--network mac1,mac3 \
--privileged openwrt:19.07.2 /sbin/init

podman run --name openwrt -d \
--network mac1,mac3 \
--cap-add=all openwrt:19.07.2 /sbin/init

openwrt 配置

配置openwrt 的ip
vi /etc/config/network

重启openwrt实例后测试 ping 192.168.50.1

Lan 物理设置: 取消勾选“桥接接口”, 接口选择 eth0 Wan 物理设置: 接口选择 eth0 如果没有wan口,手动添加一个接口 Name: wan Protocol: PPPoE Interface: eth0

Wan配置: username: xxx password: xxx

openwrt

https://openwrt.org/ https://hub.docker.com/u/openwrtorg https://hub.docker.com/r/openwrtorg/rootfs

openwrt mirror

https://mirrors.tuna.tsinghua.edu.cn/help/openwrt/ sed -i ‘s_downloads.openwrt.org_mirrors.tuna.tsinghua.edu.cn/openwrt_’ /etc/opkg/distfeeds.conf

网络

/etc/network/interfaces 不是systemd-networkd的配置文件,如果使用systemd-networkd要把 /etc/network/interfaces 备份删除。

https://openwrt.club/93.html

Docker容器的网络配置 为 docker 创建 macvlan 模式的虚拟网卡,并关联到宿主机。涉及到ipv4,ipv6地址请自行修改

LAN 口

docker network create -d macvlan \
--subnet=172.16.60.0/24 \
--gateway=172.16.60.254 \
--ipv6 \
--subnet=fe80::/16 \
--gateway=fe80::1 \
-o parent=ens33 \
-o macvlan_mode=bridge \
openwrt-LAN

WAN 口

docker network create -d macvlan \
--subnet=192.168.0.0/24 \
--gateway=192.168.0.254 \
--ipv6 --subnet=fe81::/16 \
--gateway=fe81::1 \
-o parent=ens34 \
-o macvlan_mode=bridge \
openwrt-WAN

建立以及启动容器 创建容器镜像

docker import openwrt-x86-64-generic-rootfs.tar.gz lean_openwrt

启动容器

docker run -it -d \
--restart always \
--network openwrt-LAN \
--privileged \
--name openwrt \
lean_openwrt /sbin/init

将第二块网卡的挂接到 openwrt

docker network connect openwrt-WAN openwrt

修改OpenWRT配置 进入容器

docker exec -it openwrt /bin/sh

编辑 /etc/config/network

  config interface 'lan'
  option type 'bridge'
  option ifname 'eth0'  
  option proto 'static'
  option ipaddr '172.16.60.1'
  option netmask '255.255.255.0'
  option ip6assign '64'

  config interface 'wan'
  option ifname 'eth1'  
  option proto 'dhcp'
  option ip6assign '64'

重启OpenWRT网络服务

/etc/init.d/network restart

将OpenWRT作为宿主机的网关 由于容器网络采用 macvlan 的 bridge 模式,即使宿主机与容器在同一网段,相互之间也是无法通信的。为了解决这个问题,需利用多个 macvlan 接口之间是互通的原理,新建macvlan虚拟接口:

ip link add link ens33 vLAN type macvlan mode bridge   
ip addr add 172.16.60.253/24 brd + dev vLAN   
ip link set vLAN up
ip route del default                
ip route add default via 172.16.60.1 dev vLAN     

#设置宿主机的dns服务器为OpenWRT

echo "nameserver 172.16.60.1" > /etc/resolv.conf  

将宿主机的网络配置加入到自启动脚本中 为了保证在Linux重启后,网络依然可以生效,我们将上一步中的配置加入到启动脚本(例如rc.local)。

剩下的事情就是OpenWRT的基本配置了,在这里就不在详述了。

reference

https://vvl.me/2019/10/one-armed-router/ https://openwrt.club/93.html https://github.com/luoqeng/OpenWrt-on-Docker https://www.youtube.com/watch?v=jXMgAz_GQxI

http://lpwei.com/index.php/archives/39/ https://github.com/lisaac/blog/issues/4 https://www.cnblogs.com/iiiiher/p/8067226.html