作者：张华 发表于：2015-07-04版权声明：可以任意转载，转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明( http://blog.csdn.net/quqi99)https://launchpad.net/~apw/+archive/ubuntu/fan/+packagessudo apt-get install lxc upstart #注：不要安装dnsmasq，用默认的lxc-dnsmasq即可，否则需要自己配置lxc与dnsmasq的集成sudo add-apt-repository ppa:apw/fansudo apt-get updatesudo apt-get upgrade #升级到ppa里的fan内核sudo apt-get install iproute2 docker1, 修改/etc/default/lxc-net匹配fan network，假设host的ip是：10.55.61.177, 然后：/etc/init.d/lxc-net restart/etc/init/lxc -> /usr/lib/x86_64-linux-gnu/lxc/lxc-net 中的start()方法（必须安装upstart包，不然init脚本就不会执行）。LXC_ADDR="34.61.177.1"LXC_NETMASK="255.255.255.0"LXC_NETWORK="34.61.177.0/24"LXC_DHCP_RANGE="34.61.177.2,34.61.177.254"2, 修改容器的mtu值, /var/lib/lxc/[con name]/config lxc.network.mtu = 14803, 配置fan#!/bin/bashL_IF="eth0"UNDERLAY="10.55.0.0"OVERLAY="34.0.0.0/8"IP=/sbin/ipif lsmod | grep -q ipip; then rmmod ipipfiLADDR=`ip addr show dev ${L_IF} | grep 'inet ' | awk -F '[/ ]*' '{print $3}'`echo LADDR ${LADDR}OVL_BR_SUBNET=`echo ${OVERLAY} ${LADDR} | awk '{split($1, ad1, "."); split($2, ad2, "."); print ad1[1] "." ad2[3] "." ad2[4] ".0/24"; }'`echo OVL_BR_SUBNET ${OVL_BR_SUBNET}${IP} link add fan0 type ipip local ${LADDR} underlay ${UNDERLAY} dev ${L_IF}${IP} link set dev fan0 up${IP} route add ${OVERLAY} dev fan0# remove lxc nat rule for bridge; breaks end to end between containersiptables -t nat -F# add fan-friendly nat ruleiptables -t nat -A POSTROUTING --source ${OVL_BR_SUBNET} \! --dest ${OVERLAY} -j MASQUERADE${IP} -details link show dev fan04, 容器lxc-create -n container1 -t ubuntulxc-ls --fancylxc-start -n container1 -d # sudo /etc/init.d/apparmor reload, https://bugs.launchpad.net/lxc/+bug/1434737lxc-stop -n container1lxc-destroy -n container1lxc-console -n container1 #使用“Crtl+a q”组合键退出控制台5, 背后vm 34.61.177.189 34.61.178.104eth0 10.55.61.177/23 10.55.61.178/23fan0@eth0 34.61.177.1/24 34.61.178.1/24root@zhhuabj-vivid:~# route -n |grep fan034.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 fan0root@zhhuabj-vivid:~# iptables-save |grep 34.-A POSTROUTING -s 34.61.177.0/24 ! -d 34.0.0.0/8 -j MASQUERADEroot@zhhuabj-vivid2:~# iptables-save |grep 34-A POSTROUTING -s 34.61.178.0/24 ! -d 34.0.0.0/8 -j MASQUERADEroot@zhhuabj-vivid:~# ${IP} -details link show dev fan07: fan0@eth0: mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ipip 10.55.61.177 brd 0.0.0.0 promiscuity 0 ipip remote any local 10.55.61.177 underlay 10.55.0.0 dev eth0 ttl inherit pmtudisc root@zhhuabj-vivid2:~# ${IP} -details link show dev fan07: fan0@eth0: mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ipip 10.55.61.178 brd 0.0.0.0 promiscuity 0 ipip remote any local 10.55.61.178 underlay 10.55.0.0 dev eth0 ttl inherit pmtudisc 注：这里的ipip隧道不需要像neutron l2pop特性那样进行地址学习，因为隧道的另个端口可以直接计算得到。 例如，容器34.61.177.2与容器34.61.178.2通信时，根据路由会先走fan0，fan0能根据34.61.178.2计算得到另一端隧道是10.55.61.178. 容器因为之前会直接走路由就决定了直接到fan0接口，所以不存在像下面的l2pop那样的第2）点要在交换机里进行地址学习的问题。 对于下列1）点，对于fan网络，容器里发包先在一台host上通过arp找到网关的mac地址，剩下的就再走fan0上的路由了。 neutron l2pop，是因为每一个远端隧道都会在br-tun上创建一个port，它不像fan网络可以通过要发包的目前容器的IP计算得到远端隧道地址，所以才需要进行地址学习。 1, disable arp broadcast by adding ip->mac mapping into neighbor table ip neighbor add REMOTE_VM_IP lladdr REMOTE_VM_MAC dev vx-NET_ID nud permanent 2, address study by adding bridge forwording rules into linux bridge bridge fdb add REMOTE_VM_MAC dev vx-NET_ID dst REMOTE_HOST_IPdnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen-address 34.61.177.1 --dhcp-range 34.61.177.2,34.61.177.254 --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative6, 和docker集成 wget -qO- https://get.docker.com/ | sh 若使用docker, docker直接使用lxcbr0这个桥即可， 它也会自动启动dhcp. service lxc-net stop # stop using linux bridge lxcbr0 and dnsmasq on it service docker stop # stop using linux bridge docker0 and dnsmasq on it docker -d -b lxcbr0 --mtu=1480 --iptables=false # using linux bridge lxcbr0 to do as linux bridge of docker 启动容器，docker run -it ubuntu:latest 查看容器，docker ps7, Fan不像vxlan或gre那样支持segmention_id来租户隔离，那样我们想租户隔离的话只能通过namespace下根据多个tunnel ip创建不同的fan，就样就不方便哦。所以可以认为它是FLAT型的。