Docker0基本原理
Docker 服务默认会创建一个 docker0 网桥(evth-pair),它在内核层连通了其他的物理或虚拟网卡,这就将所有容器和本地主机都放到同一个物理网络。
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether fa:16:3e:59:fd:3b brd ff:ff:ff:ff:ff:ff
inet 172.29.67.55/24 brd 172.29.67.255 scope global dynamic eth0
valid_lft 3152665450sec preferred_lft 3152665450sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:29:85:de:4f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
启动Docker容器的时候,Docker会给Docker容器分配一个IP
启动一个容器,会出现一对网卡
宿主机:
497: vethf5da2d@if496: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ba:6f:34:6e:3f:0f brd ff:ff:ff:ff:ff:ff link-netnsid 1
Docker容器内部:
496: eth@if497: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
使用evth-pair设备连接宿主机网络与容器网络
