docker 网络

docker 启动时 会在 主机上创建一个 docker0 的网桥 ，同时  会随机分配给网桥一个 未分配的私有ip地址。

此后，启动的容器都会分配一个同网段的地址

当创建一个 Docker 容器的时候，同时会创建了一对 veth pair 接口（当数据包发送到一个
接口时，另外一个接口也可以收到相同的数据包）。这对接口一端在容器内，即 eth0 ；另
一端在本地并被挂载到 docker0 网桥，名称以 veth 开头（例如 下面示例中的  veth1596ba3@if64   和 vethaf230bd@if66

）。通过这种
方式，主机可以跟容器通信，容器之间也可以相互通信。Docker 就创建了在主机和所有容器
之间一个虚拟共享网络。

 

主机上

[root@jinkang-centos7 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:16:3e:0b:89:7f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.76/24 brd 192.168.0.255 scope global dynamic eth0
       valid_lft 315124844sec preferred_lft 315124844sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ed:2a:f2:11 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
65: veth1596ba3@if64: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether ca:27:eb:f1:f0:2e brd ff:ff:ff:ff:ff:ff link-netnsid 10
67: vethaf230bd@if66: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 1e:35:d8:f4:2f:b2 brd ff:ff:ff:ff:ff:ff link-netnsid 11

 

容器1 

[root@b62c75fe78a3 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
66: eth0@if67: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.3/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:3/64 scope link
       valid_lft forever preferred_lft forever

容器2

[root@da7f228a8a9d /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
64: eth0@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link
       valid_lft forever preferred_lft forever

 

使用自定义网桥 

 

$ sudo systemctl stop docker
$ sudo ip link set dev docker0 down
$ sudo brctl delbr docker0

$ sudo brctl addbr bridge0
$ sudo ip addr add 192.168.5.1/24 dev bridge0
$ sudo ip link set dev bridge0 up

 

/etc/docker/daemon.json 中新增

{
"bridge":"bridge0"
}

systemctl start  docker

 

这时新建容器时，便会桥接到 bridge0 上，ip 便是 192.168.5.1 段的

 

容器之间的互联 还有种方法

docker network create -d bridge my-net

容器1  docker run --name centos1   -it --network mynet   b5b4d78bc90c

容器2  docker run --name centos2   -it --network mynet   b5b4d78bc90c

 

容器1 中  执行

ping  centos2  

容器2 中执行

ping  centos1

都可以互相ping 通