docker--container之间的link,bridge create
container的name和ID一样,也是唯一的,当不知道container的IP时,可以用name替代,但需要先配置link
下面创建两个container 时,未配置link所以ping name 不通。
[root@localhost ~]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f81ab807503c busybox "/bin/sh -c 'while t…" 5 hours ago Up 5 hours test2 cba625871070 busybox "/bin/sh -c 'while t…" 5 hours ago Up 5 hours test1 [root@localhost ~]# docker exec test1 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec test2 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec test1 ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3): 56 data bytes 64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.074 ms 64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.114 ms ^C [root@localhost ~]# docker exec test1 ping test2 ^C [root@localhost ~]# docker exec test2 ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.077 ms 64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.100 ms ^C [root@localhost ~]# docker exec test2 ping test1 ^C [root@localhost ~]#
把test2删了重下创建,并指定link,link具有单向性
[root@localhost ~]# docker stop test2 test2 [root@localhost ~]# docker rm test2 test2 [root@localhost ~]# [root@localhost ~]# docker run --name test2 -d --link test1 busybox /bin/sh -c "while true;do sleep 3600;done" WARNING: IPv4 forwarding is disabled. Networking will not work. 68789fa4dc47ce821337c64898c11693e24dcc47ff06641e89feabd9a7ffe21d [root@localhost ~]# docker exec test2 ping test1 PING test1 (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.073 ms 64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.071 ms 64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.071 ms ^C [root@localhost ~]# docker exec test1 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec test2 ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.076 ms 64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.161 ms ^C [root@localhost ~]# docker exec test2 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec test1 ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3): 56 data bytes 64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.087 ms 64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.085 ms ^C [root@localhost ~]# docker exec test1 ping test2 ^C [root@localhost ~]#
创建bridge
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 4e8172ef8e01 bridge bridge local 9e8c9ce3e33b host host local 6d01f937585b none null local [root@localhost ~]# docker network create -d bridge my-bridge b190bd600feb9ab1293e882b4b5c5b828ab4dda1215fd25e9a1921ac8e2f2f07 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 4e8172ef8e01 bridge bridge local 9e8c9ce3e33b host host local b190bd600feb my-bridge bridge local 6d01f937585b none null local [root@localhost ~]#
create container 并指定docker network
[root@localhost ~]# brctl show #br-b190bd600feb即刚才create的my-bridge bridge name bridge id STP enabled interfaces br-b190bd600feb 8000.0242e6e2a884 no docker0 8000.0242e850c76c no veth59c00fa vethfdefc77 virbr0 8000.525400105abe yes virbr0-nic [root@localhost ~]# docker run -d --name test3 --network my-bridge busybox /bin/sh -c "while true;do sleep 3600;done" #增加network参数 WARNING: IPv4 forwarding is disabled. Networking will not work. cec10f0cd32dc6c059bf29173572a34d0d41c2ff5602d0b8ccac0032a4ac2911 [root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces br-b190bd600feb 8000.0242e6e2a884 no veth75fc0ca docker0 8000.0242e850c76c no veth59c00fa vethfdefc77 virbr0 8000.525400105abe yes virbr0-nic [root@localhost ~]#
再create container 网络连接my-bridge
[root@localhost ~]# docker run -d --name test4 --network my-bridge busybox /bin/sh -c "while true;do sleep 3600;done" WARNING: IPv4 forwarding is disabled. Networking will not work. 19216c85489ee71d68bff33ff1ce64a6aff4f035e91659acd08ec9349e3440f3 [root@localhost ~]# docker network inspect my-bridge [ { "Name": "my-bridge", "Id": "b190bd600feb9ab1293e882b4b5c5b828ab4dda1215fd25e9a1921ac8e2f2f07", "Created": "2019-07-18T20:11:48.739837987-07:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "19216c85489ee71d68bff33ff1ce64a6aff4f035e91659acd08ec9349e3440f3": { "Name": "test4", "EndpointID": "9411999854b328be4ad2362a38967f770635bfda8cbf34190e0a61fad83bd815", "MacAddress": "02:42:ac:12:00:03", "IPv4Address": "172.18.0.3/16", "IPv6Address": "" }, "cec10f0cd32dc6c059bf29173572a34d0d41c2ff5602d0b8ccac0032a4ac2911": { "Name": "test3", "EndpointID": "e6470a84504340d4668c0c66b6c4d068898ac9c177e0caf51d8869198349f84a", "MacAddress": "02:42:ac:12:00:02", "IPv4Address": "172.18.0.2/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] [root@localhost ~]#
同个bridge同网段,能ping通,不同bridge不同网段,不能ping通
[root@localhost ~]# docker exec test3 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec test4 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 27: eth0@if28: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@localhost ~]# docker exec test3 ping 172.18.0.3 PING 172.18.0.3 (172.18.0.3): 56 data bytes 64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.077 ms 64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.138 ms ^C [root@localhost ~]#
[root@localhost ~]# docker exec test3 ping 172.17.0.3
^C
[root@localhost ~]#
如果container是在用户自定义的bridge上,则默认是link的
[root@localhost ~]# docker exec test3 ping test4 PING test4 (172.18.0.3): 56 data bytes 64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.042 ms 64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.149 ms ^C [root@localhost ~]# docker exec test4 ping test3 PING test3 (172.18.0.2): 56 data bytes 64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.060 ms 64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.065 ms ^C [root@localhost ~]#
如果把别的bridge也连接到用户创建的bridge上,那也是默认link上的
[root@localhost ~]# docker network connect my-bridge test1 [root@localhost ~]# docker network inspect bridge host my-bridge none [root@localhost ~]# docker network inspect my-bridge [ { "Name": "my-bridge", "Id": "b190bd600feb9ab1293e882b4b5c5b828ab4dda1215fd25e9a1921ac8e2f2f07", "Created": "2019-07-18T20:11:48.739837987-07:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "19216c85489ee71d68bff33ff1ce64a6aff4f035e91659acd08ec9349e3440f3": { "Name": "test4", "EndpointID": "9411999854b328be4ad2362a38967f770635bfda8cbf34190e0a61fad83bd815", "MacAddress": "02:42:ac:12:00:03", "IPv4Address": "172.18.0.3/16", "IPv6Address": "" }, "cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a": { "Name": "test1", "EndpointID": "2b5c94ee7d8f5c76ae531e023190528e16cf18f3291298610f3b601511130c32", "MacAddress": "02:42:ac:12:00:04", "IPv4Address": "172.18.0.4/16", "IPv6Address": "" }, "cec10f0cd32dc6c059bf29173572a34d0d41c2ff5602d0b8ccac0032a4ac2911": { "Name": "test3", "EndpointID": "e6470a84504340d4668c0c66b6c4d068898ac9c177e0caf51d8869198349f84a", "MacAddress": "02:42:ac:12:00:02", "IPv4Address": "172.18.0.2/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] [root@localhost ~]# docker exec test4 ping test1 PING test1 (172.18.0.4): 56 data bytes 64 bytes from 172.18.0.4: seq=0 ttl=64 time=0.082 ms 64 bytes from 172.18.0.4: seq=1 ttl=64 time=0.170 ms ^C [root@localhost ~]#
