docker 网络
[root@iZbp1htnoa70qlle394f3wZ ~]# ip addr # 查看本机所有ip地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever #lo本机回环地址 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:1c:95:f0 brd ff:ff:ff:ff:ff:ff inet 172.27.207.33/20 brd 172.27.207.255 scope global dynamic eth0 valid_lft 314999100sec preferred_lft 314999100sec inet6 fe80::216:3eff:fe1c:95f0/64 scope link valid_lft forever preferred_lft forever #eth0阿里云的内网地址 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:4d:16:a3:3a brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:4dff:fe16:a33a/64 scope link valid_lft forever preferred_lft forever #docker0 为docker为我们生成的网卡地址
启动一个镜像(这里使用tomcat作为测试)
docker run -d -P --name tomcat01 tomcat [root@iZbp1htnoa70qlle394f3wZ ~]# docker exec -it ecbc700ac520 /bin/bash root@ecbc700ac520:/usr/local/tomcat# ip addr bash: ip: command not found 发现tomcat中没有ip这个命令 那我们安装这个命令 root@ecbc700ac520:/usr/local/tomcat# apt update && apt install -y iproute2
启动镜像后在宿主机查看所有ip
[root@iZbp1htnoa70qlle394f3wZ ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:1c:95:f0 brd ff:ff:ff:ff:ff:ff inet 172.27.207.45/20 brd 172.27.207.255 scope global dynamic eth0 valid_lft 314995040sec preferred_lft 314995040sec inet6 fe80::216:3eff:fe1c:95f0/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:4d:16:a3:3a brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:4dff:fe16:a33a/64 scope link valid_lft forever preferred_lft forever 105: vethf713293@if104: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default #这里多了一个网卡,就是新运行的容器ip,容器中有IP与它对应 link/ether 9e:c9:f2:b8:40:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::9cc9:f2ff:feb8:400f/64 scope link valid_lft forever preferred_lft forever
查看容器ip
[root@iZbp1htnoa70qlle394f3wZ ~]# docker exec -it ecbc700ac520 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 104: eth0@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever #这个就是与上面多出来的ip对应
尝试宿主机ping容器
[root@iZbp1htnoa70qlle394f3wZ ~]# ping 172.17.0.1 PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data. 64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.062 ms 64 bytes from 172.17.0.1: icmp_seq=2 ttl=64 time=0.049 ms 64 bytes from 172.17.0.1: icmp_seq=3 ttl=64 time=0.049 ms # 发现可以ping同,也就是可以通信
我们再运行一个镜像
[root@iZbp1htnoa70qlle394f3wZ ~]# docker run -d -P --name tomcat02 fb5657adc892 # 查看容器的ip root@af62e1fde41e:/usr/local/tomcat# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 106: eth0@if107: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
再次查看宿主机的所以ip
[root@iZbp1htnoa70qlle394f3wZ ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group def link/ether 00:16:3e:1c:95:f0 brd ff:ff:ff:ff:ff:ff inet 172.27.207.45/20 brd 172.27.207.255 scope global dynamic eth0 valid_lft 314993980sec preferred_lft 314993980sec inet6 fe80::216:3eff:fe1c:95f0/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group def link/ether 02:42:4d:16:a3:3a brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:4dff:fe16:a33a/64 scope link valid_lft forever preferred_lft forever 105: vethf713293@if104: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master link/ether 9e:c9:f2:b8:40:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::9cc9:f2ff:feb8:400f/64 scope link valid_lft forever preferred_lft forever 107: vetha466b69@if106: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master link/ether 5e:88:b2:c9:e1:9d brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::5c88:b2ff:fec9:e19d/64 scope link # 发现又加了一个IP,并且对应到新建容器的IP valid_lft forever preferred_lft forever
我们尝试容器间相互ping
这里由于tomcat中没有ping命令, 我们根据命令安装 1. root@af62e1fde41e:/usr/local/tomcat# apt-get update 2. root@af62e1fde41e:/usr/local/tomcat# apt install net-tools 3. root@af62e1fde41e:/usr/local/tomcat# apt install iputils-ping # 这里我把原先的容器删除了,我做了个新镜像(可以ping和查看ip的镜像),所有新启动的容器ip会改变 # 宿主机查看所有ip [root@iZbp1htnoa70qlle394f3wZ ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:1c:95:f0 brd ff:ff:ff:ff:ff:ff inet 172.27.207.45/20 brd 172.27.207.255 scope global dynamic eth0 valid_lft 314983703sec preferred_lft 314983703sec inet6 fe80::216:3eff:fe1c:95f0/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:4d:16:a3:3a brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:4dff:fe16:a33a/64 scope link valid_lft forever preferred_lft forever 109: vethd70a562@if108: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether f6:e4:f7:d6:1c:4f brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::f4e4:f7ff:fed6:1c4f/64 scope link valid_lft forever preferred_lft forever 111: veth54f0fa8@if110: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 3e:e6:10:70:86:1e brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::3ce6:10ff:fe70:861e/64 scope link valid_lft forever preferred_lft forever # 容器之间互相ping [root@iZbp1htnoa70qlle394f3wZ ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 202e020c28b9 024406d08dd3 "catalina.sh run" 3 minutes ago Up 3 minutes 0.0.0.0:49159->8080/tcp, :::49159->8080/tcp tomcat02 b89edf074a1f 024406d08dd3 "catalina.sh run" 4 minutes ago Up 4 minutes 0.0.0.0:49158->8080/tcp, :::49158->8080/tcp tomcat01 [root@iZbp1htnoa70qlle394f3wZ ~]# docker exec -it 202e020c28b9 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 110: eth0@if111: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@iZbp1htnoa70qlle394f3wZ ~]# docker exec -it b89edf074a1f ping 172.17.0.3 #容器01ping容器02 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.130 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.072 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.059 ms 64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.062 ms [root@iZbp1htnoa70qlle394f3wZ ~]# docker exec -it 202e020c28b9 ping 172.17.0.2 #容器02ping容器01 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.136 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.064 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.063 ms 64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.066 ms # 能ping通就表明容器之间可以通信
原理
这里的docker0 起交换机的作用,容器之间通信不是之间容器之间通信,而是容器发送请求,通过接交换机,转发到另一个容器接受
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【译】Visual Studio 中新的强大生产力特性
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
· 字符编码:从基础到乱码解决