docker网络
[root@mcw1 ~]$ docker network ls #docker安装时,自动创建了三个网络 NETWORK ID NAME DRIVER SCOPE 494faac7d060 bridge bridge local cd41eede7725 host host local f1ca2d33644e none null local
指定none或者host网络运行容器
指定none网络运行容器 docker run -it --network=none busybox [root@mcw1 ~]$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 4 days ago Up 16 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ [root@mcw1 ~]$ docker run -it --network=none busybox / # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # / # ping 10.0.0.131 PING 10.0.0.131 (10.0.0.131): 56 data bytes ping: sendto: Network is unreachable / # ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.172 ms
桥接网络(brctl)
[root@mcw1 ~]$ brctl #没有查看命令 -bash: brctl: command not found 解决方法: [root@mcw1 ~]$ yum install bridge-utils [root@mcw1 ~]$ brctl show #查看桥接网络 bridge name bridge id STP enabled interfaces docker0 8000.024297f6f9f5 no veth1e4bc85 veth43e82ce [root@mcw1 ~]$ docker run -d httpd #运行一个容器后,再看桥接网络 2f2c3267c3fea477975160249c4854190693dda7df2fbe8ea556dc96a971a1d3 [root@mcw1 ~]$ brctl show #发现运行一个容器后,docker0多个个接口 bridge name bridge id STP enabled interfaces docker0 8000.024297f6f9f5 no veth1e4bc85 veth43e82ce vethcde8cf7
[root@mcw1 ~]$ docker ps #查看容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f2c3267c3fe httpd "httpd-foreground" 6 minutes ago Up 6 minutes 80/tcp gifted_franklin 86193a633fa7 centos "/bin/bash" 11 minutes ago Up 11 minutes laughing_liskov 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 4 days ago Up 39 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$ docker exec -it 861 /bin/bash #进入容器 [root@86193a633fa7 /]# ls bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var [root@86193a633fa7 /]# ip a #查看容器网卡信息 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 21: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@86193a633fa7 /]# exit [root@mcw1 ~]$ brctl show bridge name bridge id STP enabled interfaces docker0 8000.024297f6f9f5 no veth1e4bc85 veth43e82ce vethcde8cf7 [root@mcw1 ~]$ [root@mcw1 ~]$ docker network inspect bridge #查看桥接网络 [ { "Name": "bridge", "Id": "494faac7d0608e95196457a5c9fbadd888ad69db2db3ef567965dd86ae9456a6", "Created": "2021-12-31T09:13:37.431413692+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "2f2c3267c3fea477975160249c4854190693dda7df2fbe8ea556dc96a971a1d3": { "Name": "gifted_franklin", "EndpointID": "478447d435355c772111ae2e72c0f18248eb25dc1345a68bb31e3b138471cc0c", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "5f32a681a40e44455a9016cb7bc8a365aaaee83470c75988399d93fe7db93a81": { "Name": "vigorous_golick", "EndpointID": "de6459bd4d725fe5a2c0808d42e93f68fc563883a6af7dc72b10ba4feed7c1a2", "MacAddress": "02:42:ac:11:00:04", "IPv4Address": "172.17.0.4/16", "IPv6Address": "" }, "86193a633fa74957ef4f09b3abbe6bf8c19f6139824247f4b2ee3aa1b04202be": { "Name": "laughing_liskov", "EndpointID": "fc15ac2a2296481a56047d08aa1f0f39df28225d0a6229c040d7cd3552fba05a", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@mcw1 ~]$ ip a #查看宿主机网卡信息 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d3:09:d5 brd ff:ff:ff:ff:ff:ff inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fed3:9d5/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d3:09:df brd ff:ff:ff:ff:ff:ff inet 172.16.1.131/24 brd 172.16.1.255 scope global ens37 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fed3:9df/64 scope link valid_lft forever preferred_lft forever 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:97:f6:f9:f5 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:97ff:fef6:f9f5/64 scope link valid_lft forever preferred_lft forever 14: veth43e82ce@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP link/ether 1e:02:6d:67:dc:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 2 inet6 fe80::1c02:6dff:fe67:dcb1/64 scope link valid_lft forever preferred_lft forever 22: veth1e4bc85@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP link/ether be:ba:17:78:b7:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::bcba:17ff:fe78:b785/64 scope link valid_lft forever preferred_lft forever 24: vethcde8cf7@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP link/ether e2:ab:b3:bd:ea:44 brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::e0ab:b3ff:febd:ea44/64 scope link valid_lft forever preferred_lft forever [root@mcw1 ~]$ brctl show bridge name bridge id STP enabled interfaces docker0 8000.024297f6f9f5 no veth1e4bc85 veth43e82ce vethcde8cf7 [root@mcw1 ~]$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f2c3267c3fe httpd "httpd-foreground" 10 minutes ago Up 10 minutes 80/tcp gifted_franklin 86193a633fa7 centos "/bin/bash" 16 minutes ago Up 16 minutes laughing_liskov 5f32a681a40e registry:2 "/entrypoint.sh /etc…" 4 days ago Up 43 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick [root@mcw1 ~]$
由图可知,创建一个docker容器,默认在桥接docker0网卡上创建一个接口。接口名称和网卡@前面的值一样,。@后面的f 然后接网卡前面的数字,
[root@mcw1 ~]$ ifconfig docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:97ff:fef6:f9f5 prefixlen 64 scopeid 0x20<link> ether 02:42:97:f6:f9:f5 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5 bytes 438 (438.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.131 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::20c:29ff:fed3:9d5 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d3:09:d5 txqueuelen 1000 (Ethernet) RX packets 14427 bytes 9387349 (8.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7727 bytes 774908 (756.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.1.131 netmask 255.255.255.0 broadcast 172.16.1.255 inet6 fe80::20c:29ff:fed3:9df prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d3:09:df txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 768 (768.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth1e4bc85: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::bcba:17ff:fe78:b785 prefixlen 64 scopeid 0x20<link> ether be:ba:17:78:b7:85 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth43e82ce: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::1c02:6dff:fe67:dcb1 prefixlen 64 scopeid 0x20<link> ether 1e:02:6d:67:dc:b1 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vethcde8cf7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::e0ab:b3ff:febd:ea44 prefixlen 64 scopeid 0x20<link> ether e2:ab:b3:bd:ea:44 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@mcw1 ~]$
bridge网络
[root@mcw1 ~]$ brctl #没有查看命令
-bash: brctl: command not found
解决方法:
[root@mcw1 ~]$ yum install bridge-utils
[root@mcw1 ~]$ brctl show #查看桥接网络
bridge name bridge id STP enabled interfaces
docker0 8000.024297f6f9f5 no veth1e4bc85
veth43e82ce
[root@mcw1 ~]$ docker run -d httpd #运行一个容器后,再看桥接网络
2f2c3267c3fea477975160249c4854190693dda7df2fbe8ea556dc96a971a1d3
[root@mcw1 ~]$ brctl show #发现运行一个容器后,docker0多个个接口
bridge name bridge id STP enabled interfaces
docker0 8000.024297f6f9f5 no veth1e4bc85
veth43e82ce
vethcde8cf7
[root@mcw1 ~]$ docker ps #查看容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f2c3267c3fe httpd "httpd-foreground" 6 minutes ago Up 6 minutes 80/tcp gifted_franklin
86193a633fa7 centos "/bin/bash" 11 minutes ago Up 11 minutes laughing_liskov
5f32a681a40e registry:2 "/entrypoint.sh /etc…" 4 days ago Up 39 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick
[root@mcw1 ~]$ docker exec -it 861 /bin/bash #进入容器
[root@86193a633fa7 /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@86193a633fa7 /]# ip a #查看容器网卡信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
21: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@86193a633fa7 /]# exit
[root@mcw1 ~]$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024297f6f9f5 no veth1e4bc85
veth43e82ce
vethcde8cf7
[root@mcw1 ~]$
[root@mcw1 ~]$ docker network inspect bridge #查看桥接网络
[
{
"Name": "bridge",
"Id": "494faac7d0608e95196457a5c9fbadd888ad69db2db3ef567965dd86ae9456a6",
"Created": "2021-12-31T09:13:37.431413692+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2f2c3267c3fea477975160249c4854190693dda7df2fbe8ea556dc96a971a1d3": {
"Name": "gifted_franklin",
"EndpointID": "478447d435355c772111ae2e72c0f18248eb25dc1345a68bb31e3b138471cc0c",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"5f32a681a40e44455a9016cb7bc8a365aaaee83470c75988399d93fe7db93a81": {
"Name": "vigorous_golick",
"EndpointID": "de6459bd4d725fe5a2c0808d42e93f68fc563883a6af7dc72b10ba4feed7c1a2",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"86193a633fa74957ef4f09b3abbe6bf8c19f6139824247f4b2ee3aa1b04202be": {
"Name": "laughing_liskov",
"EndpointID": "fc15ac2a2296481a56047d08aa1f0f39df28225d0a6229c040d7cd3552fba05a",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@mcw1 ~]$ ip a #查看宿主机网卡信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d3:09:d5 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed3:9d5/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d3:09:df brd ff:ff:ff:ff:ff:ff
inet 172.16.1.131/24 brd 172.16.1.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed3:9df/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:97:f6:f9:f5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:97ff:fef6:f9f5/64 scope link
valid_lft forever preferred_lft forever
14: veth43e82ce@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 1e:02:6d:67:dc:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::1c02:6dff:fe67:dcb1/64 scope link
valid_lft forever preferred_lft forever
22: veth1e4bc85@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether be:ba:17:78:b7:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::bcba:17ff:fe78:b785/64 scope link
valid_lft forever preferred_lft forever
24: vethcde8cf7@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether e2:ab:b3:bd:ea:44 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::e0ab:b3ff:febd:ea44/64 scope link
valid_lft forever preferred_lft forever
[root@mcw1 ~]$ brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024297f6f9f5 no veth1e4bc85
veth43e82ce
vethcde8cf7
[root@mcw1 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f2c3267c3fe httpd "httpd-foreground" 10 minutes ago Up 10 minutes 80/tcp gifted_franklin
86193a633fa7 centos "/bin/bash" 16 minutes ago Up 16 minutes laughing_liskov
5f32a681a40e registry:2 "/entrypoint.sh /etc…" 4 days ago Up 43 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp vigorous_golick
[root@mcw1 ~]$
查看docker0网卡
[root@mcw1 ~]$ ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:97ff:fef6:f9f5 prefixlen 64 scopeid 0x20<link>
ether 02:42:97:f6:f9:f5 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 438 (438.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.131 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:fed3:9d5 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d3:09:d5 txqueuelen 1000 (Ethernet)
RX packets 14427 bytes 9387349 (8.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7727 bytes 774908 (756.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.131 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::20c:29ff:fed3:9df prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d3:09:df txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 768 (768.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1e4bc85: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::bcba:17ff:fe78:b785 prefixlen 64 scopeid 0x20<link>
ether be:ba:17:78:b7:85 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth43e82ce: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1c02:6dff:fe67:dcb1 prefixlen 64 scopeid 0x20<link>
ether 1e:02:6d:67:dc:b1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethcde8cf7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e0ab:b3ff:febd:ea44 prefixlen 64 scopeid 0x20<link>
ether e2:ab:b3:bd:ea:44 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@mcw1 ~]$
==============
user-defined网络
1、指定桥接驱动创建网络,
[root@mcw1 ~]$
[root@mcw1 ~]$ docker network create --driver bridge my_net #创建桥接网络,起个网络名字
063dd5ed24ecf85fe466dc5ce847ea0f5a54529fa1c3baf943d25c3f0e4e2507
[root@mcw1 ~]$ brctl show #查看网络,第一个 就是新建的网络,这里没有显示名字
bridge name bridge id STP enabled interfaces
br-063dd5ed24ec 8000.02425a7ddc7f no
docker0 8000.0242201cab73 no
[root@mcw1 ~]$ docker network inspect my_net #网络查看 my_net ,能看到网络名字,id,创建时间,驱动是桥接,
[ #网络的子网网段,以及网关等信息。网段是docker自动分配的网段
{
"Name": "my_net",
"Id": "063dd5ed24ecf85fe466dc5ce847ea0f5a54529fa1c3baf943d25c3f0e4e2507",
"Created": "2022-01-01T07:47:52.597628781+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
[root@mcw1 ~]$
2、指定ip网段创建容器,同时创建网络
[root@mcw1 ~]$ docker network #tab键查看用创建,连接,断开冷静,列出,prune,删除网络等功能
connect create disconnect inspect ls prune rm
[root@mcw1 ~]$ docker network ls #查看网络,能看到自己创建的网络my_net。然后使用inspect指定网络名字来查看网络的具体信息
NETWORK ID NAME DRIVER SCOPE #ls 查看,根据名字再inspect查看具体信息,比如网段网关,根据id查看是哪个网卡
f83b92c6db8b bridge bridge local
cd41eede7725 host host local
063dd5ed24ec my_net bridge local
f1ca2d33644e none null local
[root@mcw1 ~]$ docker network create --driver bridge --subnet 172.22.16.0/24 --gateway 172.22.16.1 my_net2
10247a1ada112adc856b86c36c449a7d992dabc242457c01b5ad5bd48b7b6e14 #使用命令指定ip网段创建新的网络
[root@mcw1 ~]$ docker network inspect my_net2 #查看网络
[
{
"Name": "my_net2",
"Id": "10247a1ada112adc856b86c36c449a7d992dabc242457c01b5ad5bd48b7b6e14",
"Created": "2022-01-01T08:00:03.066442093+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.22.16.0/24", #可以看到网段和网关都是指定的
"Gateway": "172.22.16.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
[root@mcw1 ~]$ ip a|grep 10247a #根据id过滤新建网卡的全名
6: br-10247a1ada11: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
inet 172.22.16.1/24 brd 172.22.16.255 scope global br-10247a1ada11
[root@mcw1 ~]$ ifconfig br-10247a1ada11 #根据网卡名字查出网卡的信息,显示网卡的ip,即该网段的网关
br-10247a1ada11: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.22.16.1 netmask 255.255.255.0 broadcast 172.22.16.255
ether 02:42:d7:55:5b:0e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3、指定新建的网络,运行容器,动态为容器分配ip
[root@mcw1 ~]$ docker run -it --network=my_net2 busybox # 指定新建的网络,运行容器
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 #容器中显示回环地址
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue #eth0@xx,容器网卡信息
link/ether 02:42:ac:16:10:02 brd ff:ff:ff:ff:ff:ff
inet 172.22.16.2/24 brd 172.22.16.255 scope global eth0 #容器被动态分配到的ip。网络类型,桥接,
valid_lft forever preferred_lft forever
/ #
4、指定新建的网络,运行容器,为容器分配指定静态ip
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox #指定新建的网络,运行容器,为容器分配指定静态ip
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:16:10:03 brd ff:ff:ff:ff:ff:ff
inet 172.22.16.3/24 brd 172.22.16.255 scope global eth0 #为容器指定的静态ip
valid_lft forever preferred_lft forever
/ #
5、各种问题
没有指定子网--network,会报错
[root@mcw1 ~]$ docker run -it --network=my_net --ip 172.22.16.3 busybox
ERRO[0000] error waiting for container: context canceled
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.
[root@mcw1 ~]$ docker inspect my_net
[
{
"Name": "my_net",
"Id": "063dd5ed24ecf85fe466dc5ce847ea0f5a54529fa1c3baf943d25c3f0e4e2507",
"Created": "2022-01-01T07:47:52.597628781+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
问题二;
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox #ip地址被使用了的
docker: Error response from daemon: Address already in use.
[root@mcw1 ~]$
问题三:
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 192.168.16.3 busybox #指定了不存在的网段的ip
ERRO[0000] error waiting for container: context canceled
docker: Error response from daemon: Invalid address 192.168.16.3: It does not belong to any of this network's subnets.
问题四:
[root@mcw1 ~]$ docker run -it --network=my_net --ip 172.22.16.3 busybox 么有指定子网
ERRO[0000] error waiting for container: context canceled
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.
问题五:
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox #容器退出,释放ip,能继续使用,否则再次使用会报错ip已被使用
/ #
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox
/ #
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox
/ #
6、在同一个网络下创建的容器,网络相互之间互通
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox
/ #
/ #
/ # ping 172.22.16.4
PING 172.22.16.4 (172.22.16.4): 56 data bytes
64 bytes from 172.22.16.4: seq=0 ttl=64 time=0.356 ms
64 bytes from 172.22.16.4: seq=1 ttl=64 time=0.074 ms
^C
--- 172.22.16.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.074/0.215/0.356 ms
/ #
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.3 busybox
docker: Error response from daemon: Address already in use.
[root@mcw1 ~]$ docker run -it --network=my_net2 --ip 172.22.16.4 busybox
/ # ping 172.22.16.4
PING 172.22.16.4 (172.22.16.4): 56 data bytes
64 bytes from 172.22.16.4: seq=0 ttl=64 time=0.158 ms
^C
--- 172.22.16.4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.158/0.158/0.158 ms
/ #
7、在不同的网络下,网络不通,以及解决方法
运行一个httpd,默认在docker0下
[root@mcw1 ~]$ docker run -it --network=my_net centos
[root@1f0e216d08e4 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@1f0e216d08e4 /]# ping 172.22.16.4 #使用my_net创建的容器,不能ping通my_net2创建的容器
PING 172.22.16.4 (172.22.16.4) 56(84) bytes of data.
解决方法:
[root@mcw1 ~]$ ip r #查看路由,每个网段都有一条路由,包括my_net1和2的。如果缺少路由咋样,如何模拟
default via 10.0.0.2 dev ens33 proto static metric 100
default via 172.16.1.2 dev ens37 proto static metric 101
10.0.0.0/24 dev ens33 proto kernel scope link src 10.0.0.131 metric 100
172.16.1.0/24 dev ens37 proto kernel scope link src 172.16.1.131 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-063dd5ed24ec proto kernel scope link src 172.18.0.1
172.22.16.0/24 dev br-10247a1ada11 proto kernel scope link src 172.22.16.1
查看ip转发配置,已经配置了的
[root@mcw1 ~]$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
当给没有他们添加一块共有的网络,然后里面就通了
[root@mcw1 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f0e216d08e4 centos "/bin/bash" 12 minutes ago Up 12 minutes peaceful_volhard
6be00b1ef2fd httpd "httpd-foreground" 16 minutes ago Up 16 minutes 0.0.0.0:1008->80/tcp, :::1008->80/tcp inspiring_varahamihira
bd5489bdf75d busybox "sh" 32 minutes ago Up 32 minutes focused_khayyam
27c94878750c busybox "sh" 34 minutes ago Up 34 minutes goofy_jones
[root@mcw1 ~]$ docker network connect my_net2 1f0e
[root@mcw1 ~]$ docker run -it --network=my_net centos
[root@1f0e216d08e4 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@1f0e216d08e4 /]# ping 172.22.16.4
PING 172.22.16.4 (172.22.16.4) 56(84) bytes of data.
64 bytes from 172.22.16.4: icmp_seq=777 ttl=64 time=0.244 ms
64 bytes from 172.22.16.4: icmp_seq=778 ttl=64 time=0.066 ms
容器间通信
ip 通信,或者dns通信。
ip不确定性,所以容器间通信可以用dns,也就是可以用容器名称。--name 指定容器名称。只能在用户自定义网络中使用
[root@mcw1 ~]$ docker run -it --network=my_net2 --name=bbox1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
37: eth0@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:16:10:03 brd ff:ff:ff:ff:ff:ff
inet 172.22.16.3/24 brd 172.22.16.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 172.22.16.4
PING 172.22.16.4 (172.22.16.4): 56 data bytes
64 bytes from 172.22.16.4: seq=0 ttl=64 time=0.177 ms
64 bytes from 172.22.16.4: seq=1 ttl=64 time=0.080 ms
^C
--- 172.22.16.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.080/0.128/0.177 ms
/ # ping bbox1
PING bbox1 (172.22.16.3): 56 data bytes
64 bytes from 172.22.16.3: seq=0 ttl=64 time=0.104 ms
64 bytes from 172.22.16.3: seq=1 ttl=64 time=0.073 ms
^C
--- bbox1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.073/0.088/0.104 ms
[root@mcw1 ~]$ docker run -it --network=my_net2 --name=bbox2 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
39: eth0@if40: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:16:10:04 brd ff:ff:ff:ff:ff:ff
inet 172.22.16.4/24 brd 172.22.16.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
joined两个或多个容器共享一个网络栈,共享网卡和配置信息,可以通过回环地址通信
[root@mcw1 ~]$
[root@mcw1 ~]$ docker run -it --network=container:^C
[root@mcw1 ~]$
[root@mcw1 ~]$ docker run -d -it --name=web1 httpd
f01b71afcc0d8ad11001cde6be0d83537ebf189ea2f397fdb18a322713493cb6
[root@mcw1 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f01b71afcc0d httpd "httpd-foreground" 10 seconds ago Up 9 seconds 80/tcp web1
f2b8bd0e9ab3 busybox "sh" 10 minutes ago Up About a minute bbox2
fb98c05ef10f busybox "sh" 10 minutes ago Up About a minute bbox1
6be00b1ef2fd httpd "httpd-foreground" 38 minutes ago Up 38 minutes 0.0.0.0:1008->80/tcp, :::1008->80/tcp inspiring_varahamihira
[root@mcw1 ~]$ docker run -it --network=container:web1 busybox #执行之后,容器与web1的容器mac地址和ip完全一样,可以通过127,。0.0.1访问web上的各个端口
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
45: eth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
将容器与外部世界连接之容器访问外网
[root@mcw1 ~]$ hostname -I
10.0.0.131 172.16.1.131 172.17.0.1 172.18.0.1 172.22.16.1
[root@mcw1 ~]$ ping -c 1 www.bing.com #在宿主机上查看,网络是通外网的
PING china.bing123.com (202.89.233.100) 56(84) bytes of data.
64 bytes from 202.89.233.100 (202.89.233.100): icmp_seq=1 ttl=128 time=5.18 ms
--- china.bing123.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.187/5.187/5.187/0.000 ms
[root@mcw1 ~]$ docker run -it busybox #运行容器,默认是在docker0网卡上,这里ping书上是通外网的,但是我试验却不通外网,哪里有问题呢
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # ping -c 1 www.bing.com
ping: bad address 'www.bing.com'
/ # ping -c 1 223.5.5.5
PING 223.5.5.5 (223.5.5.5): 56 data bytes
--- 223.5.5.5 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
/ #
如何查看容器所在网络,以及网络的详情
[root@mcw1 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4cb48985e52 busybox "sh" 15 minutes ago Up 15 minutes infallible_bartik
f01b71afcc0d httpd "httpd-foreground" 8 hours ago Up 8 hours 80/tcp web1
f2b8bd0e9ab3 busybox "sh" 8 hours ago Up 8 hours bbox2
fb98c05ef10f busybox "sh" 8 hours ago Up 8 hours bbox1
6be00b1ef2fd httpd "httpd-foreground" 8 hours ago Up 8 hours 0.0.0.0:1008->80/tcp, :::1008->80/tcp inspiring_varahamihira
[root@mcw1 ~]$ docker inspect infallible_bartik -f "{{json .NetworkSettings.Networks }}"
{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"f83b92c6db8bbebf45b2b02377ec1d6f7a6ba2c4844abbac23138fa1f515d3b9","EndpointID":"866ef51a2dfde0cc11d132b02dfdb4f3cad100e4c0ff76168c619a7067229303","Gateway":"172.17.0.1","IPAddress":"172.17.0.4","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:04","DriverOpts":null}}
[root@mcw1 ~]$ docker network inspect f83b92c6d
[
{
"Name": "bridge",
"Id": "f83b92c6db8bbebf45b2b02377ec1d6f7a6ba2c4844abbac23138fa1f515d3b9",
"Created": "2022-01-01T06:01:31.608746019+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"6be00b1ef2fdbfa9689348513d3db0c11ec3a1e0ebc40ecad93ced117ea06c16": {
"Name": "inspiring_varahamihira",
"EndpointID": "f38cf94e00f9fe6ce35afdcb346fd25e3dd7ee06f19db09e8825ce1263bc17b3",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"f01b71afcc0d8ad11001cde6be0d83537ebf189ea2f397fdb18a322713493cb6": {
"Name": "web1",
"EndpointID": "605645d40ada656d764b0db410748f856fa353e6651bbb25a74d5e08118d797c",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"f4cb48985e52c0109f35967e6a6e8ab3e5fcc742a21d9c552bfce777e91e1117": {
"Name": "infallible_bartik",
"EndpointID": "866ef51a2dfde0cc11d132b02dfdb4f3cad100e4c0ff76168c619a7067229303",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
上面这个参数显示是docker0网卡
"com.docker.network.bridge.name": "docker0",
Containersx下还有当前查看的容器网络信息
"f4cb48985e52c0109f35967e6a6e8ab3e5fcc742a21d9c552bfce777e91e1117": {
"Name": "infallible_bartik",
"EndpointID": "866ef51a2dfde0cc11d132b02dfdb4f3cad100e4c0ff76168c619a7067229303",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
}
由上可知,我的容器是docker0网卡,但是为啥不是像其它人的案例那样,能直接通外网呢?
在宿主机上,访问容器ip加web服务端口,是可以访问到的
[root@mcw1 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4cb48985e52 busybox "sh" 25 minutes ago Up 25 minutes infallible_bartik
f01b71afcc0d httpd "httpd-foreground" 8 hours ago Up 8 hours 80/tcp web1
f2b8bd0e9ab3 busybox "sh" 8 hours ago Up 8 hours bbox2
fb98c05ef10f busybox "sh" 8 hours ago Up 8 hours bbox1
6be00b1ef2fd httpd "httpd-foreground" 9 hours ago Up 9 hours 0.0.0.0:1008->80/tcp, :::1008->80/tcp inspiring_varahamihira
[root@mcw1 ~]$ docker exec -it 6be0 hostname -i
172.17.0.2 172.22.16.2
[root@mcw1 ~]$ wget 172.17.0.2:80
--2022-01-01 17:23:22-- http://172.17.0.2/
Connecting to 172.17.0.2:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 45 [text/html]
Saving to: ‘index.html’
100%[========================================================================================================================================>] 45 --.-K/s in 0s
2022-01-01 17:23:22 (5.82 MB/s) - ‘index.html’ saved [45/45]
[root@mcw1 ~]$
在同一个网络docker0下,容器内直接访问其它容器的ip加端口,服务是可以被访问到的
[root@mcw1 ~]$ docker run -it busybox
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # wget 172.17.0.2:80
Connecting to 172.17.0.2:80 (172.17.0.2:80)
saving to 'index.html'
index.html 100% |**********************************************************************************************************************************| 45 0:00:00 ETA
'index.html' saved
/ # cat index.html
<html><body><h1>It works!</h1></body></html>
/ #
回头再细研究研究,容器出外网的事情
如何查看在容器中ping外网,使用tcpdump命令
tcpdump -i docker0 -n icmp #指定icmp协议,指定网卡是docker0
tcpdump -i ens33 -n icmp #再指定网卡是外网ens33
前容器默认不能通外网的原因,未开通ipv4转发
[root@mcw1 ~]$ sysctl -p #执行命令,未发现ipv4转发的配置 ,如果是检查开启了哪些服务,测试上用这命令查可以,生产上还是另找查询生效配置的方式, net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 [root@mcw1 ~]$ tail -1 /etc/sysctl.conf #现在添加转发并使之生效 net.ipv4.ip_forward = 1 然后查看使用docker0网卡的容器,是否能通外网,这里显示可以通外网了。也就是容器默认是能 访问外网的,不能访问,或许是未开启IPv4转发 / # hostname -i 172.17.0.4 / # ping -c 1 www.baidu.com PING www.baidu.com (110.242.68.4): 56 data bytes 64 bytes from 110.242.68.4: seq=0 ttl=127 time=12.046 ms --- www.baidu.com ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 12.046/12.046/12.046 ms 容器默认通外网,tcpdump检查网络 [root@mcw1 ~]$ tcpdump -i docker0 -n icmp #指定网络接口,docker0网卡, 指定监听协议, #如下可以看到,icmp协议包,有请求,有响应,每个请求和响应都有id,seq和length。 #容器ip172.17.0.4访问外网www.bing.com,有请求,有响应。这中间是否做了其它事情,下面再看 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on docker0, link-type EN10MB (Ethernet), capture size 262144 bytes 17:48:48.903693 IP 172.17.0.4 > 202.89.233.101: ICMP echo request, id 18, seq 24, length 64 17:48:48.909830 IP 202.89.233.101 > 172.17.0.4: ICMP echo reply, id 18, seq 24, length 64 17:48:49.905262 IP 172.17.0.4 > 202.89.233.101: ICMP echo request, id 18, seq 25, length 64 17:48:49.910749 IP 202.89.233.101 > 172.17.0.4: ICMP echo reply, id 18, seq 25, length 64 17:48:50.907280 IP 172.17.0.4 > 202.89.233.101: ICMP echo request, id 18, seq 26, length 64 17:48:50.913014 IP 202.89.233.101 > 172.17.0.4: ICMP echo reply, id 18, seq 26, length 64 ^C 6 packets captured 6 packets received by filter 0 packets dropped by kernel [root@mcw1 ~]$ iptables-save |grep docker0|grep MASQUERADE #执行命令是查看还是保存,不太清楚,回头再验证。 -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE #现在先看,从容器172.17.0.4发给docker0网卡的包,源ip是172.17.0.0/16网段,符合要;想要通过docker0网卡出去,去外网也符合,然后脚本-j MASQUERADE动作处理,这是个snat,就是将源地址修改为本机ip地址。这样出去的包就成了从宿主机ip地址10.0.0.131向外网www.bing.com发起请求,因为宿主机本身通外网,这样就实现了容器通外网了 [root@mcw1 ~]$ tcpdump -i ens33 -n icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 17:53:40.957791 IP 10.0.0.131 > 202.89.233.101: ICMP echo request, id 18, seq 315, length 64 17:53:40.966779 IP 202.89.233.101 > 10.0.0.131: ICMP echo reply, id 18, seq 315, length 64 17:53:41.958746 IP 10.0.0.131 > 202.89.233.101: ICMP echo request, id 18, seq 316, length 64 17:53:41.963919 IP 202.89.233.101 > 10.0.0.131: ICMP echo reply, id 18, seq 316, length 64‘ ’
外部世界访问容器
[root@mcw1 ~]$ docker run -d -p 80 httpd 4c3b0df65183bd97ca8e48c84f64d148d6892ced92a553ce4c5eeb9ad11319fa [root@mcw1 ~]$ docker ps #ps查看容器映射80 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4c3b0df65183 httpd "httpd-foreground" 8 seconds ago Up 6 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp friendly_noyce [root@mcw1 ~]$ docker port 4c3b #port查看容器映射端口 80/tcp -> 0.0.0.0:49153 80/tcp -> :::49153 [root@mcw1 ~]$ curl 10.0.0.131:49153 #通过访问宿主机ip,宿主机映射端口,来访问容器内部服务 <html><body><h1>It works!</h1></body></html> [root@mcw1 ~]$ docker run -d -p 8080:80 httpd #也可以指定映射端口让外部访问 进程来处理容器的流量 [root@mcw1 ~]$ ps -ef|grep docker-proxy 每一个映射端口,都会启动一个docker-proxy root 2126 1737 0 22:14 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49153 -container-ip 172.17.0.2 -container-port 80 root 2130 1737 0 22:14 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 49153 -container-ip 172.17.0.2 -container-port 80 root 2331 1737 0 22:40 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.3 -container-port 80 root 2335 1737 0 22:40 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 8080 -container-ip 172.17.0.3 -container-port 80 root 2528 1467 0 23:12 pts/0 00:00:00 grep --color=auto docker-proxy
