docker 容器的网络

容器的网络模式

bridge  

 -net=bridge 默认网络。docker启动后创建一个docker0网桥,默认创建的容器也添加到这个网桥

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:9e:10:d9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.60/24 brd 192.168.10.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::a9bf:2d8e:93ae:ec02/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:22:bb:c4:51 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:22ff:febb:c451/64 scope link
       valid_lft forever preferred_lft forever
[root@localhost ~]# docker pull  busybox
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               web4                58f1e3f2b46e        23 hours ago        109MB
busybox             latest              d8233ab899d4        8 days ago          1.2MB
nginx               latest              f09fe80eb0e7        2 weeks ago         109MB
centos              latest              1e1148e4cc2c        2 months ago        202MB
[root@localhost ~]# docker run -itd --name cf busybox
2a522e6c07026d034e2eb659ee93fc97939c9c0389ae38385d4b50c0efbf0dfa
[root@localhost ~]# docker exec -it cf sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
48: eth0@if49: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
       valid_lft forever preferred_lft forever
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02 
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)
 
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

  

host 

-net=host 容器不会获得一个独立network namespace .而是与宿主机共用一个,这就意味着容器不会有自己的网卡信息,而是使用宿主机的。容器出来网络其他都是隔离

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
[root@localhost ~]# docker run -itd --net=host --name host busybox
aa9742b7b5cfb39a7cd3e69b3244f5b70c1e45bf622102344bdd841bc83ca84d
[root@localhost ~]# docker exec  -it  host sh
/ # ifconfig 
docker0   Link encap:Ethernet  HWaddr 02:42:22:BB:C4:51 
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:22ff:febb:c451/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:74 errors:0 dropped:0 overruns:0 frame:0
          TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8289 (8.0 KiB)  TX bytes:8030 (7.8 KiB)
 
ens33     Link encap:Ethernet  HWaddr 00:0C:29:9E:10:D9 
          inet addr:192.168.10.60  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a9bf:2d8e:93ae:ec02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:221842 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64829 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:246421922 (235.0 MiB)  TX bytes:5781625 (5.5 MiB)
 
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:68 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5912 (5.7 KiB)  TX bytes:5912 (5.7 KiB)
 
veth3d56f5a Link encap:Ethernet  HWaddr 9E:28:5C:41:88:F2 
          inet6 addr: fe80::9c28:5cff:fe41:88f2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)
 
veth4da077b Link encap:Ethernet  HWaddr DA:8D:86:62:1B:E7 
          inet6 addr: fe80::d88d:86ff:fe62:1be7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1046 (1.0 KiB)  TX bytes:2085 (2.0 KiB)
 
veth84f1299 Link encap:Ethernet  HWaddr BE:B2:C0:E4:97:EE 
          inet6 addr: fe80::bcb2:c0ff:fee4:97ee/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)
 
veth90b019f Link encap:Ethernet  HWaddr 66:BC:2B:2A:71:0F 
          inet6 addr: fe80::64bc:2bff:fe2a:710f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1963 (1.9 KiB)  TX bytes:2597 (2.5 KiB)
 
veth9fb9b9e Link encap:Ethernet  HWaddr 9A:C9:A0:BB:67:30 
          inet6 addr: fe80::98c9:a0ff:febb:6730/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)
 
vetheee52bb Link encap:Ethernet  HWaddr AE:39:80:8E:59:33 
          inet6 addr: fe80::ac39:80ff:fe8e:5933/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1695 (1.6 KiB)  TX bytes:2351 (2.2 KiB)
 
vethf4afa27 Link encap:Ethernet  HWaddr 16:D6:9E:3E:99:91 
          inet6 addr: fe80::14d6:9eff:fe3e:9991/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:756 (756.0 B)
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:22ff:febb:c451  prefixlen 64  scopeid 0x20<link>
        ether 02:42:22:bb:c4:51  txqueuelen 0  (Ethernet)
        RX packets 74  bytes 8289 (8.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 89  bytes 8030 (7.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.60  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::a9bf:2d8e:93ae:ec02  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:9e:10:d9  txqueuelen 1000  (Ethernet)
        RX packets 221899  bytes 246427013 (235.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64859  bytes 5788303 (5.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 68  bytes 5912 (5.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5912 (5.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth3d56f5a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::9c28:5cff:fe41:88f2  prefixlen 64  scopeid 0x20<link>
        ether 9e:28:5c:41:88:f2  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth4da077b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d88d:86ff:fe62:1be7  prefixlen 64  scopeid 0x20<link>
        ether da:8d:86:62:1b:e7  txqueuelen 0  (Ethernet)
        RX packets 13  bytes 1046 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 2085 (2.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth84f1299: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::bcb2:c0ff:fee4:97ee  prefixlen 64  scopeid 0x20<link>
        ether be:b2:c0:e4:97:ee  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth90b019f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::64bc:2bff:fe2a:710f  prefixlen 64  scopeid 0x20<link>
        ether 66:bc:2b:2a:71:0f  txqueuelen 0  (Ethernet)
        RX packets 19  bytes 1963 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31  bytes 2597 (2.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth9fb9b9e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::98c9:a0ff:febb:6730  prefixlen 64  scopeid 0x20<link>
        ether 9a:c9:a0:bb:67:30  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
vetheee52bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ac39:80ff:fe8e:5933  prefixlen 64  scopeid 0x20<link>
        ether ae:39:80:8e:59:33  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1695 (1.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 2351 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
vethf4afa27: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::14d6:9eff:fe3e:9991  prefixlen 64  scopeid 0x20<link>
        ether 16:d6:9e:3e:99:91  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 756 (756.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

  

none 

-net=none 

获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置

?
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost ~]# docker run -itd --net=none --name none busybox
fccad0839a9ffa8d78a8e9eb3061d3ed8e845c6bb93c30d6bf9d4c58e3091660
[root@localhost ~]# docker exec  -it  none sh
/ # ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
 
/ #

  

container

-net=container:name /ID

与指定的容器使用同一个network namespace 具有同样的网络配置信息,两个容器处了网络其他都是隔离的

自定网络

与默认的bridge 原理一样,但自定义网络具备内部网络dns发现,可以通过容器名或者主机名容器之间网络通信

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
[root@mast ~]# docker network create  hh
9d52280e25e2bec6f1d5c8091811bcad7eb1c1479e7254d0fc507dcc721ff311
[root@mast ~]# docker network create  cx
6c588fcfe16b98274b0e0990021db79ba8cd7e1d1c8cd4694bc5a8b836a36d82
[root@mast ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
7b27fa407bcb        bridge              bridge              local
6c588fcfe16b        cx                  bridge              local
9d52280e25e2        hh                  bridge              local
c71c8fa068ab        host                host                local
1827f413f2f4        none                null                local
[root@mast ~]#  docker run -it -d --name bs1 --net=hh busybox
a6f0b62f758990000fd67eeb983f8530ea01dde6b1ad5f2ef793264758a97687
[root@mast ~]#  docker run -it -d --name bs2 --net=hh busybox
30ed71b23da1d62b21faeb6449e51661dec49bb740b4837d6b7c2459df6e2b96
[root@mast ~]#  docker run -it -d --name bs3 --net=cx busybox
37d2b2c0e7407ff456e258e9e0acb78be96aeea65ac9670bfad8f9a35d4988d5
[root@mast ~]# docker exec -it bs1 sh
/ # ping bs2
PING bs2 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.570 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.572 ms
64 bytes from 172.18.0.3: seq=2 ttl=64 time=0.196 ms
64 bytes from 172.18.0.3: seq=3 ttl=64 time=0.193 ms
^C
--- bs2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.193/0.382/0.572 ms
/ # ping bs3
PING bs3 (211.137.170.246): 56 data bytes
^C
--- bs3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
/ # exit
[root@mast ~]# docker exec -it bs2 sh
/ # ping bs3
ping: bad address 'bs3'
/ # ping bs3
PING bs3 (211.137.170.246): 56 data bytes
^C
--- bs3 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
/ # exit
 
[root@mast ~]# docker network connect cx bs2
[root@mast ~]# docker exec -it bs2 sh
/ # ping bs3
PING bs3 (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.521 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.159 ms
64 bytes from 172.19.0.2: seq=2 ttl=64 time=0.156 ms
^C
--- bs3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.156/0.278/0.521 ms
/ # exit

  

posted @   烟雨楼台,行云流水  阅读(361)  评论(0编辑  收藏  举报
编辑推荐:
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级:DeepSeek 加持,客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏
点击右上角即可分享
微信分享提示