docker 容器的网络
容器的网络模式
bridge
-net=bridge 默认网络。docker启动后创建一个docker0网桥,默认创建的容器也添加到这个网桥
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:9e:10:d9 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.60/24 brd 192.168.10.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::a9bf:2d8e:93ae:ec02/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:22:bb:c4:51 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:22ff:febb:c451/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# docker pull busybox
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx web4 58f1e3f2b46e 23 hours ago 109MB
busybox latest d8233ab899d4 8 days ago 1.2MB
nginx latest f09fe80eb0e7 2 weeks ago 109MB
centos latest 1e1148e4cc2c 2 months ago 202MB
[root@localhost ~]# docker run -itd --name cf busybox
2a522e6c07026d034e2eb659ee93fc97939c9c0389ae38385d4b50c0efbf0dfa
[root@localhost ~]# docker exec -it cf sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
48: eth0@if49: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
valid_lft forever preferred_lft forever
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
host
-net=host 容器不会获得一个独立network namespace .而是与宿主机共用一个,这就意味着容器不会有自己的网卡信息,而是使用宿主机的。容器出来网络其他都是隔离
[root@localhost ~]# docker run -itd --net=host --name host busybox
aa9742b7b5cfb39a7cd3e69b3244f5b70c1e45bf622102344bdd841bc83ca84d
[root@localhost ~]# docker exec -it host sh
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:22:BB:C4:51
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:22ff:febb:c451/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:74 errors:0 dropped:0 overruns:0 frame:0
TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8289 (8.0 KiB) TX bytes:8030 (7.8 KiB)
ens33 Link encap:Ethernet HWaddr 00:0C:29:9E:10:D9
inet addr:192.168.10.60 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::a9bf:2d8e:93ae:ec02/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:221842 errors:0 dropped:0 overruns:0 frame:0
TX packets:64829 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:246421922 (235.0 MiB) TX bytes:5781625 (5.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5912 (5.7 KiB) TX bytes:5912 (5.7 KiB)
veth3d56f5a Link encap:Ethernet HWaddr 9E:28:5C:41:88:F2
inet6 addr: fe80::9c28:5cff:fe41:88f2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
veth4da077b Link encap:Ethernet HWaddr DA:8D:86:62:1B:E7
inet6 addr: fe80::d88d:86ff:fe62:1be7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1046 (1.0 KiB) TX bytes:2085 (2.0 KiB)
veth84f1299 Link encap:Ethernet HWaddr BE:B2:C0:E4:97:EE
inet6 addr: fe80::bcb2:c0ff:fee4:97ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
veth90b019f Link encap:Ethernet HWaddr 66:BC:2B:2A:71:0F
inet6 addr: fe80::64bc:2bff:fe2a:710f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1963 (1.9 KiB) TX bytes:2597 (2.5 KiB)
veth9fb9b9e Link encap:Ethernet HWaddr 9A:C9:A0:BB:67:30
inet6 addr: fe80::98c9:a0ff:febb:6730/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
vetheee52bb Link encap:Ethernet HWaddr AE:39:80:8E:59:33
inet6 addr: fe80::ac39:80ff:fe8e:5933/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1695 (1.6 KiB) TX bytes:2351 (2.2 KiB)
vethf4afa27 Link encap:Ethernet HWaddr 16:D6:9E:3E:99:91
inet6 addr: fe80::14d6:9eff:fe3e:9991/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:756 (756.0 B)
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:22ff:febb:c451 prefixlen 64 scopeid 0x20<link>
ether 02:42:22:bb:c4:51 txqueuelen 0 (Ethernet)
RX packets 74 bytes 8289 (8.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89 bytes 8030 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.60 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::a9bf:2d8e:93ae:ec02 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:9e:10:d9 txqueuelen 1000 (Ethernet)
RX packets 221899 bytes 246427013 (235.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 64859 bytes 5788303 (5.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 68 bytes 5912 (5.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5912 (5.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth3d56f5a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9c28:5cff:fe41:88f2 prefixlen 64 scopeid 0x20<link>
ether 9e:28:5c:41:88:f2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth4da077b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::d88d:86ff:fe62:1be7 prefixlen 64 scopeid 0x20<link>
ether da:8d:86:62:1b:e7 txqueuelen 0 (Ethernet)
RX packets 13 bytes 1046 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26 bytes 2085 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth84f1299: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::bcb2:c0ff:fee4:97ee prefixlen 64 scopeid 0x20<link>
ether be:b2:c0:e4:97:ee txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth90b019f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::64bc:2bff:fe2a:710f prefixlen 64 scopeid 0x20<link>
ether 66:bc:2b:2a:71:0f txqueuelen 0 (Ethernet)
RX packets 19 bytes 1963 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31 bytes 2597 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth9fb9b9e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::98c9:a0ff:febb:6730 prefixlen 64 scopeid 0x20<link>
ether 9a:c9:a0:bb:67:30 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vetheee52bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ac39:80ff:fe8e:5933 prefixlen 64 scopeid 0x20<link>
ether ae:39:80:8e:59:33 txqueuelen 0 (Ethernet)
RX packets 14 bytes 1695 (1.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26 bytes 2351 (2.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethf4afa27: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::14d6:9eff:fe3e:9991 prefixlen 64 scopeid 0x20<link>
ether 16:d6:9e:3e:99:91 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 756 (756.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
none
-net=none
获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置
[root@localhost ~]# docker run -itd --net=none --name none busybox
fccad0839a9ffa8d78a8e9eb3061d3ed8e845c6bb93c30d6bf9d4c58e3091660
[root@localhost ~]# docker exec -it none sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
container
-net=container:name /ID
与指定的容器使用同一个network namespace 具有同样的网络配置信息,两个容器处了网络其他都是隔离的
自定网络
与默认的bridge 原理一样,但自定义网络具备内部网络dns发现,可以通过容器名或者主机名容器之间网络通信
[root@mast ~]# docker network create hh 9d52280e25e2bec6f1d5c8091811bcad7eb1c1479e7254d0fc507dcc721ff311 [root@mast ~]# docker network create cx 6c588fcfe16b98274b0e0990021db79ba8cd7e1d1c8cd4694bc5a8b836a36d82 [root@mast ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 7b27fa407bcb bridge bridge local 6c588fcfe16b cx bridge local 9d52280e25e2 hh bridge local c71c8fa068ab host host local 1827f413f2f4 none null local [root@mast ~]# docker run -it -d --name bs1 --net=hh busybox a6f0b62f758990000fd67eeb983f8530ea01dde6b1ad5f2ef793264758a97687 [root@mast ~]# docker run -it -d --name bs2 --net=hh busybox 30ed71b23da1d62b21faeb6449e51661dec49bb740b4837d6b7c2459df6e2b96 [root@mast ~]# docker run -it -d --name bs3 --net=cx busybox 37d2b2c0e7407ff456e258e9e0acb78be96aeea65ac9670bfad8f9a35d4988d5 [root@mast ~]# docker exec -it bs1 sh / # ping bs2 PING bs2 (172.18.0.3): 56 data bytes 64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.570 ms 64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.572 ms 64 bytes from 172.18.0.3: seq=2 ttl=64 time=0.196 ms 64 bytes from 172.18.0.3: seq=3 ttl=64 time=0.193 ms ^C --- bs2 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.193/0.382/0.572 ms / # ping bs3 PING bs3 (211.137.170.246): 56 data bytes ^C --- bs3 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss / # exit [root@mast ~]# docker exec -it bs2 sh / # ping bs3 ping: bad address 'bs3' / # ping bs3 PING bs3 (211.137.170.246): 56 data bytes ^C --- bs3 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss / # exit [root@mast ~]# docker network connect cx bs2 [root@mast ~]# docker exec -it bs2 sh / # ping bs3 PING bs3 (172.19.0.2): 56 data bytes 64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.521 ms 64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.159 ms 64 bytes from 172.19.0.2: seq=2 ttl=64 time=0.156 ms ^C --- bs3 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.156/0.278/0.521 ms / # exit
草都可以从石头缝隙中长出来更可况你呢
