032、学容器必须懂bridge网络(2019-02-19 周二)
docker安装时会创建一个名为 docker0 的linuxbridge。如果不指定 --network ,创建的容器默认都会挂在docker0上
root@docker-lab:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
b41bf72cd691 bridge bridge local
e5cb8d603efd host host local
f9dc6032baba none null local
root@docker-lab:~# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02420e6cb404 no
root@docker-lab:~# docker run -it -d busybox sh
ef89b9d9c9f300d1369b9178096b700fc48313e7b4696c8fd8c898aff4ee1210
root@docker-lab:~# brctl show # 容器启动后可以看到网桥上多出来了一个接口
bridge name bridge id STP enabled interfaces
docker0 8000.02420e6cb404 no veth3936bf3
root@docker-lab:~# ip address # 接口信息如下,if5490
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
5491: veth3936bf3@if5490: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1e:af:87:1d:eb:7c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::1caf:87ff:fe1d:eb7c/64 scope link
valid_lft forever preferred_lft forever
root@docker-lab:~# docker exec -it ef89b9d9c sh
/ # ip address # 在容器里面查看网卡信息,if5491
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5490: eth0@if5491: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@docker-lab:~# docker network inspect bridge # 查看网桥详细信息
[
{
"Name": "bridge",
"Id": "b41bf72cd69194546142efd9b9512c4d7b7fe1b66b3ccb7be982f50ad9881010",
"Created": "2018-12-25T01:30:26.203579986+08:00",
"Scope": "local",
"Driver": "bridge", # 网桥类型
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16", # 自动分配ip段
"Gateway": "172.17.0.1" # 网关地址
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"ef89b9d9c9f300d1369b9178096b700fc48313e7b4696c8fd8c898aff4ee1210": { # 容器id
"Name": "nifty_allen", # 容器name
"EndpointID": "0ff4b8d824df3103390f19fe2275af23dd06f22d8be8d3782060a5ab20fa0519",
"MacAddress": "02:42:ac:11:00:02", # 容器mac
"IPv4Address": "172.17.0.2/16", # 容器ip
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
root@docker-lab:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ef89b9d9c9f3 busybox "sh" 9 minutes ago Up 9 minutes nifty_allen
docker host -- veth3936bf3@if5490
container -- eth0@if5491
if5490 和 if5491 是一对 veth pair,一头在容器里面,一头在docker host上
veth pair技术,在宿主机上创建两个虚拟网络接口 eth0和eth1,veth pair技术的特使是保证无论哪个veth接受到的网络报文,都会无条件的传输给另一方,可以理解成一根管子的两端
关于docker bridge的详细介绍,请参考https://blog.csdn.net/mergerly/article/details/79819318
