Docker网络基础
虚拟网络设备
内核模拟的网络设备是成对出现
A
B
内核也可以模交换机,(Linux 内核核心功能就是配置网络)
OVS(Open Virtual Switch)
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:94:00:0a:7a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
跨OVS(Open Virtual Switch)通信
模拟路由器
由宿主机核心转发,1转发0关闭转发.
# cat /proc/sys/net/ipv4/ip_forward
1
跨主机通信
1.桥接模式(广播风暴)物理网卡其实充当的是交换机.
2.NAT模式(效率低).
3.Overlay叠加网络模式.
打通宿主机之间的隧道,在原先容器的数据包上封装上对方宿主机的IP头部.
Docker的默认网络
Docker有以下网络类型:
Bridge:多由于独立container之间的通信
Bridge模式可以将各个容器的端口设为对立的,这样外部宿主机或者容器需要通过该容器所在ip+该容器的端口进行访问,并且本宿主机可以访问本宿主机中的容器。
Host: 直接使用宿主机的网络,端口也使用宿主机的
Overlay:当有多个docker主机时,跨主机的container通信
Macvlan:每个container都有一个虚拟的MAC地址
Macvlan模式可以将各个容器的ip地址设置为与宿主机同一个网段的地址,这样每个容器就是独立的ip,其他宿主机或其他宿主机里的容器都可以通过ip进行互访,但是宿主机不能同该宿主机里的容器进行访问。
none: 禁用网络
管理虚拟网络工具yum install bridge-utils
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.024294000a7a no
veth05bcc9f这个网卡是内核模拟的网络成对出现的属于宿主机的那个接口,另一个接口在容器中.
# ifconfig
veth05bcc9f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 32:8e:4b:28:81:30 txqueuelen 0 (Ethernet)
RX packets 7103398 bytes 6717216559 (6.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6380277 bytes 6532852215 (6.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ip link show
29: veth05bcc9f@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-c50112c3264b state UP mode DEFAULT group default
link/ether 32:8e:4b:28:81:30 brd ff:ff:ff:ff:ff:ff link-netnsid 0
查看docker网路的详细信息
# docker network inspect bwhost_default
[
{
"Name": "bwhost_default",
"Id": "c50112c3264b2edd90b74e8e67011a664d21c7af26a352f9f0a382855d51718d",
"Created": "2021-05-26T22:48:46.829421004+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"4c796426b77271cef0cb4519090c852908547dedd46a7b9b266f52577ac1735b": {
"Name": "bwhost_django_1",
"EndpointID": "a783f0e12191efe05ca16eacbc607d8d63a18766c301a6b30baaaab69989ddab",
"MacAddress": "02:42:ac:12:00:05",
"IPv4Address": "172.18.0.5/16",
"IPv6Address": ""
},
"5ee849b1805e69858c27559361d8072f595acc561bff2df6edbc78e2646c00b2": {
"Name": "bwhost_v2ray_1",
"EndpointID": "147910cc9ed0b313093b816736943376117f352754784aa6ebe134c618e50d3a",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"6e028afc60eb6910d66d524d4448beba366887ae2fec6f587d2a1016fed8cfeb": {
"Name": "bwhost_acme_1",
"EndpointID": "f50af9ada53b963db347c69255645223a595e2b5ddb346f4f17472ec26616dd4",
"MacAddress": "02:42:ac:12:00:04",
"IPv4Address": "172.18.0.4/16",
"IPv6Address": ""
},
"9bc75a9aa23965f4d68b7359c7a9ee886543f69ae360c6fbe1b8ed688bfa81a2": {
"Name": "bwnginx",
"EndpointID": "5966e5e66a7f169264f81caefd71b08f6c246b411ed3b3cf1efa01c37ac73387",
"MacAddress": "02:42:ac:12:00:06",
"IPv4Address": "172.18.0.6/16",
"IPv6Address": ""
},
"e3fd19bba1bbe0ffc1a04471819e7a2beb656745adbed4aa2eccd453ca39516a": {
"Name": "adguard",
"EndpointID": "17dd125a5723e767ccb64d02b3589b2ccad29ce12bbd41b15941ff49a454f612",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "bwhost",
"com.docker.compose.version": "1.29.1"
}
}
]
1.Bridge:对应NAT模式(docker0:)
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:94:00:0a:7a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.Host:让容器共享主机的网络名称空间
docker run -itd --name busybox1 --network host busybox
3.None:表示容器没有网络
总结: Docker:容器的网络模式
open:宿主机和容器共享宿主机的网络名称空间 .
closed:封闭式网络.
bridged:桥接式网络.
joind:链接式网络,让多个容器共享一个网络名称空间.
ip netns add NAME 创建名称空间
# ip netns add r1
# ip netns add r2
# ip netns list
r2
r1
ip link add name veth1.1 type veth peer name veth1.2创建网络设备对
# ip link add name veth1.1 type veth peer name veth1.2
# ip link show
39: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether b6:cd:ed:cc:49:3b brd ff:ff:ff:ff:ff:ff
40: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 9a:6e:6a:6b:06:22 brd ff:ff:ff:ff:ff:ff
ip link set name netns name把网络设备对插入网络名称空间
# ip link set veth1.2 netns r2
# ip link set veth1.1 netns r1
# ip netns exec r1 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
40: veth1.1@if39: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 9a:6e:6a:6b:06:22 brd ff:ff:ff:ff:ff:ff link-netnsid 0
# ip netns exec r2 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
39: veth1.2@if40: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether b6:cd:ed:cc:49:3b brd ff:ff:ff:ff:ff:ff link-netnsid 1
暴露容器
第一种:将容器中的一个端口映射成宿主机中的一个随机端口
第二种:将容器中的一个端口映射成宿主机中的一个端口
第三种:将容器中的一个端口映射成宿主机中的一个特定网卡上的随机端口
第四种:将容器中的一个端口映射成宿主机中的一个特定网卡上的一个端口
docker run -p 80 —name test -it nginx 暴露容器端口-P 8080:80 ,-p 80
# 暴露容器的端口到主机的固定端口
-p, --publish list Publish a container's port(s) to the host
# 暴露容器的端口到主机的随机端口
-P, --publish-all Publish all exposed ports to random ports
docker port CONTAINER 查看容器暴露的端口
Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]
# docker port adguardhome
53/udp -> 0.0.0.0:6653
8082/tcp -> 0.0.0.0:8082
8083/tcp -> 0.0.0.0:8083
联盟式容器
1.新建一个容器
docker run -itd --name redis1 redis
2.其他容器使用相同的网络
docker run -itd --name busybox1 --network container:redis1 busybox
修改docker的默认网络
vi /etc/docker/daemon.json
registry-mirrors镜像仓库地址
bip网段
dnsDNS服务器地址
default-gateway默认网关
hosts允许远程管理
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"bip": "192.168.100.254/24",
"dns": ["8.8.8.8","4.4.4.4","114.114.114.114"]
}
创建网络
# docker network create —help
Usage: docker network create [OPTIONS] NETWORK
# docker network create --subnet 172.16.1.0/24 --gateway 172.16.1.254 docker_network_1.0
fb671de1c146d0efb792128a396caad4de0fbd0c8eebb1cef806e0794fb214ef
# docker network ls
NETWORK ID NAME DRIVER SCOPE
e0b2b0ee3cc6 bridge bridge local
6479de458a14 docker1 bridge local
fb671de1c146 docker_network_1.0 bridge local
4b1f6cecfc15 host host local
86310e5ae7db none null local
创建macvlan网络
# docker network create -d macvlan --subnet 192.168.101.0/24 --gateway 192.168.101.1 -o parent=ens192 -o macvlan_mode=bridge mactestnet --ip-range 192.168.101.210/28
# docker inspect mactestnet
[
{
"Name": "mactestnet",
"Id": "58c7a301c61e783598f8704b2602960218f972e2d8f25d9a6f06bd78e56a89ed",
"Created": "2021-06-08T21:23:30.480992538+08:00",
"Scope": "local",
"Driver": "macvlan",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.101.0/24",
"IPRange": "192.168.101.210/28",
"Gateway": "192.168.101.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"macvlan_mode": "bridge",
"parent": "ens192"
},
"Labels": {}
}
]
文章目录
评论抢沙发