What is Docker Network?

Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。

What is Docker0?

使用Linux下ip addr 命令查看当前网络情况

[root@ChenAliyun ~]# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000

  1. link/ether 00:16:3e:06:bc:c7 brd ff:ff:ff:ff:ff:ff
  3. inet 172.17.253.227/20 brd 172.17.255.255 scope global dynamic noprefixroute eth0
  5.    valid_lft 295740684sec preferred_lft 295740684sec

3: docker0: mtu 1500 qdisc noqueue state UP group default

  1. link/ether 02:42:05:34:37:38 brd ff:ff:ff:ff:ff:ff
  3. inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
  5.    valid_lft forever preferred_lft forever

55: veth76b2447@if54: mtu 1500 qdisc noqueue master docker0 state UP group default

  1. link/ether 82:fa:17:db:99:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0

57: vethd3adc2b@if56: mtu 1500 qdisc noqueue master docker0 state UP group default

  1. link/ether 7e:17:0f:7a:4a:29 brd ff:ff:ff:ff:ff:ff link-netnsid 1
  • lo 是本地回环地址
  • docker0 即docker内部网络的地址 172.18.0.1/16
  • docker使用的是桥接模式,使用的技术是evth-pair技术

由于docker内部容器的是无法直接于宿主机直接通信的,所以使用evth-pair技术在容器和宿主机之间创建一个借口
image.png
image.png

Docker —link(不推荐)

使用—link可以让容器之间建立通信,但是是通过修改宿主机的host文件绑定的,由于docker容器重启后内部的ip也会变化,所以修改的host就找不到之前的容器,因此我们需要通过自定义网络的方式解决容器之间的通信问题。

Custom network

  1. docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
  2. # --driver bridge                 设置网络模式
  3. # --subnet 192.168.0.0/16 子网掩码 分配网络地址
  4. # --gateway 192.168.0.1     网关地址

NETWORK ID NAME DRIVER SCOPE ab63e3af81f6 bridge bridge local dbc265e68ca5 host host local 84c3682f2772 mynet bridge local 7c3c7a14053e none null local

Docker network

  1. Usage:  docker network COMMAND
  3. Manage networks
  5. Commands:
  6.   connect     Connect a container to a network
  7.   create      Create a network
  8.   disconnect  Disconnect a container from a network
  9.   inspect     Display detailed information on one or more networks
  10.   ls          List networks
  11.   prune       Remove all unused networks
  12.   rm          Remove one or more networks
  14. Run 'docker network COMMAND --help' for more information on a command.

Docker network inspect mynet

[ {

  1.     "Name": "mynet",
  3.     "Id": "84c3682f27729a885b313eafd1d3e11a77fd96e022c000a5fdb6569b13f7b64a",
  5.     "Created": "2020-10-25T13:07:19.454638Z",
  7.     "Scope": "local",
  9.     "Driver": "bridge",
  11.     "EnableIPv6": false,
  13.     "IPAM": {
  15.         "Driver": "default",
  17.         "Options": {},
  19.         "Config": [
  21.             {
  23.                "Subnet": "192.168.0.0/16",
  25.                 "Gateway": "192.168.0.1"
  27.             }
  29.         ]
  31.     },
  33.     "Internal": false,
  35.     "Attachable": false,
  37.     "Ingress": false,
  39.     "ConfigFrom": {
  41.         "Network": ""
  43.     },
  45.     "ConfigOnly": false,
  47.     "Containers": {},
  49.     "Options": {},
  51.     "Labels": {}
  53. }

]

Docker network connect

容器连接到网络

Network mode

  • bridge:桥接docker(默认,自己创建也使用bridge mode)
  • none:不配置网络
  • host:和宿主机共享网络
  • container:容器网络连通!(用的少!局限很大)

Create your own network container

docker run -d -P --name tomcat-net-01 --net mynet tomcat

“Containers”: {

  1.         "7089109472e1bc08adadeb35578d4aa1624b708cf308dbfd0bd6b1fc47bbbcc5": {
  3.             "Name": "tomcat-net-01",
  5.             "EndpointID": "12e682932873a2aefc208b94ed71cc0b2c2445177637ac5e2a7604b33cf33439",
  7.             "MacAddress": "02:42:c0:a8:00:02",
  9.             "IPv4Address": "192.168.0.2/16",
  11.             "IPv6Address": ""
  13.         },
  15.         "c8947729b431d459fbccd9eecdb86f359909ef0add4041c5edea86509facf5d5": {
  17.             "Name": "tomcat-net-02",
  19.             "EndpointID": "b3ce60ccfddd350625102a5819151927fb63a7e547390fbdd0e24a1af39e745f",
  21.             "MacAddress": "02:42:c0:a8:00:03",
  23.             "IPv4Address": "192.168.0.3/16",
  25.             "IPv6Address": ""
  27.         }
  29.     },
  31.     "Options": {},
  33.     "Labels": {}

Ping 测试

使用自建网络可以通过容器名ping通容器,达到容器和容器之间通信
docker exec -it tomcat-net-01 ping tomcat-net-02

PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.

64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.039 ms

64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.041 ms

64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.052 ms

64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=4 ttl=64 time=0.033 ms

64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=5 ttl=64 time=0.033 ms