1. 网络模式
1.1. bridge
应用较多
–net=bridge默认网络,Docker启动后创建一个docker0网桥,默认创建的容器也是添加到这个网桥中。
桥接利用linux的网桥实现的,启动docker后创建一个docker0的网桥
1.2. host
应用较多
–net=host容器不会获得一个独立的网络命令空间network namespace,而是与宿主机共用一个。这就意味着容器不会有自己的网卡信息,而是使用宿主机的。容器除了网络,其他都是隔离的。
一个网络命令空间相当于一个网络世界
在这个容器中起的任何服务都是使用的宿主机的网络命名空间,例如在容器中启用了nginx服务占用80端口,其实就是占用的宿主机的80端口
[root@centos7 ~]# docker pull busyboxUsing default tag: latestlatest: Pulling from library/busybox7c9d20b9b6cd: Pull completeDigest: sha256:dd97a3fe6d721c5cf03abac0f50e2848dc583f7c4e41bf39102ceb42edfd1808Status: Downloaded newer image for busybox:latestdocker.io/library/busybox:latest[root@centos7 ~]# ifconfigdocker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255inet6 fe80::42:c6ff:fe70:5949 prefixlen 64 scopeid 0x20<link>ether 02:42:c6:70:59:49 txqueuelen 0 (Ethernet)RX packets 6 bytes 1146 (1.1 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 16 bytes 1234 (1.2 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 10.0.0.201 netmask 255.255.255.0 broadcast 10.0.0.255inet6 fe80::20c:29ff:fe71:86bb prefixlen 64 scopeid 0x20<link>ether 00:0c:29:71:86:bb txqueuelen 1000 (Ethernet)RX packets 2035 bytes 957273 (934.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1341 bytes 163892 (160.0 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 172.16.1.201 netmask 255.255.255.0 broadcast 172.16.1.255inet6 fe80::20c:29ff:fe71:86c5 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:71:86:c5 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 14 bytes 1008 (1008.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 2 bytes 100 (100.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 2 bytes 100 (100.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth845c544: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet6 fe80::e038:f0ff:fe55:5d8f prefixlen 64 scopeid 0x20<link>ether e2:38:f0:55:5d:8f txqueuelen 0 (Ethernet)RX packets 6 bytes 1230 (1.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 24 bytes 1882 (1.8 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos7 ~]# docker run -it --net=host busybox
/ # ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:C6:70:59:49
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:c6ff:fe70:5949/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1146 (1.1 KiB) TX bytes:1234 (1.2 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:71:86:BB
inet addr:10.0.0.201 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe71:86bb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2022 errors:0 dropped:0 overruns:0 frame:0
TX packets:1330 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:956171 (933.7 KiB) TX bytes:159110 (155.3 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:71:86:C5
inet addr:172.16.1.201 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe71:86c5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1008 (1008.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:100 (100.0 B) TX bytes:100 (100.0 B)
veth845c544 Link encap:Ethernet HWaddr E2:38:F0:55:5D:8F
inet6 addr: fe80::e038:f0ff:fe55:5d8f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1230 (1.2 KiB) TX bytes:1882 (1.8 KiB)
/ #
1.3. none
场景应用非常少
–net=none获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置。
通常是用于有别的网络驱动程序能配置ip,或者想自己手动配置ip,因为就是一个网络命名空间,直接通过ip ns 这个命令去对这个网络命名空间去设置ip
1.4. container
–net=container:Name/ID与指定的容器使用同一个network namespace,具有同样的网络配置信息,两个容器除了网络,其他都还是隔离的。
与指定的容器使用一个网络命名空间,两个容器具有相同的网络配置信息,两个容器使用相同的网络协议栈,其他都还是隔离的
使用方法:—net container:容器ID/容器名(需要使用同一个网络命名空间的容器)
docker run -d —name nginx_bs —net container:容器ID/容器名(需要使用同一个网络命名空间的容器) nginx
# 启动busybox容器
[root@centos7 ~]# docker run -itd --name bs busybox
92b6b87ba790a7012765c111b1aa742c518a4d0b5368f08f0647cfd5d5ada2b9
检查没有任何启动的端口
[root@centos7 ~]# docker exec -it bs netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
nginx容器与busybox 容器使用一个网络命名空间
[root@centos7 ~]# docker run -d --name nginx_bs --net container:bs nginx
510e729ad8489e1197588c3483d4fe3836d731292cc8c76745b77b5b3896c2ce
发现busybox容器中多了个80端口
[root@centos7 ~]# docker exec -it bs netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
1.5. 自定义网络
与默认的bridge原理一样,但自定义网络具备内部DNS发现,可以通过容器名或者主机名容器之间网络通信。
像这种通信在早期使用一个叫link的,而最近一个版本给弃用了,现在最佳方式是使用自定义网络,保证这一套服务的通信
# 创建自定义网络
创建自定义网络:docker network create 自定义网络的名字
[root@centos7 ~]# docker network create bs-test
ca75dfca5a1f4697daa5d1e4b516bce119d3497a64b93888342bdf8b0169fd85
启动容器并指定使用自定义网络
docker run -itd —name bs3 —net 自定义网络的名字 busybox
[root@centos7 ~]# docker run -itd --name bs3 --net bs-test busybox
7e91970e4fe438eddf97f1d47beff89126d6cd75a744a389f340cf0d4ec197e6
[root@centos7 ~]# docker run -itd --name bs4 --net bs-test busybox
87351b2856c8c59b8f6a97d78749ed3c41db7f4c7fc03541cfa12b94d3bf8da2
检查发现两个容器使用同一个自定义网络可以互ping 可以ping—>ip 主机名容器名
# ping容器名
[root@centos7 ~]# docker exec -it bs3 ping bs4
PING bs4 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.127 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.118 ms
^C
--- bs4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.118/0.122/0.127 ms
[root@centos7 ~]# docker exec -it bs4 ping bs3
PING bs3 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.059 ms
64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.236 ms
^C
--- bs3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.059/0.147/0.236 ms
ping容器主机名
[root@centos7 ~]# docker exec -it bs3 hostname
7e91970e4fe4
[root@centos7 ~]# docker exec -it bs4 hostname
87351b2856c8
[root@centos7 ~]# docker exec -it bs3 ping 87351b2856c8
PING 87351b2856c8 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.078 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.220 ms
^C
--- 87351b2856c8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.078/0.149/0.220 ms
[root@centos7 ~]# docker exec -it bs4 ping 7e91970e4fe4
PING 7e91970e4fe4 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.067 ms
^C
--- 7e91970e4fe4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.067/0.067/0.067 ms
2. 容器网络访问原理
3. 桥接宿主机网络与配置固定ip地址
若有收获,就点个赞吧
0 人点赞
