⭕ 容器之间如何互通访问

⭕ Docker0

  1. ------------------------------------
  2. # 清空所有镜像&容器
  3. ------------------------------------
  4. $ docker rm -f $(docker ps -aq)
  5. $ docker rmi -f $(docker images -aq)
  7. ------------------------------------
  8. # 查看当前ip地址
  9. ------------------------------------
  10. $ ip addr
  11. # 本机ip地址
  12. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  13.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  14.     inet 127.0.0.1/8 scope host lo
  15.        valid_lft forever preferred_lft forever
  16.     inet6 ::1/128 scope host 
  17.        valid_lft forever preferred_lft forever
  18. # 华为云内网地址
  19. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  20.     link/ether fa:16:3e:d4:d9:f1 brd ff:ff:ff:ff:ff:ff
  21.     inet 192.168.0.144/24 brd 192.168.0.255 scope global noprefixroute dynamic eth0
  22.        valid_lft 75498sec preferred_lft 75498sec
  23.     inet6 fe80::f816:3eff:fed4:d9f1/64 scope link 
  24.        valid_lft forever preferred_lft forever
  25. # docker生成的地址
  26. 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
  27.     link/ether 02:42:77:0d:87:93 brd ff:ff:ff:ff:ff:ff
  28.     inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
  29.        valid_lft forever preferred_lft forever
  30.     inet6 fe80::42:77ff:fe0d:8793/64 scope link 
  31.        valid_lft forever preferred_lft forever
  33. ------------------------------------
  34. # 创建个新的容器
  35. ------------------------------------
  36. $ docker run -d -P --name tomcat01 tomcat
  37. # 查看容器的网络id地址
  38. $ docker exec -it tomcat01 ip addr
  39. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  40.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  41.     inet 127.0.0.1/8 scope host lo
  42.        valid_lft forever preferred_lft forever
  43. # 关键部分,虚拟网卡,evth-pair技术创建的
  44. 70: eth0@if71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
  45.     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
  46.     inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
  47.        valid_lft forever preferred_lft forever
  49. ------------------------------------
  50. # 尝试宿主机是否可以ping通docker容器
  51. ------------------------------------
  52. $ ping 172.17.0.2
  54. ------------------------------------
  55. # 再次尝试在宿主机使用[ip addr]
  56. ------------------------------------
  57. $ ip addr
  58. # 多了一个这个,与容器中的网卡是成对的耶
  59. 71: veth3a1d5ce@if70: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
  60.     link/ether a2:f7:88:bf:24:5c brd ff:ff:ff:ff:ff:ff link-netnsid 0
  61.     inet6 fe80::a0f7:88ff:febf:245c/64 scope link 
  62.        valid_lft forever preferred_lft forever
  64. ------------------------------------
  65. # 再启动一个容器试试
  66. ------------------------------------
  67. $ docker run  -d -P --name tomcat2 tomcat
  68. $ ip addr
  69. # 这次宿主机中多了一个这个
  70. 73: vethe7d8134@if72: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
  71.     link/ether be:6d:ee:a4:f6:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 1
  72.     inet6 fe80::bc6d:eeff:fea4:f6b9/64 scope link 
  73.        valid_lft forever preferred_lft forever
  75. ------------------------------------
  76. # 测试两个容器是否可以互相ping通
  77. ------------------------------------

📍 发现

  • 每启动一个容器 , docker都会分配一个ip给容器( 用了veth-pair技术 )
  • 我们只要安装了docker , 就会有一个docker0的网卡出现 , 这个网卡用了桥接模式与宿主机联通
  • Docker中的所有网络接口都是虚拟的 , 虚拟的转发效率高

image.png

⭕ 关于veth-pair

相关参考 : https://www.cnblogs.com/bakari/p/10613710.html
veth-pair 在虚拟网络中充当着桥梁的角色,连接多种网络设备构成复杂的网络。

OpenStac , Docker容器之间的连接 , OVS的连接 , 都是使用veth-pair技术