1. 前言
2. container 模型
2.1 docker container 模型
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07d642f06fa0 busybox:latest "top" About an hour ago Up About an hour container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
// 创建一个与container01共用network namespace的容器container05-container
root@nicktming:~# docker run -d --name container05-container --net container:container01 busybox top
dcc680c896840afed10135c3bf1789c92d9fa10af9675b196dfbb90aee873e56
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dcc680c89684 busybox:latest "top" 5 seconds ago Up 4 seconds container05-container
07d642f06fa0 busybox:latest "top" 2 hours ago Up 2 hours container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
// 查看容器container05-container的网络配置
root@nicktming:~# docker exec -it dcc680c89684 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2855 (2.7 KiB) TX bytes:2228 (2.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 B) TX bytes:336 (336.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ #
/ # echo $$
7
/ # readlink /proc/7/ns/net
net:[4026532172]
/ # exit
root@nicktming:~#
// 查看container01的namespace
root@nicktming:~# docker exec -it container01 sh
/ # echo $$
48
/ # readlink /proc/48/ns/net
net:[4026532172]
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2855 (2.7 KiB) TX bytes:2228 (2.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 B) TX bytes:336 (336.0 B)
/ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
/ # exit
root@nicktming:~#
可以看到
container05-container与container01拥有共同的network namespace, 所以网络配置都一样.
container.png
3. None 网络模型
3.1 docker创建一个none网络模型的容器
3.1.1 创建一个none网络模型的容器
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dcc680c89684 busybox:latest "top" 30 minutes ago Up 30 minutes container05-container
07d642f06fa0 busybox:latest "top" 2 hours ago Up 2 hours container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
root@nicktming:~# docker run -d --name container06-none --net none busybox top
f09c599fc329c10f3e1bb6d8993dddade703d003ce72f356452d7cea5c61a41e
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f09c599fc329 busybox:latest "top" 3 seconds ago Up 2 seconds container06-none
dcc680c89684 busybox:latest "top" 31 minutes ago Up 31 minutes container05-container
07d642f06fa0 busybox:latest "top" 2 hours ago Up 2 hours container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
root@nicktming:~# echo $$
21412
root@nicktming:~# readlink /proc/21412/ns/net
net:[4026531956]
root@nicktming:~# docker exec -it container06-none sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
/ # ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
/ # echo $$
16
/ # readlink /proc/16/ns/net
net:[4026532412]
/ # exit
root@nicktming:~#
可以看到生成了一个新的
network namespacenet:[4026532412], 但是网络配置只有一个lo. 所以需要什么配置可以自己添加.
3.1.2 添加自定义网络配置
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f09c599fc329 busybox:latest "top" 2 hours ago Up 2 hours container06-none
dcc680c89684 busybox:latest "top" 2 hours ago Up 2 hours container05-container
07d642f06fa0 busybox:latest "top" 4 hours ago Up 4 hours container03-host
6998224ba1cb busybox:latest "top" 7 hours ago Up 7 hours container02
3b5d2352935e busybox:latest "top" 7 hours ago Up 7 hours container01
// 查看该容器container06-none在宿主机中的pid
root@nicktming:~# docker inspect container06-none | grep Pid
"PidMode": "",
"Pid": 25052,
// 该容器container06-none所在的network namespace
root@nicktming:~# ls -l /proc/25052/ns/net
lrwxrwxrwx 1 root root 0 May 3 16:50 /proc/25052/ns/net -> net:[4026532412]
root@nicktming:~#
// 该部分可以参考 [mydocker]---网络虚拟设备veth bridge iptables
root@nicktming:~# ln -s /proc/25052/ns/net /var/run/netns/container06-none-net
root@nicktming:~# ip netns list
container06-none-net
ns2
ns1
// 将veth6 attach到docker0
root@nicktming:~# brctl addif docker0 veth6
root@nicktming:~# ip link set veth6 up
// 将veth7放到container06-none-net network namespace
root@nicktming:~# ip link set veth7 netns container06-none-net
// 进入到container06-none-net network namespace 中进行配置
root@nicktming:~# ip netns exec container06-none-net sh
# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
29: veth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether c2:0a:45:98:5f:84 brd ff:ff:ff:ff:ff:ff
#
// 配置ip
# ip link set veth7 name eth0
# ip addr add 172.17.0.5/16 dev eth0
# ip link set eth0 up
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
// 添加默认网关 docker0的ip
# route add default gw 172.17.42.1
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
# exit
3.1.3 进入容器中测试
由于在
container06-none-netnetwork namespace已经配置好了, 当再次进入到container06-none容器时, 可以看到相应的网络配置并且可以进行测试.
root@nicktming:~# docker exec -it container06-none sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr C2:0A:45:98:5F:84
inet addr:172.17.0.5 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::c00a:45ff:fe98:5f84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
// 访问容器container01
/ # ping -c 1 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.079 ms
--- 172.17.0.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.079/0.079/0.079 ms
// 访问容器container02
/ # ping -c 1 172.17.0.4
PING 172.17.0.4 (172.17.0.4): 56 data bytes
64 bytes from 172.17.0.4: seq=0 ttl=64 time=0.084 ms
--- 172.17.0.4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.084/0.084/0.084 ms
// 访问docker0
/ # ping -c 1 172.17.42.1
PING 172.17.42.1 (172.17.42.1): 56 data bytes
64 bytes from 172.17.42.1: seq=0 ttl=64 time=0.084 ms
--- 172.17.42.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.084/0.084/0.084 ms
// 访问宿主机
/ # ping -c 1 172.19.16.7
PING 172.19.16.7 (172.19.16.7): 56 data bytes
64 bytes from 172.19.16.7: seq=0 ttl=64 time=0.070 ms
--- 172.19.16.7 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.070/0.070/0.070 ms
// 访问自己
/ # ping -c 1 172.17.0.5
PING 172.17.0.5 (172.17.0.5): 56 data bytes
64 bytes from 172.17.0.5: seq=0 ttl=64 time=0.063 ms
--- 172.17.0.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.063/0.063/0.063 ms
// 访问自己
/ # ping -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.049 ms
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.049/0.049/0.049 ms
// 访问互联网
/ # ping -c 1 www.baidu.com
PING www.baidu.com (119.63.197.151): 56 data bytes
64 bytes from 119.63.197.151: seq=0 ttl=51 time=54.777 ms
--- www.baidu.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 54.777/54.777/54.777 ms
// 访问network namespace ns1
/ # ping -c 1 192.168.2.10
PING 192.168.2.10 (192.168.2.10): 56 data bytes
64 bytes from 192.168.2.10: seq=0 ttl=63 time=0.076 ms
--- 192.168.2.10 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.076/0.076/0.076 ms
// 访问network namespace ns2
/ # ping -c 1 192.168.2.20
PING 192.168.2.20 (192.168.2.20): 56 data bytes
64 bytes from 192.168.2.20: seq=0 ttl=63 time=0.071 ms
--- 192.168.2.20 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.071/0.071/0.071 ms
// 访问br0
/ # ping -c 1 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: seq=0 ttl=64 time=0.057 ms
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.057/0.057/0.057 ms
/ # exit
root@nicktming:~#
3.2 手动实现
由于该配置与[mydocker]---docker的四种网络模型与原理实现(1) 中的 2.2 手动实现 基本一致, 所以就不再重复.
4. 参考
1. https://blog.csdn.net/csdn066/article/details/77165269
2. https://blog.csdn.net/xbw_linux123/article/details/81873490
5. 全部内容
mydocker.png
1. [mydocker]---环境说明
2. [mydocker]---urfave cli 理解
3. [mydocker]---Linux Namespace
4. [mydocker]---Linux Cgroup
5. [mydocker]---构造容器01-实现run命令
6. [mydocker]---构造容器02-实现资源限制01
7. [mydocker]---构造容器02-实现资源限制02
8. [mydocker]---构造容器03-实现增加管道
9. [mydocker]---通过例子理解存储驱动AUFS
10. [mydocker]---通过例子理解chroot 和 pivot_root
11. [mydocker]---一步步实现使用busybox创建容器
12. [mydocker]---一步步实现使用AUFS包装busybox
13. [mydocker]---一步步实现volume操作
14. [mydocker]---实现保存镜像
15. [mydocker]---实现容器的后台运行
16. [mydocker]---实现查看运行中容器
17. [mydocker]---实现查看容器日志
18. [mydocker]---实现进入容器Namespace
19. [mydocker]---实现停止容器
20. [mydocker]---实现删除容器
21. [mydocker]---实现容器层隔离
22. [mydocker]---实现通过容器制作镜像
23. [mydocker]---实现cp操作
24. [mydocker]---实现容器指定环境变量
25. [mydocker]---网际协议IP
26. [mydocker]---网络虚拟设备veth bridge iptables
27. [mydocker]---docker的四种网络模型与原理实现(1)
28. [mydocker]---docker的四种网络模型与原理实现(2)
29. [mydocker]---容器地址分配
30. [mydocker]---网络net/netlink api 使用解析
31. [mydocker]---网络实现
32. [mydocker]---网络实现测试
网友评论