一、Docker网络常用操作
- 查看所有网络
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
4fc4aaec82a5 bridge bridge local
19bd9f591d5d host host local
b92ceb209c2e none null local
- 其它操作
connect 将某个容器链接到网络
create 创建一个网络
disconnect 将某个容器的网络链接关闭
inspect 查看某个(某些)网络的详细信息(-f 或 -v 参数)
ls
prune 删除所有未使用的网络
rm 删除网络
$ docker network inspect -v xxxxx
[
{
"Name": "bridge",
"Id": "4fc4aaec82a534225793dbbf5b406a3ab66b00132d386b584ed9426834687745",
"Created": "2020-06-04T16:29:40.706593093+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"8c8a5e112044eb559f6f9001a86474f5139d2a62558657659b6e5d3e5075ccff": {
"Name": "objective_neumann",
"EndpointID": "922567f06e1672ebf7c7c12bb6f21c23dbe6c159405cb4dd13718d784d4b1ad0",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"e629ee87ff7b9b53cb58d5354b46cbe825e8961e4274c2472e5914b3c12f8b41": {
"Name": "clever_thompson",
"EndpointID": "ac1187009f04fc03bc7f86f4a16befeef20a0624a365be354756c6d80bdc92d1",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
- 运行容器时可以通过 -network 制定需要连接哪些网络
$ docker run -it -network 网络名称 -d xxxx
- 运行容器时可以通过 -network 制定需要连接哪个网络模式
$ docker run -it -net=bridge -d xxxx
$ docker run -it -net=none -d xxxx
$ docker run -it -net=host -d xxxx
$ docker run -it -net=container:容器名称或者ID -d xxxx
- 进入容器后查看当前的网络模式
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
48: eth0@if49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
二、相关概念
- 安装Docker时会默认安装三个网络 bridge 、none 、host
| 网络模式 | 说明 |
|---|---|
| host | 不单独分配虚拟的网络,使用宿主机的IP和端口 |
| bridge | 每个容器独立分配虚拟网络,会分配IP等,会将容器链接到一个docker0虚拟网桥,通过docker0网桥以及iptables nat表配置和宿主主机通信 |
| none | 关闭网络功能 |
| container | 跟制定容器共享网络 |
- Docker 使用Linux的namespace技术进行资源隔离,PID namespace进行隔离进程,mount namespace 隔离系统文件,network namespace隔离网络(有独立的网卡,路由,Iptable规则等)
Bridge网络模式拓扑
1、Docker 启动时会在宿主机上创建一个 docker0 的虚拟网桥,此主机上启动的容器都会连接到这个网桥上;
2、Docker会选择一个和宿主机不同的IP分配给 docker0,连接到 docker0 的容器就会从这个子网络中分配一个唯一的IP。(此时的 docker0 就像一个交换机)
- 在宿主机上 ifconfig 是可以看到 docker0 虚拟网卡的
$ ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:65ff:fed4:e2f3 prefixlen 64 scopeid 0x20<link>
ether 02:42:65:d4:e2:f3 txqueuelen 0 (Ethernet)
RX packets 4706129 bytes 538220504 (513.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5546112 bytes 977615519 (932.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::50a5:60d4:9f7e:1ec9 prefixlen 64 scopeid 0x20<link>
ether 60:45:cb:80:5f:0c txqueuelen 1000 (Ethernet)
RX packets 12668642 bytes 4563730002 (4.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8807929 bytes 2711728512 (2.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3532792 bytes 542334900 (517.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3532792 bytes 542334900 (517.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth7852b8e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5863:e3ff:fe86:c1cb prefixlen 64 scopeid 0x20<link>
ether 5a:63:e3:86:c1:cb txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vetha7a96fc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::2087:2eff:fe24:f116 prefixlen 64 scopeid 0x20<link>
ether 22:87:2e:24:f1:16 txqueuelen 0 (Ethernet)
RX packets 4458446 bytes 586243116 (559.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5207066 bytes 468791598 (447.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth7852b8e / vetha7a96fc
Bridge 网络工作流程详解
1、Docker会在主机上创建一对虚拟网卡 veth pari 设备(veth设备总数成对出现的,它们组成一个数据通道)
2、Docker将新创建的 veth pair 设备中一端放在新创建的容器中(命名为 eth0)。另一端放在主机(以vethxxxxx 这样的方式命名)并将整个网络设备加入docker0网桥中
3、从Docker子网中分配IP给容器使用,并将 docker0 的地址设置为默认网关
网友评论