美文网首页
docker学习笔记——docker网络

docker学习笔记——docker网络

作者: 无昵称啊 | 来源:发表于2022-03-13 19:12 被阅读0次

一、docker网络模式

1、单机网络
  • Null模式
    1. 把容器放入独立的网络空间但不做任何配置
    2. 用户需要通过运行docker network 命令来完成网络配置
  • Host模式
    1. 使用主机网络空间,复用主机网络
  • Container模式
    1. 重用其他容器的网络
  • Bridge模式
    1. 使用Linux网桥和iptables提供容器互联,Docker再每台主机上创建docker0的网桥,通过veth pair连接每一个endpoint
2、跨主机网络
  • Overlay
    1. 通过网络封包实现
  • Underlay
    1. 使用现有底层网络,为每个容器配置可路由的网络IP(IP资源的消耗大,需要网段规划)

二、基于Null网络模式,实现单主机下bridge模式网络

基于Null网络模式容器,实现下图的网络结构(单主机下模拟bridge模式网络)


启动docker
# 执行以下命令启动两个docker
$ sudo docker run --network none -d nginx
$ sudo docker run --network none -d nginx
# 查看并获取docker的pid
$ sudo docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED             STATUS             PORTS     NAMES
48113f09f569   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour             serene_sanderson
9907e87fba34   nginx     "/docker-entrypoint.…"   2 hours ago         Up 2 hours                   compassionate_nightingale
$ sudo docker inspect 1cb1cb496de4|grep -i pid
            "Pid": 1703143,
            "PidMode": "",
            "PidsLimit": null,
$ sudo docker inspect 52eaab254d07|grep -i pid
            "Pid": 1702968,
            "PidMode": "",
            "PidsLimit": null,
$ pid_docker0=1703143
$ pid_docker1=1702968
配置docker网络namespace
# 查看docker的namespace
$ sudo ls -l /proc/$pid_docker0/ns
total 0
lrwxrwxrwx 1 root root 0 Mar  5 13:18 cgroup -> 'cgroup:[4026531835]'
lrwxrwxrwx 1 root root 0 Mar  5 13:18 ipc -> 'ipc:[4026532302]'
lrwxrwxrwx 1 root root 0 Mar  5 13:18 mnt -> 'mnt:[4026532300]'
lrwxrwxrwx 1 root root 0 Mar  5 13:16 net -> 'net:[4026532305]'
lrwxrwxrwx 1 root root 0 Mar  5 13:18 pid -> 'pid:[4026532303]'
lrwxrwxrwx 1 root root 0 Mar  5 13:18 pid_for_children -> 'pid:[4026532303]'
lrwxrwxrwx 1 root root 0 Mar  5 13:18 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 Mar  5 13:18 uts -> 'uts:[4026532301]'
# 将docker网络的namespace关联到宿主机的网络namespace下
$ sudo ln -s /proc/$pid_docker0/ns/net /var/run/netns/$pid_docker0
$ sudo ln -s /proc/$pid_docker1/ns/net /var/run/netns/$pid_docker1
$ ip netns
1702968
1703143
配置虚拟以太网
# 查看当前的bridge
$ brctl show
bridge name bridge id       STP enabled interfaces
docker0     8000.024256ff4aab   no
# 添加虚拟以太网,供两个容器与docker0网桥联通
$ sudo ip link add docker0_${pid_docker0} type veth peer name docker_${pid_docker0}
$ sudo ip link add docker0_${pid_docker1} type veth peer name docker_${pid_docker1}
$ ip link
...
17: docker_1703143@docker0_1703143: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 6a:e4:b4:d3:bf:d5 brd ff:ff:ff:ff:ff:ff
18: docker0_1703143@docker_1703143: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 3e:d7:3f:9a:18:2f brd ff:ff:ff:ff:ff:ff
19: docker_1702968@docker0_1702968: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether c6:c1:e9:a5:b5:0a brd ff:ff:ff:ff:ff:ff
20: docker0_1702968@docker_1702968: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 7a:7f:4c:3c:a2:6e brd ff:ff:ff:ff:ff:ff
# 将veth的一端连接到docker0网桥上
$ sudo brctl addif docker0 docker0_${pid_docker0}
$ sudo brctl addif docker0 docker0_${pid_docker1}
# 启动veth连接docker0网桥端设备
$ sudo ip link set docker0_${pid_docker0} up
$ sudo ip link set docker0_${pid_docker1} up
# 将veth的另一端namespace设置为对应docker的namespace,使docker连接veth
$ sudo ip link set docker_${pid_docker0} netns ${pid_docker0}
$ sudo ip link set docker_${pid_docker1} netns ${pid_docker1}
# 查看docker内部网络设备信息
$ sudo ip netns exec ${pid_docker0} ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: docker_1703143@if18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 6a:e4:b4:d3:bf:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
$ sudo ip netns exec ${pid_docker1} ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
19: docker_1702968@if20: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether c6:c1:e9:a5:b5:0a brd ff:ff:ff:ff:ff:ff link-netnsid 0
配置docker内部IP及路由
# 修改docker内对应网卡名称
$ sudo ip netns exec ${pid_docker0} ip link set dev docker_${pid_docker0} name eth0
$ sudo ip netns exec ${pid_docker1} ip link set dev docker_${pid_docker1} name eth0
# 启用docker内网卡
$ sudo ip netns exec ${pid_docker0} ip link set eth0 up
$ sudo ip netns exec ${pid_docker1} ip link set eth0 up
$ sudo ip netns exec ${pid_docker0} ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 6a:e4:b4:d3:bf:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
$ sudo ip netns exec ${pid_docker1} ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether c6:c1:e9:a5:b5:0a brd ff:ff:ff:ff:ff:ff link-netnsid 0
# 配置docker的ip及路由
$ ip0=172.17.0.2
$ ip1=172.17.0.3
$ mac0=16
$ mac1=17
$ gateway=172.17.0.1
$ sudo ip netns exec ${pid_docker0} ip addr add ${ip0}/${mac0} dev eth0
$ sudo ip netns exec ${pid_docker1} ip addr add ${ip1}/${mac1} dev eth0
$ sudo ip netns exec ${pid_docker0} ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6a:e4:b4:d3:bf:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
$ sudo ip netns exec ${pid_docker1} ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c6:c1:e9:a5:b5:0a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.3/17 scope global eth0
       valid_lft forever preferred_lft forever
$ sudo ip netns exec ${pid_docker0} ip route add default via ${gateway}
$ sudo ip netns exec ${pid_docker1} ip route add default via ${gateway}
$ sudo ip netns exec ${pid_docker0} ip route
default via 172.17.0.1 dev eth0 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
$ sudo ip netns exec ${pid_docker1} ip route
default via 172.17.0.1 dev eth0 
172.17.0.0/17 dev eth0 proto kernel scope link src 172.17.0.3
测试docker网络连通性
$ curl 172.17.0.2
<!DOCTYPE html>
...
</html>
$ curl 172.17.0.3
<!DOCTYPE html>
...
</html>

相关文章

网友评论

      本文标题:docker学习笔记——docker网络

      本文链接:https://www.haomeiwen.com/subject/jhtbrrtx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|docker学习笔记——docker网络|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!