CentOS 7: 对比docker启动前后,系统都有哪些变化
Docker启动之前
网络接口
[root@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b7:70:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.15/24 brd 192.168.0.255 scope global dynamic ens33
valid_lft 28768sec preferred_lft 28768sec
路由表
[root@localhost ~]# ip route
default via 192.168.0.1 dev ens33
192.168.0.0/24 dev ens33 proto kernel scope link src 192.168.0.15
防火墙规则
iptables -L --line-numbers > 1.txt
Docker启动之后
网络接口
[root@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b7:70:75 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.15/24 brd 192.168.0.255 scope global dynamic ens33
valid_lft 27888sec preferred_lft 27888sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:c2:58:4e:a0 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
新增加了一个网桥docker0,子网172.17.0.1/16
路由表
[root@localhost ~]# ip route
default via 192.168.0.1 dev ens33
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.0.0/24 dev ens33 proto kernel scope link src 192.168.0.15
新增加了一条路由
防火墙规则
iptables -L --line-numbers > 2.txt
使用vimdiff 1.txt 2.txt,就可看出前后的规则变化了。详细说明请参考iptables相关的资料。
总之,Docker网络的初始化动作包括:创建docker0网桥、为docker0网桥新建子网以及路由、创建相应的iptbales规则等。
网友评论