2. 技术
    3. docker网络

    docker网络

    技术2024-08-17  57

    一、网络原理

    1、查询IP地址

    # 查询docker0主机IP地址 [root@172-0-0-2 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo #本机回环地址 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:e0:4c:36:06:04 brd ff:ff:ff:ff:ff:ff inet 172.0.0.2/24 brd 172.0.0.255 scope global noprefixroute enp3s0 #本机内网地址 valid_lft forever preferred_lft forever inet6 fe80::c671:6192:2d73:9b29/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:0f:17:8e:3a brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 #docker0 地址 valid_lft forever preferred_lft forever inet6 fe80::42:fff:fe17:8e3a/64 scope link valid_lft forever preferred_lft forever

    2、运行并启动容器

    #运行容器 [root@172-0-0-2 ~]# docker run -d -P --name tomcat01 tomcat #查询容器IP命令 [root@172-0-0-2 ~]# docker exec -it tomcat01 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 94: eth0@if95: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever #Linux可以ping通容器 [root@172-0-0-2 ~]# ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.177 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.065 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.058 ms 64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.081 ms

    3、原理

    1、每启动一个docker容器,docker就会给docker容器分配一个IP,我们只要安装了docker,就会有一个网卡docker0 桥接模式,使用的技术是evth-pair技术

    测试第二个容器,结论:又增加一对网卡

    [root@172-0-0-2 ~]# docker exec -it tomcat2 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 96: eth0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever failed to resize tty, using default size

    #evth-pair 就是一对虚拟接口,成对出现,一端连接协议一端互联 (evth-pair充当一个桥梁,连接虚拟网络设备)

    4、测试网络连通性

    #结论:容器与容器之间网络是相通的 [root@172-0-0-2 ~]# docker exec -it tomcat2 ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.176 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.114 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.119 ms

    5、结论:Tomcat01 和Tomcat02 是公用的一个路由器,docker0 所有的容器不指定网络情况下,都是docker0路由的,docker会给容器分配一个IP #Docker使用的就是网络接口都是虚拟的,虚拟的转发效率高。只要容器删除,对应网桥一对也会删除.

    二、容器互联–link(不常用)

    –link参数格式为 --link name:alias,其中name是要连接的容器名称,alias是别名

    #探究:inspect

    [root@172-0-0-2 ~]# docker network --help Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network create Create a network disconnect Disconnect a container from a network inspect Display detailed information on one or more networks ls List networks prune Remove all unused networks rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command. "NetworkSettings": { "Bridge": "", "SandboxID": "8ebb6f76a25020a6cd5fcd6ce033a9c44a2d5b2b6faafaaefac5fb86ca761b06", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "8080/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "32771" } ] }, "SandboxKey": "/var/run/docker/netns/8ebb6f76a250", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "1c5f74ea42b15653e1e84a93782cff9a0fad65a6199e6cd9fa55c2088ea950c3", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:03", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "416e3727e427d9235e2f61754ba96cf8b39f0aec8c8c257807b06ce0e180e41b", "EndpointID": "1c5f74ea42b15653e1e84a93782cff9a0fad65a6199e6cd9fa55c2088ea950c3", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:03", "DriverOpts": null } } } } ] #结论:这个tomcat03就是在本地配置了tomcat2的配置

    三、容器自定义网络

    #查看所有docker网络

    [root@172-0-0-2 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 416e3727e427 bridge bridge local 51995348d6ab host host local 6651035c40ec none null local #网络模式 bridge : 桥接 docker(默认) none : 不配置网络 host : 和宿主机共享网络 container : 容器网络连通(用的少,局限性很大)

    测试网络

    [root@172-0-0-2 ~]# docker network --help Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network create Create a network disconnect Disconnect a container from a network inspect Display detailed information on one or more networks ls List networks prune Remove all unused networks rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command. #直接启动的命令 : --net bridge,而这个就是docker0 [root@172-0-0-2 ~]# docker run -d -P --name centos01 centos [root@172-0-0-2 ~]# docker run -d -P --name centos01 --net bridge centos #docker0特点:默认,域名不能访问, --link可以打通连接 #自定义创建网络 # --driver bridge # --subnet 172.0.0.3 # --gateway 172.0.0.1 [root@172-0-0-2 ~]# docker network create --help Usage: docker network create [OPTIONS] NETWORK Create a network Options: --attachable Enable manual container attachment --aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[]) --config-from string The network from which copying the configuration --config-only Create a configuration only network -d, --driver string Driver to manage the Network (default "bridge") --gateway strings IPv4 or IPv6 Gateway for the master subnet --ingress Create swarm routing-mesh network --internal Restrict external access to the network --ip-range strings Allocate container ip from a sub-range --ipam-driver string IP Address Management Driver (default "default") --ipam-opt map Set IPAM driver specific options (default map[]) --ipv6 Enable IPv6 networking --label list Set metadata on a network -o, --opt map Set driver specific options (default map[]) --scope string Control the network's scope --subnet strings Subnet in CIDR format that represents a network segment #修改桥接模式,IP地址,网关,子网掩码 [root@172-0-0-2 ~]# docker network create --driver bridge --subnet 172.0.0.3/24 --gateway 172.0.0.1 mynet #列出网络模式 [root@172-0-0-2 ~]# docker network ls

    四、网络连通

    #docker网络连接 [root@CentOS7 ~]# docker network connect --help Usage: docker network connect [OPTIONS] NETWORK CONTAINER Connect a container to a network Options: --alias strings Add network-scoped alias for the container --driver-opt strings driver options for the network --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --link list Add link to another container --link-local-ip strings Add a link-local address for the container #测试 [root@CentOS7 ~]# docker network connect mynet centos #结论:连通之后就是将centos放到mynet下 #一个容器两个IP地址:例阿里云公网IP,内网IP
    Processed: 0.012, SQL: 9