docker网络类型访问原理

• bridge
      –net=bridge 默认网络,Docker启动后创建一个docker0网桥,默认创建的容器也是添加到这个网桥中。
• host –net=host
      容器不会获得一个独立的network namespace,而是与宿主机共用一个。这就意味着容器不会有自己的网卡信息,而是使用宿主
      机的。容器除了网络,其他都是隔离的。
• none
–net=none
      获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置。
• container
     –net=container:Name/ID
     与指定的容器使用同一个network namespace,具有同样的网络配置信息,两个容器除了网络,其他都还是隔离的。
     (两个容器公用一个网络一个网络协议栈,即两个容器使用localhost就可以通信,除了网络,两个容器是完全隔离的。)
• 自定义网络
     与默认的bridge原理一样,但自定义网络具备内部DNS发现,可以通过容器名或者主机名容器之间网络通信。

================================bridge================================
容器通过docker0网桥进行桥接。
root@bogon: ~ 16:48:28
$ ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:3ff:fe27:1f7  prefixlen 64  scopeid 0x20<link>
        ether 02:42:03:27:01:f7  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.199  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:fe1e:8ac2  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:1e:8a:c2  txqueuelen 1000  (Ethernet)
        RX packets 21860  bytes 2196175 (2.0 MiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 1589  bytes 182901 (178.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 180  bytes 17196 (16.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 180  bytes 17196 (16.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethc2d4dce: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::b8cb:20ff:fe69:4ab8  prefixlen 64  scopeid 0x20<link>
        ether ba:cb:20:69:4a:b8  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 1296 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@bogon: ~ 16:48:30
$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
fab507bd2161        busybox             "sh"                37 seconds ago      Up 37 seconds                           recursing_swartz
root@bogon: ~ 16:48:44
$ docker exec -it fab507bd2161 sh
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1296 (1.2 KiB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 

================================host================================
跟宿主机公用一个网络,so网卡信息都是一样的
root@bogon: ~ 16:58:59
$ docker run -itd --rm --net=host busybox
6e40617ab30e53fc8849ab580a4e7a60e4f376353a1d65cdd8febc1c8622d24f
root@bogon: ~ 16:59:04
$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
6e40617ab30e        busybox             "sh"                2 seconds ago       Up 1 second                             wizardly_brahmagupta
root@bogon: ~ 16:59:06
$ docker exec -it 6e40617ab30e sh
/ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:03:27:01:F7
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:3ff:fe27:1f7/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:250 (250.0 B)  TX bytes:1043 (1.0 KiB)

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:1E:8A:C2
          inet addr:192.168.1.199  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe1e:8ac2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24898 errors:0 dropped:3 overruns:0 frame:0
          TX packets:2062 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2424786 (2.3 MiB)  TX bytes:263987 (257.7 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17196 (16.7 KiB)  TX bytes:17196 (16.7 KiB)

/ # root@bogon: ~ 16:59:24
$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:3ff:fe27:1f7  prefixlen 64  scopeid 0x20<link>
        ether 02:42:03:27:01:f7  txqueuelen 0  (Ethernet)
        RX packets 5  bytes 250 (250.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13  bytes 1043 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.199  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a00:27ff:fe1e:8ac2  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:1e:8a:c2  txqueuelen 1000  (Ethernet)
        RX packets 24920  bytes 2427186 (2.3 MiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 2073  bytes 268569 (262.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 180  bytes 17196 (16.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 180  bytes 17196 (16.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@bogon: ~ 16:59:26
$
================================none================================
不常用,不搞了,要手动配ip
root@bogon: ~ 17:05:41
$ docker run -itd --rm --net=none busybox
ca0e32032a93e4f5562ff027f9077f28071ac0f202497ee60883cc32f715cdfc
root@bogon: ~ 17:05:57
$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
ca0e32032a93        busybox             "sh"                4 seconds ago       Up 3 seconds                            focused_ptolemy
root@bogon: ~ 17:06:01
$ docker exec -it ca0e32032a93e4f5562ff027f9077f28071ac0f202497ee60883cc32f715cdfc sh
/ # ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ #
================================container================================
创建一个host网络类型容器,然后通过--net=container:容器ID,指定新容器使用同一个网络协议栈network namespace。
root@bogon: ~ 17:15:43
$ docker run -itd --rm --net=host busybox
6f0506776fcca633d70dc7f91010b3c4c049f13aff839bd73e57e6717a8ac391
root@bogon: ~ 17:16:00
$ docker exec -it 6f0506776fcca633d70dc7f91010b3c4c049f13aff839bd73e57e6717a8ac391 sh
/ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:03:27:01:F7
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:3ff:fe27:1f7/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:250 (250.0 B)  TX bytes:1043 (1.0 KiB)

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:1E:8A:C2
          inet addr:192.168.1.199  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe1e:8ac2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31244 errors:0 dropped:3 overruns:0 frame:0
          TX packets:3486 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2945753 (2.8 MiB)  TX bytes:593015 (579.1 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17196 (16.7 KiB)  TX bytes:17196 (16.7 KiB)

/ # exit
root@bogon: ~ 17:16:18
$ docker run -itd --rm --net=container:6f0506776fcca633d70dc7f91010b3c4c049f13aff839bd73e57e6717a8ac391 busybox
d020d4968fe9fa73d1dfbaef4a7b2672aa18c8806a56c54374c3b9e0ffd9ae9d
root@bogon: ~ 17:16:53
$ docker exec -it d020d4968fe9fa73d1dfbaef4a7b2672aa18c8806a56c54374c3b9e0ffd9ae9d sh
/ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:03:27:01:F7
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:3ff:fe27:1f7/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:250 (250.0 B)  TX bytes:1043 (1.0 KiB)

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:1E:8A:C2
          inet addr:192.168.1.199  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe1e:8ac2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31775 errors:0 dropped:3 overruns:0 frame:0
          TX packets:3643 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2994351 (2.8 MiB)  TX bytes:621099 (606.5 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17196 (16.7 KiB)  TX bytes:17196 (16.7 KiB)

/ #
================================自定义网络================================内部有DNS发现,给你写好了hosts,一个自定义网络内部可以直接通过容器name进行访问
root@bogon: ~ 17:28:17
$ docker network create test
2c8ded728719aa5ffeba59c16264954c7eccdad7c435fae34bf39ee41dfb87d4
root@bogon: ~ 17:29:26
$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
a8f190100335        bridge              bridge              local
1ff2dd488eff        host                host                local
1c8102042db6        none                null                local
2c8ded728719        test                bridge              local
root@bogon: ~ 17:29:32
$ docker run -itd --name web01 --net=test busybox
28363b6fdb344d3a70d91a5eb7f6b1a5b839159d811f6caf75a2becd29b8581e
root@bogon: ~ 17:30:02
$ docker run -itd --name db01 --net=test busybox
4d7e3565eb53758e6b04c1b53a6e99e5e6f05952d447a8a77e8a62acf1278f42
root@bogon: ~ 17:30:27
$ docker exec -it 28363b6fdb344d3a70d91a5eb7f6b1a5b839159d811f6caf75a2becd29b8581e sh
/ # ping db01
PING db01 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.070 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.080 ms
^C
--- db01 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.070/0.075/0.080 ms
/ # root@bogon: ~ 17:30:50
$ docker exec -it 4d7e3565eb53758e6b04c1b53a6e99e5e6f05952d447a8a77e8a62acf1278f42 sh
/ # ping web01
PING web01 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.064 ms
^C
--- web01 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.064/0.064/0.064 ms
/ # root@bogon: ~ 17:31:10
$ docker network inspect test
[
    {
        "Name": "test",
        "Id": "2c8ded728719aa5ffeba59c16264954c7eccdad7c435fae34bf39ee41dfb87d4",
        "Created": "2019-03-14T17:29:26.179582934+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "28363b6fdb344d3a70d91a5eb7f6b1a5b839159d811f6caf75a2becd29b8581e": {
                "Name": "web01",
                "EndpointID": "081a4d0f669d220cea6e049c0fb8c70f151e03e728f1566c6115ca84b9933fea",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "4d7e3565eb53758e6b04c1b53a6e99e5e6f05952d447a8a77e8a62acf1278f42": {
                "Name": "db01",
                "EndpointID": "3b696c978c70afe6464ce07a9085b658dfb63330efd80ecfa666cf852b2f96db",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
root@bogon: ~ 17:31:21
$ 

================================traceroute================================
$ traceroute baidu.com
traceroute to baidu.com (220.181.57.216), 30 hops max, 60 byte packets
 1  bogon (192.168.1.1)  1.418 ms  1.255 ms  1.155 ms
 2  * * *
 3  * * 10.20.1.113 (10.20.1.113)  4.131 ms
 4  bogon (10.30.0.53)  4.800 ms  3.980 ms  4.595 ms
 5  1.119.129.1 (1.119.129.1)  7.124 ms  7.235 ms  7.515 ms
 6  33.171.143.219.broad.bj.bj.dynamic.163data.com.cn (219.143.171.33)  5.311 ms * *
 7  * * *
 8  36.110.244.46 (36.110.244.46)  5.232 ms  5.121 ms 220.181.0.54 (220.181.0.54)  6.399 ms
 9  36.110.244.102 (36.110.244.102)  14.519 ms *^C
root@bogon: ~ 17:36:26
$

原文地址:https://www.cnblogs.com/Carr/p/10531875.html

时间: 2024-10-01 05:44:13

docker网络类型访问原理的相关文章

Docker的原生overlay网络的实现原理

系统环境 manager node: CentOS Linux release 7.4.1708 (Core) workr node: CentOS Linux release 7.5.1804 (Core) Docker版本信息 manager node: Docker version 18.09.4, build d14af54266 worker node: Docker version 19.03.1, build 74b1e89 Docker Swarm系统环境 manager nod

Docker网络与存储

第1章 docker网络类型 1.1 docker共有四种网络类型: 类型 说明 None 不为容器配置任何网络功能,没有网络 --net=none     只有一个环回地址 Container 与另一个运行中的容器共享Network   Namespace,--net=container:containerID Host 与主机共享Network   Namespace,--net=host Bridge Docker设计的NAT网络模型(默认类型) bridge默认docker网络隔离基于网

16.2,docker网络

Docker 允许通过外部访问容器或容器互联的方式来提供网络服务. 端口映射允许外部访问容器 --link 容器互联 容器桥接网络 1.通过--link容器通信,给test2添加一个hosts解析记录 docker run -d --name test2 --link test1 busybox /bin/sh -c "while true;do sleep 3600;done" test2可以ping通test1,反之不可以 但是--link是不推荐使用的,而是更强大的自定义dock

“深入浅出”来解读Docker网络核心原理

前言 之前笔者写了有些关于dokcer的各种相关技术的文章,唯独Docker网络这一块没有具体的来分享.后期笔者会陆续更新Docker集群以及Docker高级实践的文章,所以在此之前必须要和大家一起来解读一下Docker网络原理.认真看下去你会有收获的. ?在深入Docker内部的网络原理之前,我们先从一个用户的角度来直观感受一下Docker的网络架构和基本操作是怎么样的. Docker网络架构 ?Docker在1.9版本中(现在都1.17了)引入了一整套docker network子命令和跨主

docker网络访问(三)

docker网络访问 ifconfig查看网卡,启动docker的时候,docker会帮我们创建一个docker0的网桥. 1.随机映射 docker run -P 2.指定映射 -p hostPort:containerPort -p ip:hostPort:containerPort -p ip::containerPort -p hostPort:containerPort:udp -p hostPort:containerPort -p hostPort:containerPort (多

docker网络访问

一.docker网络访问的方式 随机映射: - docker run -P 指定映射: 1. -p hostPort:containerPort 2. -p ip:hostPort:containerPort 3. -p ip::containerPort 4. -p hostPort:containerPort 5. -p hostPort:containerPort:udp 1.环境准备 环境准备 IP 主机名 操作系统 192.168.56.11 linux-node1 centos7 注

docker单机网络类型

docker单机网络类型概述 Docker 安装时会自动在 host 上创建三种网络  分别为 bridge    host   none .   可用 docker network ls 命令查看 none 网络 none 网络就是什么都没有的网络.挂在这个网络下的容器除了 lo,没有其他任何网卡 一些对安全性要求高并且不需要联网的应用可以使用 none 网络 host 网络        连接到 host 网络的容器共享 Docker host 的网络栈,容器的网络配置与 host 完全一样

Docker:容器的四种网络类型 [十三]

一.None类型 简介:不为容器配置任何网络功能,--net=none 1.创建容器 docker run -it --network none busubox:latest 2.功能测试 [[email protected] ~]# docker run -it --network none busybox:latest / # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBAC

docker网络

一. Docker 中的网络功能介绍 默认情况下,容器可以建立到外部网络的连接,但是外部网络无法连接到容器. Docker 允许通过外部访问容器或容器互联的方式来提供网络服务 外部访问容器: 容器中可以运行一些网络应用,要让外部也可以访问这些应用,可以通过  -P  或  -p  参数来指定端口映射.(当使用–P(大写)标记时,Docker 会随机映射一个随机的端口到内部容器开放的网络端口.) 注意:-P使用时需要指定--expose选项或dockerfile中用expose指定容器要暴露的端口