docker 容器的网络

容器的网络模式

bridge

-net=bridge 默认网络。docker启动后创建一个docker0网桥，默认创建的容器也添加到这个网桥

[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:9e:10:d9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.60/24 brd 192.168.10.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::a9bf:2d8e:93ae:ec02/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:22:bb:c4:51 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:22ff:febb:c451/64 scope link
       valid_lft forever preferred_lft forever
[root@localhost ~]# docker pull  busybox
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               web4                58f1e3f2b46e        23 hours ago        109MB
busybox             latest              d8233ab899d4        8 days ago          1.2MB
nginx               latest              f09fe80eb0e7        2 weeks ago         109MB
centos              latest              1e1148e4cc2c        2 months ago        202MB
[root@localhost ~]# docker run -itd --name cf busybox
2a522e6c07026d034e2eb659ee93fc97939c9c0389ae38385d4b50c0efbf0dfa
[root@localhost ~]# docker exec -it cf sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
48: eth0@if49: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
       valid_lft forever preferred_lft forever
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

host

-net=host 容器不会获得一个独立network namespace .而是与宿主机共用一个，这就意味着容器不会有自己的网卡信息，而是使用宿主机的。容器出来网络其他都是隔离

[root@localhost ~]# docker run -itd --net=host --name host busybox
aa9742b7b5cfb39a7cd3e69b3244f5b70c1e45bf622102344bdd841bc83ca84d
[root@localhost ~]# docker exec  -it  host sh
/ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:22:BB:C4:51
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:22ff:febb:c451/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:74 errors:0 dropped:0 overruns:0 frame:0
          TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8289 (8.0 KiB)  TX bytes:8030 (7.8 KiB)

ens33     Link encap:Ethernet  HWaddr 00:0C:29:9E:10:D9
          inet addr:192.168.10.60  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a9bf:2d8e:93ae:ec02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:221842 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64829 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:246421922 (235.0 MiB)  TX bytes:5781625 (5.5 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:68 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5912 (5.7 KiB)  TX bytes:5912 (5.7 KiB)

veth3d56f5a Link encap:Ethernet  HWaddr 9E:28:5C:41:88:F2
          inet6 addr: fe80::9c28:5cff:fe41:88f2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

veth4da077b Link encap:Ethernet  HWaddr DA:8D:86:62:1B:E7
          inet6 addr: fe80::d88d:86ff:fe62:1be7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1046 (1.0 KiB)  TX bytes:2085 (2.0 KiB)

veth84f1299 Link encap:Ethernet  HWaddr BE:B2:C0:E4:97:EE
          inet6 addr: fe80::bcb2:c0ff:fee4:97ee/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

veth90b019f Link encap:Ethernet  HWaddr 66:BC:2B:2A:71:0F
          inet6 addr: fe80::64bc:2bff:fe2a:710f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1963 (1.9 KiB)  TX bytes:2597 (2.5 KiB)

veth9fb9b9e Link encap:Ethernet  HWaddr 9A:C9:A0:BB:67:30
          inet6 addr: fe80::98c9:a0ff:febb:6730/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

vetheee52bb Link encap:Ethernet  HWaddr AE:39:80:8E:59:33
          inet6 addr: fe80::ac39:80ff:fe8e:5933/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1695 (1.6 KiB)  TX bytes:2351 (2.2 KiB)

vethf4afa27 Link encap:Ethernet  HWaddr 16:D6:9E:3E:99:91
          inet6 addr: fe80::14d6:9eff:fe3e:9991/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:756 (756.0 B)
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:22ff:febb:c451  prefixlen 64  scopeid 0x20<link>
        ether 02:42:22:bb:c4:51  txqueuelen 0  (Ethernet)
        RX packets 74  bytes 8289 (8.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 89  bytes 8030 (7.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.60  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::a9bf:2d8e:93ae:ec02  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:9e:10:d9  txqueuelen 1000  (Ethernet)
        RX packets 221899  bytes 246427013 (235.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64859  bytes 5788303 (5.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 68  bytes 5912 (5.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5912 (5.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth3d56f5a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::9c28:5cff:fe41:88f2  prefixlen 64  scopeid 0x20<link>
        ether 9e:28:5c:41:88:f2  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth4da077b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d88d:86ff:fe62:1be7  prefixlen 64  scopeid 0x20<link>
        ether da:8d:86:62:1b:e7  txqueuelen 0  (Ethernet)
        RX packets 13  bytes 1046 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 2085 (2.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth84f1299: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::bcb2:c0ff:fee4:97ee  prefixlen 64  scopeid 0x20<link>
        ether be:b2:c0:e4:97:ee  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth90b019f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::64bc:2bff:fe2a:710f  prefixlen 64  scopeid 0x20<link>
        ether 66:bc:2b:2a:71:0f  txqueuelen 0  (Ethernet)
        RX packets 19  bytes 1963 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31  bytes 2597 (2.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth9fb9b9e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::98c9:a0ff:febb:6730  prefixlen 64  scopeid 0x20<link>
        ether 9a:c9:a0:bb:67:30  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vetheee52bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ac39:80ff:fe8e:5933  prefixlen 64  scopeid 0x20<link>
        ether ae:39:80:8e:59:33  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1695 (1.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 2351 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf4afa27: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::14d6:9eff:fe3e:9991  prefixlen 64  scopeid 0x20<link>
        ether 16:d6:9e:3e:99:91  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 756 (756.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

none

-net=none

获取独立的network namespace，但不为容器进行任何网络配置，需要我们手动配置

[root@localhost ~]# docker run -itd --net=none --name none busybox
fccad0839a9ffa8d78a8e9eb3061d3ed8e845c6bb93c30d6bf9d4c58e3091660
[root@localhost ~]# docker exec  -it  none sh
/ # ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ #

container

-net=container:name /ID

与指定的容器使用同一个network namespace 具有同样的网络配置信息，两个容器处了网络其他都是隔离的

自定网络

与默认的bridge 原理一样，但自定义网络具备内部网络dns发现，可以通过容器名或者主机名容器之间网络通信

[root@localhost ~]# docker network create  hh
95ee6c21a7170fb9c2eec3d5ea1ff48bbaaa78eca5fc291f3da6c70370225df6
[root@localhost ~]# docker run -it --name bs1 --net=hh busybox
[root@localhost ~]# docker run -it --name bs2 --net=hh busybox
/ # ping bs1
PING bs1 (172.20.0.2): 56 data bytes
64 bytes from 172.20.0.2: seq=0 ttl=64 time=0.367 ms
64 bytes from 172.20.0.2: seq=1 ttl=64 time=0.204 ms
64 bytes from 172.20.0.2: seq=2 ttl=64 time=0.219 ms
64 bytes from 172.20.0.2: seq=3 ttl=64 time=0.194 ms
/64 bytes from 172.20.0.2: seq=4 ttl=64 time=0.196 ms
64 bytes from 172.20.0.2: seq=5 ttl=64 time=0.179 ms

原文地址：https://www.cnblogs.com/rdchenxi/p/10427059.html

时间： 2024-10-11 17:46:13

docker 容器的网络的相关文章

Docker基本命令与使用 —— Docker容器的网络连接（四）

一.Docker容器的网络基础通过ifconfig查看docker0的网络设备,docker守护进程就是通过docker0为docker的容器提供网络连接的各种服务. docker0是Linux虚拟网桥. Linux虚拟网桥的特点: 可以设置IP地址相当于拥有一个隐藏的虚拟网卡 docker0的地址划分: IP:172.17.42.1 子网掩码: 255.255.0.0 MAC: 02:42:ac:11:00:00 到 02:42:ac:11:ff:ff 总共提供65534个地址 docke

docker容器之间网络是如何通信的？

相关概念: 网桥:相当于一个虚拟的交换机,连接在此网桥上的所有设备均可以正常通信: veth pair:虚拟网卡对(2张网卡),两张网卡之间的收发数据保持一致: docker网络: docker0网桥:在安装启动完docker之后,会出现一个docker0的网卡设备(此设备相当于一个交换机): 创建docker容器后,会创建2个虚拟网卡,一端显示在宿主机中,一端是容器中的eth0,这2张网卡是虚拟网卡对: 创建2个容器,在宿主机上执行ip a,可以看到会出现2个虚拟网卡(以veth开头): do

Docker容器的网络基础

Linux虚拟网桥的特点:(docker0)1.可以设置IP地址2.相当于拥有一个隐藏的虚拟网卡安装网桥管理工具:[[email protected] ~]# yum install bridge-utils修改docker0地址:(有特定需求时使用)$ ifconfig docker0 192.168.200.1 netmask 255.255.0添加虚拟网桥:$ brctl addbr br0$ ifconfig br0 192.168.100.1 netmask 255.255.255.0

Kubernetes & Docker 容器网络终极之战

与 Docker 默认的网络模型不同,Kubernetes 形成了一套自己的网络模型,该网络模型更加适应传统的网络模式,应用能够平滑的从非容器环境迁移到 Kubernetes 环境中. 自从 Docker 容器出现,容器的网络通信一直是众人关注的焦点,而容器的网络方案又可以分为两大部分: 单主机的容器间通信: 跨主机的容器间通信. 一.单主机 Docker 网络通信利用 Net Namespace 可以为 Docker 容器创建隔离的网络环境,容器具有完全独立的网络栈,与宿主机隔离.也可以使

Kubernetes & Docker 容器网络终极之战(十四)

目录一.单主机 Docker 网络通信 1.1.host 模式 1.2 Bridge 模式 1.3 Container 模式 1.4.None 模式二.跨主机 Docker 网络通信分类 2.1 通信方案 2.2.容器网络规范 2.3.网络通信实现方案 2.4.Kubernetes 网络模型三.跨主机 Docker 网络 3.1 Flannel 网络方案 3.2.Calico 网络方案 3.3.Canal 网络方案 3.4.Docker overlay 网络方案 3.5.Docker ma

docker容器网络通信原理分析

概述自从docker容器出现以来,容器的网络通信就一直是大家关注的焦点,也是生产环境的迫切需求.而容器的网络通信又可以分为两大方面:单主机容器上的相互通信和跨主机的容器相互通信.而本文将分别针对这两方面,对容器的通信原理进行简单的分析,帮助大家更好地使用docker. docker单主机容器通信基于对net namespace的控制,docker可以为在容器创建隔离的网络环境,在隔离的网络环境下,容器具有完全独立的网络栈,与宿主机隔离,也可以使容器共享主机或者其他容器的网络命名空间,基本可以

理解Docker（3）：Docker 容器使用 Linux namespace 进行运行环境隔离

本系列文章将介绍Docker的有关知识: (1)Docker 安装及基本用法 (2)Docker 镜像 (3)Docker 容器的隔离性 - 使用 namespace 进行环境隔离 (4)Docker 容器的隔离性 - 使用 cgroups 进行资源隔离 (4)Docker 容器的网络 (5)Docker 容器的存储 1. 基础知识:Linux namespace 的概念 Linux 内核从版本 2.4.19 开始陆续引入了 namespace 的概念.其目的是将某个特定的全局系统资源(glob

Docker容器学习梳理--容器间网络通信设置(Pipework和Open vSwitch)

自从Docker容器出现以来,容器的网络通信就一直是被关注的焦点,也是生产环境的迫切需求.容器的网络通信又可以分为两大方面:单主机容器上的相互通信,和跨主机的容器相互通信.下面将分别针对这两方面,对容器的通信原理进行简单的分析,帮助大家更好地使用docker.前面已经在Docker容器学习梳理--基础知识(2)这一篇中详细介绍了Docker的网络配置以及pipework工具. docker单主机容器通信基于对net namespace的控制,docker可以为在容器创建隔离的网络环境,在隔离的

docker系列之网络配置

docker 网络配置 docker 安装后, 会自动在系统做一个网桥配置 docker0 . 其容器都会分配到此网桥配置下的独立, 私有 IP 地址. 如果你要自己配置桥接, 也可以把 docker0 删除掉. docker run 的时候使用参数 -b 指定你自己配置的网桥. docker 容器的网络, 是相对于实体机的私有网络. 在网桥配置下, 只要知道 IP 地址, 各容器, 及实体机本身都可以自由通信. 但是在实体机的网卡网络下, docker 容器就不可见了. 要让容器被外界访问到,