docker网络
理解docker0
#查看网络地址
[root@iZ2zefj6kkvtlhfjyf4d09Z ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:16:3e:2e:f3:58 brd ff:ff:ff:ff:ff:ff
inet 172.28.1.49/20 brd 172.28.15.255 scope global dynamic noprefixroute eth0
valid_lft 314868395sec preferred_lft 314868395sec
inet6 fe80::216:3eff:fe2e:f358/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:8c:4a:75:f2 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:8cff:fe4a:75f2/64 scope link
valid_lft forever preferred_lft forever
lo:中的127.0.0.1为本机回环地址eth0:中的172.28.1.49为阿里云内网地址docker0:中172.17.0.1为docker0 的地址
#启动tomcat镜像
docker run -d -p 3344:8080 --name tomcat01 tomcat
#查看tomcat容器的网络配置
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker exec -it tomcat1 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
138: eth0@if139: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
在查看tomcat网络配置的时候可以发现存在一个eth0@if139的网络配置,该地址为docker分配的。在测试的过程中可以发现Linux服务器可以ping通docker容器内部。
原理:每启动一个docker容器,docker就会为容器分配一个ip。在安装docker后,会产生成一个docker0的网卡,该网卡为桥接模式,使用的是evth-pair技术。
启动tomcat的容器后,查看ip addr可以发现增加了一个网卡
139: veth2bc2e1a@if138: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 9a:ca:9e:94:67:8f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::98ca:9eff:fe94:678f/64 scope link
valid_lft forever preferred_lft forever
再启动一个容器进行测试,可以发现又增加了一对网卡
141: veth08114cf@if140: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1a:14:45:5c:5f:a9 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::1814:45ff:fe5c:5fa9/64 scope link
valid_lft forever preferred_lft forever
测试可以发现,启动容器增加对网卡都是成对出现的。evth-pair是一对虚拟设备的接口,他们是成对出现的,一端连着协议,一端连着彼此的设备,正是因为这个特性,evth-pair充当一个桥梁,连接各种虚拟设备,目前OpenStack、Docker都是使用的该技术。
测试:利用tomcat2对tomcat1进行ping测试
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker exec -it tomcat2 ping 172.17.0.2
测试可以发现,tomcat2可以成功的ping通tomcat1
–link
在测试中可以发现,直接通过容器名进行ping测试会出现问题:
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker exec -it tomcat2 ping tomcat1
ping: tomcat1: Temporary failure in name resolution
为解决该问题,可以使用--link进行绑定
为了进行测试运行tomcat3进行测试
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker run -d --name tomcat3 --link tomcat2 tomcat
ping测试时发现tomcat3可以ping通tomcat2
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker exec -it tomcat3 ping tomcat2
PING tomcat2 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat2 (172.17.0.3): icmp_seq=1 ttl=64 time=0.127 ms
64 bytes from tomcat2 (172.17.0.3): icmp_seq=2 ttl=64 time=0.086 ms
--- tomcat2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 12ms
rtt min/avg/max/mdev = 0.086/0.106/0.127/0.022 ms
进行反向ping测试时可以发现无法tomcat2无法ping通tomcat3
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker exec -it tomcat2 ping tomcat3
ping: tomcat3: Temporary failure in name resolution
查看tomcat3的配置可以发现,在tomcat3的配置里面存在一条路由:172.17.0.3 tomcat2 1a8615686704,而之前的docker run -d --name tomcat3 --link tomcat2 tomcat 相当于在tomcat3的配置文件中增加了该路由。
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker exec -it tomcat3 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat2 1a8615686704
172.17.0.4 7bb523b75669
docker network命令
#可选项
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
可以通过docker network ls查看目前全部的网络信息
[root@iZ2zefj6kkvtlhfjyf4d09Z home]# docker network ls
NETWORK ID NAME DRIVER SCOPE
528e974f26a7 bridge bridge local
523068f0a0a1 host host local
6c0a8fa7f382 none null local
网络模式
-
bridge:桥接模式,docker默认使用bridge模式,自定义网络也使用bridge模式 -
none:不配置网络模式 -
host:和宿主机共享网络 -
container:容器网络互通(使用较少)
可以通过docker network inspect 528e974f26a7查看详细信息
{
"Name": "tomcat2",
"EndpointID": "87c5d54a930bbb887fb55faedc94b4319f693438c906548bcbbdcddda170ec5b",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"24fadcd149a51caa385c66218c5b5c1bb69bb757b66d5fc98d45b28178e8f5c8": {
"Name": "tomcat1",
"EndpointID": "9f86714fd723008484100318129f0310d17917c52b13de4758b965717c9ce5bf",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"7bb523b75669d253e2e9f6c0f5f0c7e0b7ed9d2159eea248581b25ce800806c5": {
"Name": "tomcat3",
"EndpointID": "4165cd1ede7cab902477a9f17bac4e6ce3a7715ba7ee940085fb473d8a4d7e55",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
}
},
目前不建议使用–link,推荐自定义网络,且docker0不支持容器名连接访问。
扫一扫
1055
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
