docker网络模型

wuyang-ligerj

已于 2022-10-25 20:53:24 修改

阅读量379

点赞数 1

分类专栏：运维学习笔记文章标签： docker 运维容器

于 2022-10-25 18:13:22 首次发布

本文链接：https://blog.csdn.net/jlgkeep/article/details/127517131

版权

运维学习笔记专栏收录该内容

15 篇文章 0 订阅

订阅专栏

—docker的三种网络模型：

1、bridge 默认的网络模式
2、host
3、none

#查看docker的网络类型

root@wuyang-3:~# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
486c1cc54b02   bridge    bridge    local
e855573f84eb   host      host      local
e5cfe0742dfa   none      null      local

—容器请求报文的抓包

root@wuyang-3:~# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS          PORTS                               NAMES
bed5d10e4046   nginx:alpine   "/docker-entrypoint.…"   36 minutes ago   Up 36 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   pensive_noether
root@wuyang-3:~# docker exec -it bed5d10e4046 sh
/ # curl 192.168.127.13

root@wuyang-3:~# tcpdump -i docker0 port 80
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on docker0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:42:31.996231 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [S], seq 1865280721, win 64240, options [mss 1460,sackOK,TS val 3184710308 ecr 0,nop,wscale 7], length 0
17:42:31.996715 IP 192.168.127.138.http > 10.10.0.2.47900: Flags [S.], seq 2568686438, ack 1865280722, win 65160, options [mss 1460,sackOK,TS val 3213559735 ecr 3184710308,nop,wscale 7], length 0
17:42:31.996796 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [.], ack 1, win 502, options [nop,nop,TS val 3184710309 ecr 3213559735], length 0
17:42:31.996914 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [P.], seq 1:80, ack 1, win 502, options [nop,nop,TS val 3184710309 ecr 3213559735], length 79: HTTP: GET / HTTP/1.1
17:42:31.997222 IP 192.168.127.138.http > 10.10.0.2.47900: Flags [.], ack 80, win 509, options [nop,nop,TS val 3213559735 ecr 3184710309], length 0
17:42:31.997533 IP 192.168.127.138.http > 10.10.0.2.47900: Flags [P.], seq 1:239, ack 80, win 509, options [nop,nop,TS val 3213559735 ecr 3184710309], length 238: HTTP: HTTP/1.1 200 OK
17:42:31.997561 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [.], ack 239, win 501, options [nop,nop,TS val 3184710310 ecr 3213559735], length 0
17:42:31.997603 IP 192.168.127.138.http > 10.10.0.2.47900: Flags [P.], seq 239:854, ack 80, win 509, options [nop,nop,TS val 3213559736 ecr 3184710309], length 615: HTTP
17:42:31.997623 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [.], ack 854, win 501, options [nop,nop,TS val 3184710310 ecr 3213559736], length 0
17:42:31.997851 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [F.], seq 80, ack 854, win 501, options [nop,nop,TS val 3184710310 ecr 3213559736], length 0
17:42:31.998258 IP 192.168.127.138.http > 10.10.0.2.47900: Flags [F.], seq 854, ack 81, win 509, options [nop,nop,TS val 3213559736 ecr 3184710310], length 0
17:42:31.998302 IP 10.10.0.2.47900 > 192.168.127.138.http: Flags [.], ack 855, win 501, options [nop,nop,TS val 3184710310 ecr 3213559736], length 0
17:45:21.052939 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [S], seq 2098865739, win 64240, options [mss 1460,sackOK,TS val 3184879365 ecr 0,nop,wscale 7], length 0
17:45:21.053614 IP 192.168.127.138.http > 10.10.0.2.37044: Flags [S.], seq 3235540462, ack 2098865740, win 65160, options [mss 1460,sackOK,TS val 3213728799 ecr 3184879365,nop,wscale 7], length 0
17:45:21.053651 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [.], ack 1, win 502, options [nop,nop,TS val 3184879366 ecr 3213728799], length 0
17:45:21.053766 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [P.], seq 1:80, ack 1, win 502, options [nop,nop,TS val 3184879366 ecr 3213728799], length 79: HTTP: GET / HTTP/1.1
17:45:21.054110 IP 192.168.127.138.http > 10.10.0.2.37044: Flags [.], ack 80, win 509, options [nop,nop,TS val 3213728800 ecr 3184879366], length 0
17:45:21.054363 IP 192.168.127.138.http > 10.10.0.2.37044: Flags [P.], seq 1:239, ack 80, win 509, options [nop,nop,TS val 3213728800 ecr 3184879366], length 238: HTTP: HTTP/1.1 200 OK
17:45:21.054369 IP 192.168.127.138.http > 10.10.0.2.37044: Flags [P.], seq 239:854, ack 80, win 509, options [nop,nop,TS val 3213728800 ecr 3184879366], length 615: HTTP
17:45:21.054396 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [.], ack 239, win 501, options [nop,nop,TS val 3184879366 ecr 3213728800], length 0
17:45:21.054440 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [.], ack 854, win 501, options [nop,nop,TS val 3184879366 ecr 3213728800], length 0
17:45:21.054813 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [F.], seq 80, ack 854, win 501, options [nop,nop,TS val 3184879367 ecr 3213728800], length 0
17:45:21.055122 IP 192.168.127.138.http > 10.10.0.2.37044: Flags [F.], seq 854, ack 81, win 509, options [nop,nop,TS val 3213728801 ecr 3184879367], length 0
17:45:21.055168 IP 10.10.0.2.37044 > 192.168.127.138.http: Flags [.], ack 855, win 501, options [nop,nop,TS val 3184879367 ecr 3213728801], length 0

—修改docker默认IP地址范围

#找到docker.service文件

vim /lib/systemd/system/docker.service

#修改配置文件
修改 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bip=10.10.0.1/24 中的bip为其他子网范围 eg：bip=10.10.20.1/24

—容器的跨主机通信

#查看宿主机的静态路由
route -n
#在宿主机添加前往容器网段的静态路由
doute add -net 10.10.20.0/24 gw 172.168.127.136

—创建自定义网络

#docker自定义网络命令help

root@wuyang-3:~# docker network --help

Usage:  docker network COMMAND

Manage networks

Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks

Run 'docker network COMMAND --help' for more information on a command.

#创建一个名叫wuyang-net的网络 -d表示网络类型

root@wuyang-3:~# docker network create -d bridge --subnet 10.10.100.0/24 --gateway 10.10.100.1 wuyang-net
2e59705d0627a4ee897eef4f683eda815fcde7ed7bf3f372a847c7ce0d94f6f9root

#使用自定义的网络启动一个容器,进入容器查看容器IP，并测试网络是否能通信

root@wuyang-3:~# docker run -it -d --net wuyang-net -p 81:81 nginx:alpine
a776af8b76268dcc338e7412ad4c491c4203188f0fc6f9be16c03029d65a32d2
root@wuyang-3:~# docker exec -it a776af8 sh
/ # ifconfig | grep inet | awk {'print $2'} | head -n 1
addr:10.10.100.2
/ # ping -c 2 www.baidu.com
PING www.baidu.com (180.101.49.13): 56 data bytes
64 bytes from 180.101.49.13: seq=0 ttl=127 time=7.786 ms
64 bytes from 180.101.49.13: seq=1 ttl=127 time=8.858 ms

--- www.baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 7.786/8.322/8.858 ms