Docker四种⽹络模式
1、bridge模式(默认)
Docker使⽤Linux虚拟⽹络技术在宿主机虚拟⼀个名为docker0的虚拟⽹桥。
Docker启动⼀个容器时会根据Docker0⽹桥的⽹段分配给容器⼀个IP地址(可通过:docker inspect 容器名/ID 查看容器地址),同时Docker⽹桥作为每个容器的默认⽹关,虚拟⽹桥 的⼯作⽅式和物理交换机类似,因为在同⼀宿主机内的容器都接⼊同⼀个⽹桥,这样主机上 的所有容器就通过交换机(docker0)连在了⼀个⼆层⽹络中直接通信。
当创建⼀个 Docker 容器的时候,同时会创建了⼀对 veth pair接⼝(当数据包发送到⼀个接 ⼝时,另外⼀个接⼝也可以收到相同的数据包)。这对接⼝⼀端在容器内,即 eth0;另⼀端 在本地并被挂载到docker0 ⽹桥,名称以 veth 开头(例如 vethAQI2QT)。通过这种⽅ 式,主机可以跟容器通信,容器之间也可以相互通信。Docker 就创建了在主机和所有容器之 间⼀个虚拟共享⽹络
Docker⽹桥是宿主机虚拟出来的,并不是真实存在的⽹络设备,外部⽹络是⽆法寻址到的, 这也意味着外部⽹络⽆法通过直接容器IP访问到容器,如果容器希望外部访问能够访问到, 可以通过映射容器端⼝到宿主机。
使⽤场景:当您需要多个容器在同⼀个Docker宿主机上进⾏通信时,使⽤⾃定义的桥接⽹络 模式(bridge)是最佳选择。
示例:创建容器并指定bridge模式
格式:--net=bridge
[root@admin ~]# docker run -id --name nginx --net=bridge -p 81:80 nginx:latest
a4aa92c8395b98fcba1fa44c3775f09fadc197505a4e78cd20b9220796c5c9ba
[root@admin ~]#
[root@admin ~]# docker inspect nginx
省 略 。 。 。 。 。
"Networks": {
"bridge": { //网络模式
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:11:00:02",
"NetworkID": "370e6edac17b7d85c6c81df21afd659d224e3dd4149cd281a93cf8f79b9a0cdb",
"EndpointID": "ceca3a04c69ab2e87367f3924a3147c90de3eac9f37257187ac3ce4036e42183",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
}
}
}
}
]2、host模式
在Host类型的⽹络中,容器不会虚拟出⾃⼰的⽹卡,⽽是与物理机共享⽹络,拥有物理机的 IP地址和⽹卡信息,⽽容器的其他⽅⾯,如⽂件系统、进程列表等还是和宿主机隔离的。 Host最⼤的优势就是⽹络性能⽐较好,不需要进⾏NAT,可以直接使⽤宿主机的IP地址/端⼝ 与外界通信。
使⽤场景:当容器⽹络堆栈不应与Docker主机隔离但⼜希望隔离容器的其他⽅⾯ (cgroup,unix file system)时,使⽤主机⽹络模式(host)是最佳选择。
示例:创建容器并指定Host模式
提示:此模式⽆法通过-p为容器指定端⼝,容器内部的服务使⽤的是宿主机端⼝,各个host 模式的容器不能有端⼝冲突。
格式:--net=host
[root@admin ~]# docker run -id --name nginx_host --net=host nginx:latest
9222fd1954a2390d445158614658bcbf6aa93065d6c41a6cedd9f58f5c958f3d
[root@admin ~]# docker inspect nginx_host
省略 。。。。。
"Networks": {
"host": { //host模式
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "",
"NetworkID": "86c253d1831c332d0a7f42fa854900db34581d8855211e4b13b0b223c0563785",
"EndpointID": "ca049a2df6d65c44a24f143f294e78472b97fd67090786c42000bf9bb5d6b050",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
}
}
}
}
]
[root@admin ~]# 3、Container模式
这个模式指定新创建的容器和已经存在的⼀个容器共享⼀个⽹络,⽽不是和宿主机共享。
新创建的容器不会创建⾃⼰的⽹卡,配置⾃⼰的 IP,⽽是和⼀个指定的容器共享 IP、端⼝范 围等。
同样,两个容器除了⽹络⽅⾯,其他的如⽂件系统、进程列表等还是隔离的。两个容器的进 程可以通过 lo(回环) ⽹卡设备通信。
示例:创建容器并与其他容器公⽤⽹络
格式:--net=container:容器名/容器ID
[root@admin ~]# docker run -id --name nginx_container --net=container:nginx nginx:latest
57a6d98d3dae5fe09b47f58c29cefef5bd3d23cfa38561ca60702bd57aafb5e2
[root@admin ~]# docker inspect nginx_container
省 略 。。。。。。。
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"SandboxKey": "",
"Ports": {},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {}
}
}
]
[root@admin ~]# 4、None模式
None类型的⽹络,即没有⽹络,Docker容器不会设置容器内⽹络的任何信息,不会对⽹络 进⾏任何配置,但是我们⾃⼰可以给该容器添加配置,给予其⽹络环境。
示例:创建容器并使⽤None模式
格式:--net=none
[root@admin ~]# docker run -id --name=nginx_none --net=none nginx:latest
ecf5a6761322fd1f4011c152e9e37d39108e28f19c4d00a8253352b8498a02ca
[root@admin ~]# docker inspect nginx_none
省略 。。。。。
"Networks": {
"none": { //自定义网络模式
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "",
"NetworkID": "22ad897b3c5911a14ea1eb4bd9cf8c7bb5040218589ce51a98c3aa6d5dc5bc7b",
"EndpointID": "4c5390c7c3d8b2930122a6543579d8a8a248e606b87e0d84cbcd2e6518609322",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
}
}
}
}
]
[root@admin ~]# Docker⾃定义⽹络
⾃定义容器⽹络可使不同的集群使⽤不同的⽹络,避免相互影响。
查看所有docker⽹络:docker network ls
[root@admin ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
370e6edac17b bridge bridge local
86c253d1831c host host local
22ad897b3c59 none null local
[root@admin ~]⾃定义docker⽹络:docker network create --driver bridge --subnet 192.168.1.0/24 --gateway 192.168.1.254 mynet
create #创建⽹络
--driver #定义⽹络模式
--subnet #定义⽹络IP
--gateway #指定⽹关
mynet #是⾃⼰定义的⽹络名称
示例:创建⼀个⾃定义⽹络
[root@admin ~]# docker network create --driver bridge --subnet 192.168.100.0/24 --gateway 192.168.100.254 mynet
b62727d78cb4613173ac7a0b03c0e03400c9fee4b42b2c52cddda806c3c80f61
[root@admin ~]#
[root@admin ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
370e6edac17b bridge bridge local
86c253d1831c host host local
b62727d78cb4 mynet bridge local
22ad897b3c59 none null local
[root@admin ~]# 创建容器使⽤⾃定义⽹络:
--net=名称
--ip 地址 #定义容器IP,如果不⾃定义,将默认分配
[root@admin ~]# docker run -id --name nginx_mynet --net=mynet --ip 192.168.100.130 -p 80:80 nginx:latest //此处网络用的刚刚创建的mynet网络
5793f4e4d6e7c4df63a3a242bf49f4a881421cb6695dcc097053bcfaf41aa9e2
[root@admin ~]# curl 192.168.100.130 //测试访问
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@admin ~]# 查看⽹络详细信息:docker network inspect ⽹络名称/ID
[root@admin ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "b62727d78cb4613173ac7a0b03c0e03400c9fee4b42b2c52cddda806c3c80f61",
"Created": "2024-04-10T16:01:10.113557999+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.100.0/24",
"Gateway": "192.168.100.254"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"5793f4e4d6e7c4df63a3a242bf49f4a881421cb6695dcc097053bcfaf41aa9e2": {
"Name": "nginx_mynet",
"EndpointID": "a9ae9e68c47ea53145c30f2492bd741e1b03885bc434fa30333226df84eb9a04",
"MacAddress": "02:42:c0:a8:64:82",
"IPv4Address": "192.168.100.130/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@admin ~]容器加⽹络:docker network connect ⽹络名 容器名
⾃定义⽹络和默认⽹络是不通的,这样就起到了隔离的作⽤,那如果我们想要打通这两 个⽹络要使⽤ connect 将容器加⼊到该⽹络
提示:打通后,默认⽹络和⾃定义⽹络就可以互相通信
[root@admin ~]# docker network connect mynet nginx
[root@admin ~]# docker inspect nginx
"Networks": {
"bridge": { //原本的网络
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:11:00:02",
"NetworkID": "370e6edac17b7d85c6c81df21afd659d224e3dd4149cd281a93cf8f79b9a0cdb",
"EndpointID": "4dba5a8fe74d8cd9389cf6326c115c3a8aa4678dfe7d0cb807c4949323912ba1",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
},
"mynet": { //新添加的网络
"IPAMConfig": {},
"Links": null,
"Aliases": [],
"MacAddress": "02:42:c0:a8:64:01",
"NetworkID": "b62727d78cb4613173ac7a0b03c0e03400c9fee4b42b2c52cddda806c3c80f61",
"EndpointID": "2c7b7385bb8b9f93fbd789fd2f6703dfcfd3c75458b654fd2ed8a274089f698b",
"Gateway": "192.168.100.254",
"IPAddress": "192.168.100.1",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": {},
"DNSNames": [
"nginx",
"2930f9a58b59"
]
}
}
}
}
]
[root@admin ~]# 删除⽹络:docker network rm ⽹络名
[root@admin ~]# docker network rm mynet
Error response from daemon: error while removing network: network mynet id b62727d78cb4613173ac7a0b03c0e03400c9fee4b42b2c52cddda806c3c80f61 has active endpoints
#提示错误需要先删除绑定的容器或者更换网络
查看网络使用信息
[root@admin ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "b62727d78cb4613173ac7a0b03c0e03400c9fee4b42b2c52cddda806c3c80f61",
"Created": "2024-04-10T16:01:10.113557999+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.100.0/24",
"Gateway": "192.168.100.254"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"2930f9a58b59ccb91db147999efbb5ef42015764598f71872229faac2b7d55a7": {
"Name": "nginx", //nginx容器在使用中
"EndpointID": "2c7b7385bb8b9f93fbd789fd2f6703dfcfd3c75458b654fd2ed8a274089f698b",
"MacAddress": "02:42:c0:a8:64:01",
"IPv4Address": "192.168.100.1/24",
"IPv6Address": ""
},
"5793f4e4d6e7c4df63a3a242bf49f4a881421cb6695dcc097053bcfaf41aa9e2": {
"Name": "nginx_mynet", //nginx_mynet容器在使用中
"EndpointID": "a9ae9e68c47ea53145c30f2492bd741e1b03885bc434fa30333226df84eb9a04",
"MacAddress": "02:42:c0:a8:64:82",
"IPv4Address": "192.168.100.130/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@admin ~]#
停止容器即可
[root@admin ~]# docker stop nginx
nginx
[root@admin ~]# docker stop nginx_mynet
nginx_mynet
[root@admin ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "b62727d78cb4613173ac7a0b03c0e03400c9fee4b42b2c52cddda806c3c80f61",
"Created": "2024-04-10T16:01:10.113557999+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.100.0/24",
"Gateway": "192.168.100.254"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
[root@admin ~]#
[root@admin ~]# docker network rm mynet
mynet
[root@admin ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
370e6edac17b bridge bridge local
86c253d1831c host host local
22ad897b3c59 none null local
[root@admin ~]#
扫一扫
1504
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
