#####Docke网络#####

最新推荐文章于 2025-01-21 09:30:00 发布
最新推荐文章于 2025-01-21 09:30:00 发布
阅读量309 收藏
点赞数
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_44821839/article/details/96370774
本文介绍了Docker的网络模式,包括默认的bridge、host和none类型,以及自定义网络的创建和通信方式。重点讨论了自定义网络的bridge模式、DNS解析、容器通信、跨主机网络解决方案,如overlay和macvlan,并提到了Docker的网络库libnetwork和CNM模型。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

#####Docker原生网络#####
1.docker 安装后会自动生成3种网络:bridge 、host 、none

[root@server4 docker]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
91c7c4709d58        bridge              bridge              local
de8ea88b39f4        host                host                local
1aa09618140e        none                null                local

bridge类型:
安装docker自动生成的bridge类型docker0,新建的容器会自动桥接到这个接口

[root@server4 docker]# ip addr show   ##默认生成的docker0,默认使用bridge类ing
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:3d:1d:de:8b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0  ##默认网段172.17.0.1/16
       valid_lft forever preferred_lft forever
之后新建的容器就会以单调递增的方式分配ip
[root@server4 ~]# docker run -d nginx    ##运行nginx容器
6c12b1d008cae73622ff7438d49cb3b6bf2b5a36ab11a627712fd0595797e064
[root@server4 ~]# docker ps   ##查看docker容器进程
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
6c12b1d008ca        nginx               "nginx -g 'daemon of…"   51 seconds ago      Up 46 seconds       80/tcp              awesome_pike
[root@server4 ~]# docker inspect 6c12b1d008ca   ##通过容器名或容器id进行操作
 "Gateway": "172.17.0.1",  ##网关
                    "IPAddress": "172.17.0.2",   ##ip地址,
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
[root@server4 ~]# brctl show    
bridge name	bridge id		STP enabled	interfaces
docker0		8000.02423d1dde8b	no		veth43b78a0   ##已自动桥接到docker0上
[root@server4 ~]# docker run -it --name vm2  ubuntu   #再运行一个vm2容器,
root@95b6fb0e0dda:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff    
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0   #分配的ip地址172.17.0.3/16
       valid_lft forever preferred_lft forever
  • 桥接模式下容器没有一个公有ip,只有宿主机可以直接访问(外部主机不可见)
  • 容器可以通过宿主机的NAT规则后访问外网(net.ipv4.ip_forward=1)
    在这里插入图片描述
    在创建容器时操作系统会自动生成虚拟网络对(一端连接到nginx的网络栈(eth0),另一端连接到docker0;如此就可以实现nginx与docker0互通),docker0再通过ip转发到真实物理网卡上与外部主机连接

host类型:host网络模式在容器创建时需指定–network=host
host模式可以让容器共享宿主机网络栈.(外部主机与容器可以直接通信,但容器的网络缺少隔离性,宿主机和容器的网络资源不能冲突)
在这里插入图片描述

[root@server4 ~]# docker run -it --name vm1 --network  host ubuntu   ##运行一个host网络模式的容器
root@server4:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:3b:25:e2 brd ff:ff:ff:ff:ff:ff
    inet 172.25.46.4/24 brd 172.25.46.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe3b:25e2/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3d:1d:de:8b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0    ##在当前容器内的ip与宿主机的一致
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3dff:fe1d:de8b/64 scope link 
       valid_lft forever preferred_lft forever
root@server4:/# exit   crtl + d ##退出并停止运行容器
[root@server4 ~]# docker ps   ##docker 没有容器运行的进程
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@server4 ~]# ip addr  ##查看宿主机的ip
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:3d:1d:de:8b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3dff:fe1d:de8b/64 scope link 
       valid_lft forever preferred_lft forever
[root@server4 ~]# docker start vm1   #打开容器
vm1
[root@server4 ~]# docker container attach vm1  #连接容器vm1
root@server4:/# ip addr3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3d:1d:de:8b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3dff:fe1d:de8b/64 scope link 
       valid_lft forever preferred_lft foreve

none模式:禁用网络功能(没有ip地址和网络接口),只有lo接口,在创建容器时 --network=none指定
作用:不需要外网连接,可存放的数据较敏感

[root@server4 ~]# docker run -it --name vm2 --network none   ubuntu
root@fe51f4141f76:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo   #只有lo 回环接口
       valid_lft forever preferred_lft forever

####Docker自定义网络###
自定义网络模式,docker提供了三种自定义网络驱动:

  • bridge #bridge驱动类似于默认的bridge网络模式,但新增加了一些功能(DNS解析容器名称到ip地址)
  • overlay
  • macvlan
    overlay 和macvlan用于创建跨主机网络,bridge针对单机网络
  • 建议使用自定义网络来控制哪些容器可以互相通信,

1.自定义网络的bridge

[root@server4 ~]# docker network create -d bridge my_net1   ##创建自定义网络bridge
2bb11ae5b66c93c32ef6e68ae2690f23b052f436ea91517f41b9c8227e65ead4
[root@server4 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
91c7c4709d58        bridge              bridge              local
de8ea88b39f4        host                host                local
2bb11ae5b66c        my_net1             bridge              local   #自定义的bridge网络模式
1aa09618140e        none                null                local
[root@server4 ~]# docker run -it --name vm1 --network  my_net1 ubuntu  #用自定义的bridge运行一个容纳vm1
root@c7822672ee80:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0  #分配的ip  172.18.0.2/16
       valid_lft forever preferred_lft forever
root@c7822672ee80:/# [root@server4 ~]#    #ctrl +pq 退出但保持容器运行
[root@server4 ~]# docker ps -a  #查看进程
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
c7822672ee80        ubuntu              "/bin/bash"         5 minutes ago       Up 5 minutes                            vm1
[root@server4 ~]# docker network inspect my_net1 # 查看子网信息
          "c7822672ee80879fafa6dea2a8a18574cd0b5dc6b7ac64a67d57c8015bb07e4e": {
                "Name": "vm1",
                "EndpointID": "2fd4b2bfb4b4a24da88e75417928d798cddc10c58fb4650b074994e43aa861f8",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",  #子网也是递增方式分配,
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

不同容器可以互相通信

[root@server4 ~]# docker run -it --name vm1 --network my_net1 ubuntu
root@af3e3272ff8a:/# ping vm1
PING vm1 (172.18.0.2) 56(84) bytes of data.
64 bytes from af3e3272ff8a (172.18.0.2): icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from af3e3272ff8a (172.18.0.2): icmp_seq=2 ttl=64 time=0.062 ms
^C
--- vm1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.034/0.048/0.062/0.014 ms
root@af3e3272ff8a:/# [root@server4 ~]# 
[root@server4 ~]# docker run -it --name vm2 --network my_net1 ubuntu
root@86f69734237a:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@86f69734237a:/# ping vm1
PING vm1 (172.18.0.2) 56(84) bytes of data.
64 bytes from vm1.my_net1 (172.18.0.2): icmp_seq=1 ttl=64 time=0.149 ms
64 bytes from vm1.my_net1 (172.18.0.2): icmp_seq=2 ttl=64 time=0.129 ms
64 bytes from vm1.my_net1 (172.18.0.2): icmp_seq=3 ttl=64 time=0.100 ms
^C
--- vm1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.100/0.126/0.149/0.020 ms

自定义网段:创建时指定参数–subnet 、-- gateway

[root@server4 ~]# docker network create -d bridge --subnet 172.23.0.0/24 --gateway 172.23.0.1 my_net2    #自定义网段172.23.0.0网段
c93eb78ea41cf021969517021b9207062ab6ffa1ede3616c2fce5e17d303fd1f
[root@server4 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
91c7c4709d58        bridge              bridge              local
de8ea88b39f4        host                host                local
2bb11ae5b66c        my_net1             bridge              local
c93eb78ea41c        my_net2             bridge              local   
1aa09618140e        none                null                local
[root@server4 ~]# docker run -it --name vm2 --network my_net2 ubuntu  #运行vm2容器
root@405c48ee4943:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:17:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.2/24 brd 172.23.0.255 scope global eth0   #分配到指定网段的ip
       valid_lft forever preferred_lft forever
root@405c48ee4943:/#

参数 --ip 可以手动指定容器ip,但必须在自己自定义的网桥上(默认的bridge不支持),同一网桥上的容器可以互相通信

[root@server4 ~]# docker run -it --name vm3 --network my_net2 --ip 172.23.0.10 ubuntu   #指定ip(建立在上一个指定网段的指定参数--subnet 、-- gateway基础上)
root@f257e97c74bf:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
22: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:17:00:0a brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.10/24 brd 172.23.0.255 scope global eth0   #获得指定的ip
       valid_lft forever preferred_lft forever
root@f257e97c74bf:/# ping vm2
PING vm2 (172.23.0.2) 56(84) bytes of data.
64 bytes from vm2.my_net2 (172.23.0.2): icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from vm2.my_net2 (172.23.0.2): icmp_seq=2 ttl=64 time=0.100 ms
64 bytes from vm2.my_net2 (172.23.0.2): icmp_seq=3 ttl=64 time=0.100 ms
^C
--- vm2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.100/0.111/0.134/0.018 ms

桥接到 不同网桥上的容器彼此是不通信的(docker在设计上就是要隔离不同的network)

[root@server4 ~]# brctl show   #查看当前桥接状况(每创建一个桥接自动生成一个桥接名称和id)
bridge name	bridge id		STP enabled	interfaces
br-2bb11ae5b66c		8000.02425161a0f8	no		
br-c93eb78ea41c		8000.02421415739c	no		veth42e5020
							veth5f915d0
docker0		8000.02423d1dde8b	no	
[root@server4 ~]# iptables -S

在这里插入图片描述
不同网桥上的互相通信

[root@server4 ~]# docker network connect my_net2 vm1
[root@server4 ~]# docker container attach vm1
^C
root@c7df8fd74f27:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0 ## ip 172.18.0.2/16
       valid_lft forever preferred_lft forever
26: eth1@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:17:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.3/24 brd 172.23.0.255 scope global eth1  #ip  172.23.0.3/24
       valid_lft forever preferred_lft forever  
       ##vm1中有两个子网地址,my_net2和之前分配的
root@c7df8fd74f27:/# ping vm1
PING vm1 (172.18.0.2) 56(84) bytes of data.
64 bytes from c7df8fd74f27 (172.18.0.2): icmp_seq=1 ttl=64 time=0.042 ms
64 bytes from c7df8fd74f27 (172.18.0.2): icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from c7df8fd74f27 (172.18.0.2): icmp_seq=3 ttl=64 time=0.065 ms
^C
--- vm1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.042/0.057/0.066/0.014 ms
root@c7df8fd74f27:/# ping vm2
PING vm2 (172.23.0.2) 56(84) bytes of data.
64 bytes from vm2.my_net2 (172.23.0.2): icmp_seq=1 ttl=64 time=0.142 ms
64 bytes from vm2.my_net2 (172.23.0.2): icmp_seq=2 ttl=64 time=0.104 ms
64 bytes from vm2.my_net2 (172.23.0.2): icmp_seq=3 ttl=64 time=0.104 ms
^C
--- vm2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.104/0.116/0.142/0.021 ms
root@c7df8fd74f27:/# ping vm3
PING vm3 (172.23.0.10) 56(84) bytes of data.
64 bytes from vm3.my_net2 (172.23.0.10): icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from vm3.my_net2 (172.23.0.10): icmp_seq=2 ttl=64 time=0.102 ms
64 bytes from vm3.my_net2 (172.23.0.10): icmp_seq=3 ttl=64 time=0.100 ms
^C
--- vm3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.100/0.112/0.134/0.015 ms

####Docker容器通信####
1.容器之间除了ip通信外,还可以使用容器名称通信(docker 1.10开始内嵌了DNS server)

  • DNS解析功能必须在自定义网络中使用
  • 启动容器时使用–name指定容器名称
[root@server4 ~]# docker run -it --name vm1 --network my_net1 ubuntu
root@8a1873140c58:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
28: eth0@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
      [root@server4 ~]# docker run -it --name vm2 --network my_net1 ubuntu
root@3f9819c219f1:/# ping vm1
PING vm1 (172.18.0.2) 56(84) bytes of data.
64 bytes from vm1.my_net1 (172.18.0.2): icmp_seq=1 ttl=64 time=0.139 ms
64 bytes from vm1.my_net1 (172.18.0.2): icmp_seq=2 ttl=64 time=0.100 ms
^C
--- vm1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.100/0.119/0.139/0.022 ms
root@3f9819c219f1:/# cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.18.0.3	3f9819c219f1
 valid_lft forever preferred_lft forever

2.joined容器,一种较为特别的网络模式(仅主机模式,host模式)

  • 在创建容器时使用–network=container:vm指定(vm1指定运行的容器名)
[root@server4 ~]# docker run -it --name vm1 ubuntu
root@49625dd59b22:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
32: eth0@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@49625dd59b22:/# [root@server4 ~]# 
[root@server4 ~]# docker run -it --name vm2 --network container:vm1 ubuntu
root@49625dd59b22:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
32: eth0@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0   ##vm2和vm1网络栈共享,ip一样,这两个容器可以使用localhost高效快速通信(使用web服务器和应用服务器通信)
       valid_lft forever preferred_lft forever
  1. –link可以用来连接两个容器
  • –link格式: --link :alias (name和id是源容器的,alias是源容器在link下的别名)
[root@server4 ~]# docker run -d nginx   #-d打入后
4cee655b8e8eac2696caaf89a2b180676b0fe1b07067b3a4d5ddb588e664b615
[root@server4 ~]# docker ps -a  #查看进程和随机的容器名  quizzical_feistel以及   ip 4cee655b8e8e
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
4cee655b8e8e        nginx               "nginx -g 'daemon of…"   About a minute ago   Up About a minute   80/tcp              quizzical_feistel
[root@server4 ~]# docker inspect quizzical_feistel
             "EndpointID": "9108d4b23ba5ca7f4b72cb13c9c04f2a6b16fb833450397eb6737e9f77de3528",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
[root@server4 ~]# docker run -it --name vm1 --link quizzical_feistel:web ubuntu   #
root@6183802e8492:/# ping web
PING web (172.17.0.2) 56(84) bytes of data.
64 bytes from web (172.17.0.2): icmp_seq=1 ttl=64 time=0.169 ms
64 bytes from web (172.17.0.2): icmp_seq=2 ttl=64 time=0.102 ms
64 bytes from web (172.17.0.2): icmp_seq=3 ttl=64 time=0.103 ms
64 bytes from web (172.17.0.2): icmp_seq=4 ttl=64 time=0.104 ms
64 bytes from web (172.17.0.2): icmp_seq=5 ttl=64 time=0.102 ms
^C
--- web ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.102/0.116/0.169/0.026 ms
root@6183802e8492:/# cat /etc/hosts  更新了/etc/hosts解析
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2	web 4cee655b8e8e quizzical_feistel
172.17.0.3	6183802e849
root@6183802e8492:/# env  #查看变量(将容器内的变量也link过来了)
WEB_ENV_NGINX_VERSION=1.16.0
WEB_PORT_80_TCP_PORT=80
WEB_PORT_80_TCP=tcp://172.17.0.2:80
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
SHLVL=1
HOME=/root
WEB_NAME=/vm1/web
WEB_PORT_80_TCP_PROTO=tcp
WEB_PORT_80_TCP_ADDR=172.17.0.2
LESSOPEN=| /usr/bin/lesspipe %s
WEB_PORT=tcp://172.17.0.2:80
LESSCLOSE=/usr/bin/lesspipe %s %s
_=/usr/bin/env

link的自动更新

[root@server4 ~]# docker stop quizzical_feistel   #此时会自动释放之前占用的资源
quizzical_feistel
[root@server4 ~]# docker run -d nginx
ac13f9092f8b0bd9f7d0ca2c711f67ff2c7623ebabd6a633956a26fed987e8a0
[root@server4 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
ac13f9092f8b        nginx               "nginx -g 'daemon of…"   7 seconds ago       Up 5 seconds                80/tcp              priceless_williams
6183802e8492        ubuntu              "/bin/bash"              6 minutes ago       Up 6 minutes                                    vm1
4cee655b8e8e        nginx               "nginx -g 'daemon of…"   12 minutes ago      Exited (0) 47 seconds ago                       quizzical_feistel
[root@server4 ~]# docker inspect priceless_williams
  "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "91c7c4709d58acf5a0649f7f83066db1e05aee82bdb7b760afff5f379e61b999",
                    "EndpointID": "3b53c6d0c222966d824a6345df38a7262b9cd3c8e57943b014f0204804b47774",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
[root@server4 ~]# docker start quizzical_feistel
quizzical_feistel
[root@server4 ~]# docker inspect quizzical_feistel
  "Aliases": null,
                    "NetworkID": "91c7c4709d58acf5a0649f7f83066db1e05aee82bdb7b760afff5f379e61b999",
                    "EndpointID": "648470d279b4e079e0d43092a9cab9fe7124a478d7e6b7542f5f43983a1978e6",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.4",   #重新获取ip,172.17.0.3被vm1占用
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:04",   
                    "DriverOpts": null
                }
[root@server4 ~]# docker attach vm1
root@6183802e8492:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@6183802e8492:/# cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.4	web 4cee655b8e8e quizzical_feistel
172.17.0.3	6183802e8492
root@6183802e8492:/#

4.容器通过iptables的SNAT实现外网连接(docker0就是网关)

[root@server4 ~]# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.23.0.0/24 ! -o br-c93eb78ea41c -j MASQUERADE  
-A POSTROUTING -s 172.18.0.0/16 ! -o br-2bb11ae5b66c -j MASQUERADE   #创建网络时的策略,数据包在该网段出去的时候会做伪装,转换成当前物理机接口的真实地址
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE   
-A DOCKER -i br-c93eb78ea41c -j RETURN
-A DOCKER -i br-2bb11ae5b66c -j RETURN
-A DOCKER -i docker0 -j RETURN
[root@server4 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
91c7c4709d58        bridge              bridge              local
de8ea88b39f4        host                host                local
2bb11ae5b66c        my_net1             bridge              local
c93eb78ea41c        my_net2             bridge              local
1aa09618140e        none                null                local
[root@server4 ~]# docker run -it --name vm1 ubantu
root@6183802e8492:/# ping baidu.com
PING  baidu.com(220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=51 time=51.6 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=2 ttl=51 time=39.7 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=3 ttl=51 time=39.6 ms
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=4 ttl=51 time=37.9 ms


[root@server4 ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      892/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      921/master          
tcp        0      0 172.25.46.4:22          172.25.46.250:46834     ESTABLISHED 14517/sshd: root@pt 
tcp        0      0 172.25.46.4:22          172.25.46.250:46568     ESTABLISHED 2555/sshd: root@pts 
tcp6       0      0 :::22                   :::*                    LISTEN      892/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      921/master          
[root@server4 ~]# docker run -d --name vm1 -p 80:80 nginx   #-p做端口映射
abc7b64c70d4b1c177295d9f01d720e5b85ca3293479e799a57ff09fd252fd63
[root@server4 ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                NAMES
abc7b64c70d4        nginx               "nginx -g 'daemon of…"   About a minute ago   Up About a minute   0.0.0.0:80->80/tcp   vm1
[root@server4 ~]# docker port vm1   #查看容器端口
80/tcp -> 0.0.0.0:80
[root@server4 ~]# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.23.0.0/24 ! -o br-c93eb78ea41c -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16 ! -o br-2bb11ae5b66c -j MASQUERADE
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A DOCKER -i br-c93eb78ea41c -j RETURN
-A DOCKER -i br-2bb11ae5b66c -j RETURN
-A DOCKER -i docker0 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.17.0.2:80   #用户访问时先访问物理机的80端口,通过防火墙的地址转换到172.17.0.2:80

#####跨主机容器网络###
跨主机网络的解决方案:

  • docker 原生的overlay和macvlan
  • 第三方的flannel、weave、calicao
    众多网络方案是如何与docker集成在一起的
  • libnetwork docker容器网络库
  • CNM(Container Network Model) 这个模型对容器网络进行了抽象
    CNM分三类组件:
  • Sandbox:容器网络栈,包含容器接口、dns、路由表(namespace)
  • Endpoint : 作用是将sandbox接入network(veth pair)
  • Network:包含一组endpoint,同一network和endpoint可以通信
    在这里插入图片描述
    -macvlan网络实现方案:
  • Linux kernel提供的一种网络虚拟化技术;
  • 无需Linux bridge,直接使用物理接口,性能极好
    在两台docker主机上个添加一块网卡,打开网卡混杂模式
    在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
保证实验环境
在这里插入图片描述
在这里插入图片描述
打开混杂模式:

[root@server4 ~]# ip link set eth1 promisc on
[root@server4 ~]# ip addr 
6: eth1: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc noop state DOWN qlen 1000   #,PROMISC混杂模式开启
    link/ether 52:54:00:3b:47:d4 brd ff:ff:ff:ff:ff:ff
      [root@server4 ~]# ip link set eth1 up
[root@server5 ~]# ip link set eth1 promisc on
4: eth1: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 52:54:00:e9:cb:dd brd ff:ff:ff:ff:ff:ff
   [root@server5 ~]# ip link set eth1 up
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e9:cb:dd brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:fee9:cbdd/64 scope link 
       valid_lft forever preferred_lft forever

自定义创建macvlan网络模型:

[root@server4 ~]# docker network create -d macvlan --subnet 172.20.0.0/24 --gateway 172.20.0.1 -o parent=eth1 macvlan1    ##指定子网网段和走那个物理接口
1d34df53d9bf21242de36d7bda2e98604b6e9145344d6ee7fc24a36ac42ec520
[root@server5 ~]# docker network create -d macvlan --subnet 172.20.0.0/24 --gateway 172.20.0.1 -o parent=eth1 macvlan1   #这里是在不同独立主机,同一网段不冲突
143239d4be660fec71e472148689ab549bce061e476002957161c1397d5cf097
[root@server5 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
acdc2ce24545        bridge              bridge              local
4cf3ba5dbc0d        host                host                local
143239d4be66        macvlan1            macvlan             local
991d1bbb619b        none                null                local

创建容器,会自动递增分配ip,这里建议自定义ip方便实验

[root@server5 ~]# docker run -it --name vm1 --network macvlan1 --ip 172.20.0.10 ubuntu
root@d494a8ac3a55:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 02:42:ac:14:00:0a brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.10/24 brd 172.20.0.255 scope global eth0
       valid_lft forever preferred_lft forever

[root@server4 ~]# docker run -it --name vm1 --network macvlan1 --ip 172.20.0.12 ubuntu
root@8ab6b508afca:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 02:42:ac:14:00:0c brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.12/24 brd 172.20.0.255 scope global eth0
       valid_lft forever preferred_lft forever
root@d41d962c4605:/# ping 172.20.12 
PING 172.20.12 (172.20.0.12) 56(84) bytes of data.
64 bytes from 172.20.0.12: icmp_seq=1 ttl=64 time=1.43 ms
64 bytes from 172.20.0.12: icmp_seq=2 ttl=64 time=0.861 ms
64 bytes from 172.20.0.12: icmp_seq=3 ttl=64 time=0.823 ms
^C
--- 172.20.12 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.823/1.039/1.433/0.279 ms

macvlan网络模式没有新建Linux bridge,容器的接口直接与主机网卡连接,无需NAT或端口映射

[root@server5 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242eaf6c075	no	
[root@server5 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:b2:4c:8b brd ff:ff:ff:ff:ff:ff
    inet 172.25.46.5/24 brd 172.25.46.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:feb2:4c8b/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:ea:f6:c0:75 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e9:cb:dd brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:fee9:cbdd/64 scope link 
       valid_lft forever preferred_lft forever

[root@server4 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.02426957bb7a	no	  #没有生成新的桥接口
root@server4 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
16dddd894361        bridge              bridge              local
de8ea88b39f4        host                host                local
1d34df53d9bf        macvlan1            macvlan             local
1aa09618140e        non

每个macvlan会独占一个物理接口,但一个主机上可以有物理网卡接口是有限的;但可以使用
vlan子接口实现多macvlan网络
vlan可以将物理二层网络划分为4094个逻辑网络,彼此隔离,vlam id 取值为1-4094

[root@server4 ~]# docker network create -d macvlan --subnet 172.21.0.0/24 --gateway 172.21.0.1 -o parent=eth1.1 macvlan2
2d969ce763c842d432f15d069141fdf9ed77a7dc6d21adef6ebfe5beb133b0dc
[root@server5~]# docker network create -d macvlan --subnet 172.21.0.0/24 --gateway 172.21.0.1 -o parent=eth1.1 macvlan2
2d969ce763c842d432f15d069141fdf9ed77a7dc6d21adef6ebfe5beb133b0dc
[root@server4 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
16dddd894361        bridge              bridge              local
de8ea88b39f4        host                host                local
1d34df53d9bf        macvlan1            macvlan             local
2d969ce763c8        macvlan2            macvlan             local   #macvlan2建立
1aa09618140e        none                null                local
[root@server4 ~]# ip addr
6: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:3b:47:d4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:fe3b:47d4/64 scope link 
       valid_lft forever preferred_lft forever
9: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 52:54:00:3b:47:d4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:fe3b:47d4/64 scope link 
       valid_lft forever preferred_lft forever    ## eth1.1@eth1:被建立
[root@server4 ~]# docker run -it --name vm3 --network macvlan2 --ip 172.21.0.12 ubuntu
root@52c7d16f524a:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 02:42:ac:15:00:0c brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.12/24 brd 172.21.0.255 scope global eth0
       valid_lft forever preferred_lft forever

[root@server5 ~]# docker run -it --name vm3 --network macvlan2 --ip 172.21.0.12 ubuntu

root@23ffb96d79f8:/# 
root@23ffb96d79f8:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 02:42:ac:15:00:0c brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.12/24 brd 172.21.0.255 scope global eth0
       valid_lft forever preferred_lft forever
root@23ffb96d79f8:/# ping 172.20.0.12   #不同vlan 隔离,所以无法通信
PING 172.20.0.12 (172.20.0.12) 56(84) bytes of data.
From 172.21.0.12 icmp_seq=1 Destination Host Unreachable
From 172.21.0.12 icmp_seq=2 Destination Host Unreachable
From 172.21.0.12 icmp_seq=3 Destination Host Unreachable
From 172.21.0.12 icmp_seq=4 Destination Host Unreachable
^C
--- 172.20.0.12 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4001ms
pipe 4
root@23ffb96d79f8:/# ping 172.21.0.12
PING 172.21.0.12 (172.21.0.12) 56(84) bytes of data.
64 bytes from 172.21.0.12: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 172.21.0.12: icmp_seq=2 ttl=64 time=0.068 ms
^C
--- 172.21.0.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.068/0.083/0.098/0.015 ms
root@23ffb96d79f8:/#

macvlan网络间的隔离和连通:

  • macvlan网络在二层上是隔离的,所以不同macvlan网络的容器是不能通信的
  • 可以在三层上通过网关将macvlan网络连接
  • docker本身不做任何限制,像传统vlan网络那样管理即可

docker network 子命令

  • connect 连接容器到指定网络
  • create 创建网络
  • disconnect 断开容器与指定网络的连接
  • inspect 显示指定网络的详细信息
  • ls 显示所有网络
  • rm 删除网络
The Naive Girl
关注
# 04_深入解析docker容器化术(四)
段子手168的博客
01-10 1042
04_深入解析docker容器化术(四) 31-docker hub镜像仓库使用 32-阿里云镜像仓库使用 33-搭建私有仓库 34-配置私有仓库认证 35-docker默认网络 36-自定义网络 37-容器间的网络通信 38-docker swarm介绍 39-docker swarm架构介绍 40-docker swarm集群环境准备
# 01_docker容器化术精讲(一)
段子手168的博客
01-11 803
容器化术Docker精讲 01-今日内容 02-初识docker-docker概述 03-初识docker-安装docker 04-初识docker-docker架构 05-初识docker-配置镜像加速器 06-docker命令-服务相关命令 07-docker命令-镜像相关命令 08-docker命令-容器相关命令1 09-docker命令-容器相关命令2 10-docker容器数据卷-数据卷概念及作用
Study-09-Docke网络
習習君的博客
04-11 1370
1.理解Docker 1.清空所有的环境 2.测试 3.三个网路 docker 是如何处理容器网络访问的? [root@liustudy /]# docker run -d -P --name tomcat01 tomcat #查看容器内部的 IP 地址 IP addr 错误:这里错误大概率是因为新版Tomcat的里面没有 net-tools 。 [root@liustudy /]# docker exec -it tomcat01 ip addr OCI runtime e
解决Dock的网络问题
weixin_34419326的博客
10-27 244
【e良师益友网】Docker 是一个开源的应用容器引擎,它可以让开发者将自己的应用以及应用所依赖的内容打包到一个可移植的容器中,然后将该容器发布到任何流行的 Linux 机器上,也可以实现虚拟化。Docker 彻底释放了虚拟化的威力,它让应用的分发、部署和管理都变得前所未有的高效和轻松,凭借着自己出众的能力,Docker现在已经成为目前IT界创业者和创 新者的宠儿。那么Docker是否已经足够完美...
下载文件
RungBy的博客
07-25 655
首先实现代码 效果,从必应的链接下载一个图片,地址如下 "http://cn.bing.com/az/hprichbg/rb/MoriBuilding_EN-US5143587469_1920x1080.jpg" private void startDownload(final String downloadUrl) { permissionCheck(); ...
企业入门实战- - docker之docker网络模式
鱼子酱
07-22 327
企业入门实战- - docker之docker网络模式一.Docker网络1.桥接网络2. host网络模式3 .none模式二.自定义网络1创建自定义网桥2自定义网段3.手动指定ip三.双网卡来实现不同网段间通信1内部访问外部2.内部访问外部3原理 一.Docker网络 需要将前面的docker-compose 仓库stop cd harbor/ docker-compose stop 1.桥接网络 安装桥接网络 ip addr show docker0 yum install -y bri
docker的网络模式
qq_41961805的博客
05-30 916
基本网络配置 docker安装后会自动创建3种网络:bridge、host、none bridge网络 docker安装时会创建一个名为 docker0 的Linux bridge,新建的容器会自动桥接到这个接口。 [root@server1 ns]# docker run -it --name vm1 ubuntu 使用默认方式添加容器时使用的就是bridge网络。 [root@server1...
hegphegp#docker-learning#docker-machine搭建cluster集群1
07-25
docker-machine搭建cluster集群.md创建自定义网络--opt 指定网络安全模式docker-machine ssh manager1 doc
fzwcjl#docker-#请求IP地址1
07-25
不同服务器的docker节点没有组成集群,在不同节点部署postgresql容器,如何让不同节点的postgresql容器组成主从集群,必须要清楚知道容器出口I
# 01_Docker快速入门到项目部署(一)
段子手168的博客
01-21 1095
01_Docker快速入门到项目部署(一) 01.Docker课程介绍 02.Docker的安装 03.快速入门-部署MySQL 04.快速入门-命令解读 05.Docker基础-常见命令
linux没有ifconfig后的替代命令
zmlovelx(帅得不敢出门 程序员群31843264)
12-03 1603
arp -> ip [-r] neigh ifconfig -> ip a netstat -> ss [-r] route -> ip r 示例: ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/...
docker容器网络
weixin_72901306的博客
08-10 3593
。。
docker的四种网络模式(Bridge、Host、Container、None 网络模式),自定义网络(创建自定义网桥、使两个不同网桥的容器通信、跨主机容器容器通讯等)
qq_41830712的博客
05-31 9991
前言: 本博客的内容会为大家讲解Docker的网络管理。 docker网络模式 docker的镜像是令人称道的地方,但网络功能还是相对薄弱的部分。 docker的四种网络模式(Bridge、Host、Container、None) Docker 在启动时会开启一个虚拟网桥设备 docker0,默认地址为 172.17.1.1/16, 容器启动后都会被桥接到 docker0 上,并自动分配到一个 I...
ubuntu下使用virt-install安装虚拟机并配置桥接网络
热门推荐
翟海飞
02-27 1万+
在http://blog.youkuaiyun.com/zhaihaifei/article/details/51153402这篇总结中,只是说明了如何用virt-install创建和安装虚拟机,但是是这个虚拟机是在默认的网络default下启动的。这个默认网络与主机所在的局域网不通,因此要自己手动创建网桥并分配IP,以与主机所在局域网互通。1 创建网桥1.1 Bridge桥接原理原理KVM安装后默认的网络链接
K8s + Flannel 网络架构图
weixin_30458043的博客
05-02 1209
这是Flannel官网给出的网络架构图 这是通过自己的理解画的逻辑结构图 查看bridge [root@node01 ~]# brctl show bridge name bridge id STP enabled interfaces cni0 8000.0a580af40001 ...
Openstack 环境下网桥的常用命令总结
weixin_34381666的博客
11-05 1570
1、查看openstack宿主机网桥的状态[root@os-node4 ~]# brctl showbridge name bridge id STP enabled interfacesqbr170f5a83-ea 8000.b6d0d18a10b9 no qvb170f5...
docker运维题目和SDN失败安装
CJX_990802的博客
01-15 1615
给自己的笔记 docker rmi是删除镜像的 docker rm是删除进程的 1、查询容器端口使用情况 docker ps -a [root@registry ~]# docker port 1456ad17b826 8080/tcp -> 0.0.0.0:80 [root@registry ~]# docker port 2d7d9eeaa585 5000/tcp -> 0.0....
Docker——docker网络详解
weixin_38044888的博客
08-07 673
文章目录一、Docker原生网络1 bridge网桥模式2 host模式3 none模式4 container模式二、Docker自定义网络三、Docker容器间通信1 基于ip2 基于内部dns四、Docker跨主机的容器网络 一、Docker原生网络 Docker作为目前最火的轻量级容器术,有很多令人称道的功能,如Docker的镜像管理。然而,Docker同样有着很多不完善的地方,网络方面就...
Linux学习笔记—高级网络配置(网桥bridge、bond、team)
Hannah_zh的博客
04-26 1703
1.网络桥接 实验环境:真机 1.NAT网络配置 [root@foundation5 ~]# cd /etc/sysconfig/network-scripts/ [root@foundation5 network-scripts]# mv ifcfg-br0 ifcfg-enp0s25 /mnt/ ##将原网卡、桥接文件备份 [root@foundation5 network-scr...
root@arbres:~/dify/docker# docker compose up -d unknown shorthand flag: 'd' in -d
最新发布
04-16
另外,在遇到诸如网络超时 (`connection reset by peer`) 这类常见异常状况时,除了更换国内镜像源外还可以考虑优化本地 DNS 设置或是关闭不必要的安全软件干扰[^3]。 最后需要注意的是针对特定硬件资源不足引发的...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值