docker 容器的网络

Posted rdchenxi

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker 容器的网络相关的知识,希望对你有一定的参考价值。

容器的网络模式

bridge  

 -net=bridge 默认网络。docker启动后创建一个docker0网桥,默认创建的容器也添加到这个网桥

[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:9e:10:d9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.60/24 brd 192.168.10.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::a9bf:2d8e:93ae:ec02/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:22:bb:c4:51 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:22ff:febb:c451/64 scope link 
       valid_lft forever preferred_lft forever
[[email protected] ~]# docker pull  busybox
[[email protected] ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               web4                58f1e3f2b46e        23 hours ago        109MB
busybox             latest              d8233ab899d4        8 days ago          1.2MB
nginx               latest              f09fe80eb0e7        2 weeks ago         109MB
centos              latest              1e1148e4cc2c        2 months ago        202MB
[[email protected] ~]# docker run -itd --name cf busybox 
2a522e6c07026d034e2eb659ee93fc97939c9c0389ae38385d4b50c0efbf0dfa
[[email protected] ~]# docker exec -it cf sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
48: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
       valid_lft forever preferred_lft forever
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

  

host 

-net=host 容器不会获得一个独立network namespace .而是与宿主机共用一个,这就意味着容器不会有自己的网卡信息,而是使用宿主机的。容器出来网络其他都是隔离

[[email protected] ~]# docker run -itd --net=host --name host busybox 
aa9742b7b5cfb39a7cd3e69b3244f5b70c1e45bf622102344bdd841bc83ca84d
[[email protected] ~]# docker exec  -it  host sh
/ # ifconfig  
docker0   Link encap:Ethernet  HWaddr 02:42:22:BB:C4:51  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:22ff:febb:c451/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:74 errors:0 dropped:0 overruns:0 frame:0
          TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8289 (8.0 KiB)  TX bytes:8030 (7.8 KiB)

ens33     Link encap:Ethernet  HWaddr 00:0C:29:9E:10:D9  
          inet addr:192.168.10.60  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a9bf:2d8e:93ae:ec02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:221842 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64829 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:246421922 (235.0 MiB)  TX bytes:5781625 (5.5 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:68 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5912 (5.7 KiB)  TX bytes:5912 (5.7 KiB)

veth3d56f5a Link encap:Ethernet  HWaddr 9E:28:5C:41:88:F2  
          inet6 addr: fe80::9c28:5cff:fe41:88f2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

veth4da077b Link encap:Ethernet  HWaddr DA:8D:86:62:1B:E7  
          inet6 addr: fe80::d88d:86ff:fe62:1be7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1046 (1.0 KiB)  TX bytes:2085 (2.0 KiB)

veth84f1299 Link encap:Ethernet  HWaddr BE:B2:C0:E4:97:EE  
          inet6 addr: fe80::bcb2:c0ff:fee4:97ee/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

veth90b019f Link encap:Ethernet  HWaddr 66:BC:2B:2A:71:0F  
          inet6 addr: fe80::64bc:2bff:fe2a:710f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1963 (1.9 KiB)  TX bytes:2597 (2.5 KiB)

veth9fb9b9e Link encap:Ethernet  HWaddr 9A:C9:A0:BB:67:30  
          inet6 addr: fe80::98c9:a0ff:febb:6730/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

vetheee52bb Link encap:Ethernet  HWaddr AE:39:80:8E:59:33  
          inet6 addr: fe80::ac39:80ff:fe8e:5933/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1695 (1.6 KiB)  TX bytes:2351 (2.2 KiB)

vethf4afa27 Link encap:Ethernet  HWaddr 16:D6:9E:3E:99:91  
          inet6 addr: fe80::14d6:9eff:fe3e:9991/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:756 (756.0 B)
[[email protected] ~]# ifconfig 
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:22ff:febb:c451  prefixlen 64  scopeid 0x20<link>
        ether 02:42:22:bb:c4:51  txqueuelen 0  (Ethernet)
        RX packets 74  bytes 8289 (8.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 89  bytes 8030 (7.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.60  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::a9bf:2d8e:93ae:ec02  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:9e:10:d9  txqueuelen 1000  (Ethernet)
        RX packets 221899  bytes 246427013 (235.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64859  bytes 5788303 (5.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 68  bytes 5912 (5.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5912 (5.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth3d56f5a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::9c28:5cff:fe41:88f2  prefixlen 64  scopeid 0x20<link>
        ether 9e:28:5c:41:88:f2  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth4da077b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d88d:86ff:fe62:1be7  prefixlen 64  scopeid 0x20<link>
        ether da:8d:86:62:1b:e7  txqueuelen 0  (Ethernet)
        RX packets 13  bytes 1046 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 2085 (2.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth84f1299: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::bcb2:c0ff:fee4:97ee  prefixlen 64  scopeid 0x20<link>
        ether be:b2:c0:e4:97:ee  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth90b019f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::64bc:2bff:fe2a:710f  prefixlen 64  scopeid 0x20<link>
        ether 66:bc:2b:2a:71:0f  txqueuelen 0  (Ethernet)
        RX packets 19  bytes 1963 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31  bytes 2597 (2.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth9fb9b9e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::98c9:a0ff:febb:6730  prefixlen 64  scopeid 0x20<link>
        ether 9a:c9:a0:bb:67:30  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vetheee52bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ac39:80ff:fe8e:5933  prefixlen 64  scopeid 0x20<link>
        ether ae:39:80:8e:59:33  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1695 (1.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26  bytes 2351 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf4afa27: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::14d6:9eff:fe3e:9991  prefixlen 64  scopeid 0x20<link>
        ether 16:d6:9e:3e:99:91  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 756 (756.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

  

none 

-net=none 

获取独立的network namespace,但不为容器进行任何网络配置,需要我们手动配置

[[email protected] ~]# docker run -itd --net=none --name none busybox 
fccad0839a9ffa8d78a8e9eb3061d3ed8e845c6bb93c30d6bf9d4c58e3091660
[[email protected] ~]# docker exec  -it  none sh
/ # ifconfig 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 

  

container

-net=container:name /ID

与指定的容器使用同一个network namespace 具有同样的网络配置信息,两个容器处了网络其他都是隔离的

自定网络

与默认的bridge 原理一样,但自定义网络具备内部网络dns发现,可以通过容器名或者主机名容器之间网络通信

[[email protected] ~]# docker network create  hh
95ee6c21a7170fb9c2eec3d5ea1ff48bbaaa78eca5fc291f3da6c70370225df6
[[email protected] ~]# docker run -it --name bs1 --net=hh busybox
[[email protected] ~]# docker run -it --name bs2 --net=hh busybox
/ # ping bs1
PING bs1 (172.20.0.2): 56 data bytes
64 bytes from 172.20.0.2: seq=0 ttl=64 time=0.367 ms
64 bytes from 172.20.0.2: seq=1 ttl=64 time=0.204 ms
64 bytes from 172.20.0.2: seq=2 ttl=64 time=0.219 ms
64 bytes from 172.20.0.2: seq=3 ttl=64 time=0.194 ms
/64 bytes from 172.20.0.2: seq=4 ttl=64 time=0.196 ms
64 bytes from 172.20.0.2: seq=5 ttl=64 time=0.179 ms

  

以上是关于docker 容器的网络的主要内容,如果未能解决你的问题,请参考以下文章

将 Docker 容器限制为单个 cpu 核心

docker compose 多容器共用网络问题

docker容器网络

Docker容器的网络管理和网络隔离

容器化工具--------Docker的网络操作

容器化工具--------Docker的网络操作