docker-网络管理-桥接网络

Posted douyi

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker-网络管理-桥接网络相关的知识,希望对你有一定的参考价值。

一、配置桥接网络
 
需求:为了使本地网络中的机器和Docker容器更方便的通信,我们经常会有将Docker容器配置到和主机同一网段的需求。这个需求其实很容易实现,我们只要将Docker容器和宿主机的网卡桥接起来,再给Docker容器配上IP就可以了。
思路:新添加一块宿主机br0网卡桥接本地ens33网卡,从git上clone 借助第四方 pipwork包为容器桥接宿主机br0网卡实现桥接通信!!
 
1:新增一块br0网卡,并配置br0网卡
[root@host1 ~]# cd /etc/sysconfig/network-scripts/
[root@host1 network-scripts]# cp ifcfg-ens33 ifcfg-br0
[root@host1 network-scripts]# vim ifcfg-br0
TYPE=Bridge ##这里原来Ethernet更改为Bridge 桥接模式
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=br0 ##网卡名称原ens33更改为br0网卡
UUID=18f02dd3-f445-432f-b0a6-a1fb9ec0f2c4
DEVICE=br0 ##这里原来ens33更改为br0
ONBOOT=yes
 
 
2:修改ens33网卡配置,UUID需注释,增加BRIDGE=br0p配置完成后
[root@host1 network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
#UUID=18f02dd3-f445-432f-b0a6-a1fb9ec0f2c4 ##UUID这块需要注释!!
DEVICE=ens33
ONBOOT=yes
BRIDGE=br0 ##设置桥接网卡=br0
 
3:重启网络服务后,ifconfig查看br0网卡信息,此时ens33网卡则没有分配ip表示成功
[root@host1 network-scripts]# systemctl restart network
[root@host1 network-scripts]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.8.101 netmask 255.255.255.0 broadcast 192.168.8.255
inet6 fe80::b16c:64c5:9a66:cd16 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:82:89:9b txqueuelen 1000 (Ethernet)
RX packets 9142 bytes 15237405 (14.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7117 bytes 606732 (592.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5fff:fe5f:1754 prefixlen 64 scopeid 0x20<link>
ether 02:42:5f:5f:17:54 txqueuelen 0 (Ethernet)
RX packets 5294 bytes 290388 (283.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5607 bytes 14823433 (14.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:82:89:9b txqueuelen 1000 (Ethernet)
RX packets 26743 bytes 31301657 (29.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14144 bytes 1196801 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 
 
4:下载pipwork,并存放到/usr/local/bin目录下
[root@host1 ]# git clone https://github.com/jpetazzo/pipework
正克隆到 ‘pipework‘...
remote: Enumerating objects: 501, done.
remote: Total 501 (delta 0), reused 0 (delta 0), pack-reused 501
接收对象中: 100% (501/501), 172.97 KiB | 2.00 KiB/s, done.
处理 delta 中: 100% (264/264), done.
[root@host1 pipework]# cp pipework /usr/local/bin/
 
5:新建一个test_br0容器,并使用--net=none指定不分配该容器网络功能
[root@host1 ~]# docker run -itd --net=none --name test_bro centos
44cf598093748b88a7e56f30f7ac06abbb42f0fd5a25508001755648853a79d3
 
6:使用pipework为新开启的test_br0容器桥接宿主机的Br0网卡,并指定Ip为192.168.8.166
语法:pipework 【网卡】 【容器name】 【IP网段】@【网关IP】
[root@host1 ~]# pipework br0 test_br0 192.168.8.166/24@192.168.8.1
 
7:进入容器查询Ip是否配置成功
[root@host1 ~]# docker exec -it 44cf59 bash
[root@44cf59809374 /]# ifconfig
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.8.166 netmask 255.255.255.0 broadcast 192.168.8.255
ether 46:d7:5c:23:14:d3 txqueuelen 1000 (Ethernet)
RX packets 6482 bytes 15195529 (14.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6181 bytes 435596 (425.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 
8:测试宿主和容器是否可通信,同时是否能连接外网
[root@host1 ~]# ping 192.168.8.166
PING 192.168.8.166 (192.168.8.166) 56(84) bytes of data.
64 bytes from 192.168.8.166: icmp_seq=1 ttl=64 time=0.307 ms
64 bytes from 192.168.8.166: icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from 192.168.8.166: icmp_seq=3 ttl=64 time=0.065 ms
 
[root@44cf59809374 /]# ping www.baidu.com
PING www.baidu.com (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=1 ttl=49 time=62.9 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=2 ttl=49 time=58.5 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=3 ttl=49 time=58.5 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=4 ttl=49 time=57.6 ms

以上是关于docker-网络管理-桥接网络的主要内容,如果未能解决你的问题,请参考以下文章

详解docker桥接网络模型

Docker 容器的网络模式

Centos7.x Docker桥接网络

docker配置桥接网络

docker数据卷备份恢复以及配置桥接网络

docker桥接模式