Docker02:Docker核心技术探索网络命名空间和网络隔离
Posted coe2coe
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker02:Docker核心技术探索网络命名空间和网络隔离相关的知识,希望对你有一定的参考价值。
在Docker中可以为Docker容器创建与原始宿主系统以及其它容器中的虚拟系统之间相互隔离的虚拟网络环境。
Docker的网络分为以下几种模式:
(1)bridge模式。这将配置一个虚拟网络系统,容器中的虚拟网卡通过NAT与宿主系统的真实网卡通讯。
docker run -it --net=bridge --name=centos --hostname=centos centos /bin/bash
在容器中执行以下命令,其中yum provides用于查找指定的命令所在的包。
1 yum provides ifconfig 2 3 yum install net-tools 4 5 yum provides ip 6 7 yum install iproute
检查容器中的网络配置:
1 [[email protected] /]# ip link list 2 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 3 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 4 15: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 5 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 6 [[email protected] /]# ip addr 7 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 8 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 9 inet 127.0.0.1/8 scope host lo 10 valid_lft forever preferred_lft forever 11 15: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 12 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 13 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 14 valid_lft forever preferred_lft forever 15 [[email protected] /]# ifconfig 16 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 17 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 18 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) 19 RX packets 8324 bytes 27792451 (26.5 MiB) 20 RX errors 0 dropped 0 overruns 0 frame 0 21 TX packets 6506 bytes 356889 (348.5 KiB) 22 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 23 24 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 25 inet 127.0.0.1 netmask 255.0.0.0 26 loop txqueuelen 1 (Local Loopback) 27 RX packets 0 bytes 0 (0.0 B) 28 RX errors 0 dropped 0 overruns 0 frame 0 29 TX packets 0 bytes 0 (0.0 B) 30 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(2)container模式。这将使得容器的虚拟网卡使用与指定的其它容器的虚拟网卡相同的IP地址。
为了理解这种模式,需要先创建一个容器,网络模式为bridge模式。
docker run -it --net=bridge --name=centos --hostname=centos centos /bin/bash
然后查看bridge模式下的网络配置:
1 [[email protected] /]# ifconfig 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 3 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 4 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) 5 RX packets 1552 bytes 14029219 (13.3 MiB) 6 RX errors 0 dropped 0 overruns 0 frame 0 7 TX packets 1519 bytes 85477 (83.4 KiB) 8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 9 10 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 11 inet 127.0.0.1 netmask 255.0.0.0 12 loop txqueuelen 1 (Local Loopback) 13 RX packets 0 bytes 0 (0.0 B) 14 RX errors 0 dropped 0 overruns 0 frame 0 15 TX packets 0 bytes 0 (0.0 B) 16 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
再创建网络为container模式的容器。
docker run -it --net=container:centos --name=centos2 centos /bin/bash
此时centos2容器和centos容器具备相同的网络配置,包括IP地址,MAC地址以及hostname等信息都相同,这也是container模式下不能指定--hostname=XXXX的参数的原因。
1 [[email protected] /]# ifconfig 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 3 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 4 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) 5 RX packets 4092 bytes 28111521 (26.8 MiB) 6 RX errors 0 dropped 0 overruns 0 frame 0 7 TX packets 3956 bytes 220458 (215.2 KiB) 8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 9 10 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 11 inet 127.0.0.1 netmask 255.0.0.0 12 loop txqueuelen 1 (Local Loopback) 13 RX packets 0 bytes 0 (0.0 B) 14 RX errors 0 dropped 0 overruns 0 frame 0 15 TX packets 0 bytes 0 (0.0 B) 16 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(3)host模式。这将使得容器的虚拟网卡使用和宿主系统的真实网卡相同的网络环境,即直接使用宿主系统的物理网卡。
docker run -it --rm --net=host --name=centos2 --hostname=centos centos /bin/bash
查看容器的网卡情况:
1 [[email protected] /]# ifconfig 2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 3 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 4 inet6 fe80::42:ffff:fed9:4b28 prefixlen 64 scopeid 0x20<link> 5 ether 02:42:ff:d9:4b:28 txqueuelen 0 (Ethernet) 6 RX packets 6506 bytes 265805 (259.5 KiB) 7 RX errors 0 dropped 0 overruns 0 frame 0 8 TX packets 8324 bytes 27792451 (26.5 MiB) 9 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 10 11 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 12 inet 11.1.1.11 netmask 255.255.255.0 broadcast 11.1.1.255 13 inet6 fe80::20c:29ff:fe66:d822 prefixlen 64 scopeid 0x20<link> 14 ether 00:0c:29:66:d8:22 txqueuelen 1000 (Ethernet) 15 RX packets 12671 bytes 1064839 (1.0 MiB) 16 RX errors 0 dropped 0 overruns 0 frame 0 17 TX packets 8803 bytes 3356079 (3.2 MiB) 18 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 19 20 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 21 inet 11.2.1.11 netmask 255.255.255.0 broadcast 11.2.1.255 22 inet6 fe80::20c:29ff:fe66:d82c prefixlen 64 scopeid 0x20<link> 23 ether 00:0c:29:66:d8:2c txqueuelen 1000 (Ethernet) 24 RX packets 29604 bytes 42907671 (40.9 MiB) 25 RX errors 0 dropped 0 overruns 0 frame 0 26 TX packets 9761 bytes 597994 (583.9 KiB) 27 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 28 29 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 30 inet 127.0.0.1 netmask 255.0.0.0 31 inet6 ::1 prefixlen 128 scopeid 0x10<host> 32 loop txqueuelen 1 (Local Loopback) 33 RX packets 3765 bytes 2003876 (1.9 MiB) 34 RX errors 0 dropped 0 overruns 0 frame 0 35 TX packets 3765 bytes 2003876 (1.9 MiB) 36 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(4)none模式。这将使得容器中暂时不具备网卡相关功能。
这种模式下,由于没有网卡,无法进行涉及到网络的操作,包括yum install命令。
docker run -it --net=none --name=centos3 --hostname=centos centos /bin/bash
本博客将对Docker使用的bridge模式的虚拟网络进行模拟。Docker的bridge模式的虚拟网络
以上是关于Docker02:Docker核心技术探索网络命名空间和网络隔离的主要内容,如果未能解决你的问题,请参考以下文章