Docker02:Docker核心技术探索网络命名空间和网络隔离

Posted coe2coe

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Docker02:Docker核心技术探索网络命名空间和网络隔离相关的知识,希望对你有一定的参考价值。

在Docker中可以为Docker容器创建与原始宿主系统以及其它容器中的虚拟系统之间相互隔离的虚拟网络环境。

Docker的网络分为以下几种模式:

(1)bridge模式。这将配置一个虚拟网络系统,容器中的虚拟网卡通过NAT与宿主系统的真实网卡通讯。

docker run -it  --net=bridge --name=centos --hostname=centos  centos  /bin/bash

在容器中执行以下命令,其中yum provides用于查找指定的命令所在的包。

1  yum provides ifconfig
2 
3 yum install net-tools
4 
5 yum provides ip
6 
7 yum install iproute

检查容器中的网络配置:

 1 [[email protected] /]# ip link list
 2 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
 3     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 4 15: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
 5     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
 6 [[email protected] /]# ip addr  
 7 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 8     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 9     inet 127.0.0.1/8 scope host lo
10        valid_lft forever preferred_lft forever
11 15: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
12     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
13     inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
14        valid_lft forever preferred_lft forever
15 [[email protected] /]# ifconfig
16 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
17         inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
18         ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
19         RX packets 8324  bytes 27792451 (26.5 MiB)
20         RX errors 0  dropped 0  overruns 0  frame 0
21         TX packets 6506  bytes 356889 (348.5 KiB)
22         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
23 
24 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
25         inet 127.0.0.1  netmask 255.0.0.0
26         loop  txqueuelen 1  (Local Loopback)
27         RX packets 0  bytes 0 (0.0 B)
28         RX errors 0  dropped 0  overruns 0  frame 0
29         TX packets 0  bytes 0 (0.0 B)
30         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

(2)container模式。这将使得容器的虚拟网卡使用与指定的其它容器的虚拟网卡相同的IP地址。

为了理解这种模式,需要先创建一个容器,网络模式为bridge模式。

docker run -it  --net=bridge --name=centos --hostname=centos  centos  /bin/bash

然后查看bridge模式下的网络配置:

 1 [[email protected] /]# ifconfig
 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 3         inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
 4         ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
 5         RX packets 1552  bytes 14029219 (13.3 MiB)
 6         RX errors 0  dropped 0  overruns 0  frame 0
 7         TX packets 1519  bytes 85477 (83.4 KiB)
 8         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 9 
10 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
11         inet 127.0.0.1  netmask 255.0.0.0
12         loop  txqueuelen 1  (Local Loopback)
13         RX packets 0  bytes 0 (0.0 B)
14         RX errors 0  dropped 0  overruns 0  frame 0
15         TX packets 0  bytes 0 (0.0 B)
16         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

 

再创建网络为container模式的容器。

docker run -it --net=container:centos --name=centos2  centos /bin/bash

此时centos2容器和centos容器具备相同的网络配置,包括IP地址,MAC地址以及hostname等信息都相同,这也是container模式下不能指定--hostname=XXXX的参数的原因。

 1 [[email protected] /]# ifconfig
 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 3         inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
 4         ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
 5         RX packets 4092  bytes 28111521 (26.8 MiB)
 6         RX errors 0  dropped 0  overruns 0  frame 0
 7         TX packets 3956  bytes 220458 (215.2 KiB)
 8         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 9 
10 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
11         inet 127.0.0.1  netmask 255.0.0.0
12         loop  txqueuelen 1  (Local Loopback)
13         RX packets 0  bytes 0 (0.0 B)
14         RX errors 0  dropped 0  overruns 0  frame 0
15         TX packets 0  bytes 0 (0.0 B)
16         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

 

(3)host模式。这将使得容器的虚拟网卡使用和宿主系统的真实网卡相同的网络环境,即直接使用宿主系统的物理网卡。

docker run -it --rm --net=host --name=centos2 --hostname=centos  centos  /bin/bash

查看容器的网卡情况:

 1 [[email protected] /]# ifconfig
 2 docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
 3         inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
 4         inet6 fe80::42:ffff:fed9:4b28  prefixlen 64  scopeid 0x20<link>
 5         ether 02:42:ff:d9:4b:28  txqueuelen 0  (Ethernet)
 6         RX packets 6506  bytes 265805 (259.5 KiB)
 7         RX errors 0  dropped 0  overruns 0  frame 0
 8         TX packets 8324  bytes 27792451 (26.5 MiB)
 9         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
10 
11 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
12         inet 11.1.1.11  netmask 255.255.255.0  broadcast 11.1.1.255
13         inet6 fe80::20c:29ff:fe66:d822  prefixlen 64  scopeid 0x20<link>
14         ether 00:0c:29:66:d8:22  txqueuelen 1000  (Ethernet)
15         RX packets 12671  bytes 1064839 (1.0 MiB)
16         RX errors 0  dropped 0  overruns 0  frame 0
17         TX packets 8803  bytes 3356079 (3.2 MiB)
18         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
19 
20 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
21         inet 11.2.1.11  netmask 255.255.255.0  broadcast 11.2.1.255
22         inet6 fe80::20c:29ff:fe66:d82c  prefixlen 64  scopeid 0x20<link>
23         ether 00:0c:29:66:d8:2c  txqueuelen 1000  (Ethernet)
24         RX packets 29604  bytes 42907671 (40.9 MiB)
25         RX errors 0  dropped 0  overruns 0  frame 0
26         TX packets 9761  bytes 597994 (583.9 KiB)
27         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
28 
29 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
30         inet 127.0.0.1  netmask 255.0.0.0
31         inet6 ::1  prefixlen 128  scopeid 0x10<host>
32         loop  txqueuelen 1  (Local Loopback)
33         RX packets 3765  bytes 2003876 (1.9 MiB)
34         RX errors 0  dropped 0  overruns 0  frame 0
35         TX packets 3765  bytes 2003876 (1.9 MiB)
36         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

(4)none模式。这将使得容器中暂时不具备网卡相关功能。

这种模式下,由于没有网卡,无法进行涉及到网络的操作,包括yum install命令。

 docker run -it --net=none --name=centos3 --hostname=centos centos /bin/bash

 

本博客将对Docker使用的bridge模式的虚拟网络进行模拟。Docker的bridge模式的虚拟网络

 

以上是关于Docker02:Docker核心技术探索网络命名空间和网络隔离的主要内容,如果未能解决你的问题,请参考以下文章

Docker02:Docker核心技术探索 分层联合文件系统

17.Docker技术入门与实战 --- 核心实现技术

17.Docker技术入门与实战 --- 核心实现技术

微服务重要的容器技术Docker的核心实现技术

Docker网络原理详解02

docker ---存储网络(利用docker容器上线静态网站)