docker 10 :docker单机网络模式
Docker 单机网络模式分为以下几种:
1)bridge NetWork,启动容器时使用--net=bridge参数指定,默认设置。
2)Host NetWork ,启动容器时使用--net=host参数指定。
3)None NetWork, 启动容器时使用--net=none参数指定。
4)Container NetWork,启动容器时使用--net=container:NAME_or_ID参数指定。
一、Bridge Network
容器启动的时候,默认就是bridge模式,在docker进程启动之后会默认产生一张名为docker0的虚拟网卡,并产生一个B类地址作为网关。
[root@localhost ~]# ip addr
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:4d:9e:57:46 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:4dff:fe9e:5746/64 scope link
valid_lft forever preferred_lft forever
当容器启动的时候,docker会创建一个虚拟网卡对(veth pair),docker将该网卡对的一端放在容器上,另外一端放在宿主机上。相当于容器是一台服务器,宿主机是一台交换机。服务器插在交换机上。容器的网关为docker0的ip。
[root@localhost ~]# docker run -it --name bridgedemo centos /bin/bash
[root@dbffcd202f86 /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr
25: veth65c6965@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ba:8a:cd:6b:6a:92 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::b88a:cdff:fe6b:6a92/64 scope link
valid_lft forever preferred_lft forever
查看容器网络配置如下:
[root@localhost ~]# docker inspect dbffcd202f86
"NetworkSettings": {
"Bridge": "",
"SandboxID": "930fc115253512a9add4661affc5ed35f3f66873e58b94a1b43bb2782579d35d",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/930fc1152535",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "ea75bedb62deeba264f2e480583b0a8bf095610777b65313f6e9b9d7b9ad9679",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:04",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "868c4f911317fd6eb3bd4c2f7785a237f9323a4751fcd233918aee1d7fc1689d",
"EndpointID": "ea75bedb62deeba264f2e480583b0a8bf095610777b65313f6e9b9d7b9ad9679",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:04",
"DriverOpts": null
二、Host Network
我们使用host模式运行一台docker,如下:
[root@localhost ~]# docker run --name host_demo1 -d --network host nginx 6d5b3314ea065c9554ec9b60e0ee318caffcaa570bc6901bd3d5642778953441 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6d5b3314ea06 nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds host_demo1 08f296dfd2c9 nginx "/docker-entrypoint.…" 15 hours ago Up 15 hours 0.0.0.0:32769->80/tcp nginx-memoytest
这里发现没有端口,原因是当使用host模式的时候,容器使用的是宿主机的网络,默认就是80端口。通过80端口访问验证:
[root@localhost ~]# curl localhost:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
在这种场景下,就不能启用两个相同业务的容器了,比如我们再启用一个nginx,会有端口冲突的问题。
[root@localhost ~]# docker run --name host_demo2 -d --network host nginx d64e6fe8c0efdc5577031b0535c1a8755d0a0b75c031cf4d33d39fcaf322bb97
启动的时候不会报错,但是查看运行的容器发现没有运行。 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6d5b3314ea06 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes host_demo1
查看容器,发现容器已经退出,说明在有端口冲突的情况下容器起不来。 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d64e6fe8c0ef nginx "/docker-entrypoint.…" 20 seconds ago Exited (1) 17 seconds ago host_demo2
可以看到docker0这个网桥中有三个容器接口:
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02424d9e5746 no veth2e36074
veth65c6965
veth6b817c1
三、None Network
使用none 模式,Docker 容器拥有自己的Network Namespace,但是,并不为Docker 容器进行任何网络配置。也就是说,这个Docker 容器没有网卡、IP、路由等信息。需要我们自己为Docker 容器添加网卡、配置IP 等。
但是仍会产生一个lo0的接口,用于容器内部的通信。
四、Container NetWork
Container 模式指定新创建的容器和已经存在的一个容器共享一个Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等(共用一张网卡)。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过localhost 网卡设备通信。使用其他容器的桥接网卡出外网, 此模式不支持-p主机端口:容器端口。
[root@localhost ~]# docker run --name containerdemo1 -it --network container:bridgedemo centos /bin/bash [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c259087ec683 centos "/bin/bash" 5 minutes ago Up 5 minutes containerdemo1 dbffcd202f86 centos "/bin/bash" About an hour ago Up About an hour bridgedemo
c259087ec683这是一个新创建的容器。
但是当通过attach进去的时候发现他的容器ID变了,查看网卡,发现两个容器拥有相同的网卡配置。
[root@localhost ~]# docker attach c259087ec683 [root@dbffcd202f86 /]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0 [root@dbffcd202f86 /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
但是这并不影响他们的文件系统,通过docker attach c259087ec683进入容器并创建文件,该文件不会在dbffcd202f86存在。因为他们只共享网卡。
posted on 2021-04-19 12:32 torotoise512 阅读(124) 评论(0) 编辑 收藏 举报
