Docker 网络模式
本文首先介绍了Docker自身的4种网络工作方式,
Docker作为目前最火的轻量级容器技术,有很多令人称道的功能,如Docker的镜像管理。然而,Docker同样有着很多不完善的地方,网络方面就是Docker比较薄弱的部分。因此,我们有必要深入了解Docker的网络知识,以满足更高的网络需求。
四种网络模式
我们在使用docker run创建Docker容器时,可以用–net选项指定容器的网络模式,Docker有以下4种网络模式:
· host模式,使用–net=host指定。
· container模式,使用–net=container:NAME_or_ID指定。
· none模式,使用–net=none指定。
· bridge模式,使用–net=bridge指定,默认设置。
1 host模式
众所周知,Docker使用了Linux的Namespaces技术来进行资源隔离,如PID Namespace隔离进程,Mount Namespace隔离文件系统,Network Namespace隔离网络等。一个Network Namespace提供了一份独立的网络环境,包括网卡、路由、Iptable规则等都与其他的Network Namespace隔离。一个Docker容器一般会分配一个独立的Network Namespace。但如果启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。
例如,我们在10.10.101.105/24的机器上用host模式启动一个含有web应用的Docker容器,监听tcp80端口。当我们在容器中执行任何类似ifconfig命令查看网络环境时,看到的都是宿主机上的信息。而外界访问容器中的应用,则直接使用10.10.101.105:80即可,不用任何NAT转换,就如直接跑在宿主机中一样。但是,容器的其他方面,如文件系统、进程列表等还是和宿主机隔离的。
2 container模式
在理解了host模式后,这个模式也就好理解了。这个模式指定新创建的容器和已经存在的一个容器共享一个Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过lo网卡设备通信。
3 none模式
这个模式和前两个不同。在这种模式下,Docker容器拥有自己的Network Namespace,但是,并不为Docker容器进行任何网络配置。也就是说,这个Docker容器没有网卡、IP、路由等信息。需要我们自己为Docker容器添加网卡、配置IP等。
4 bridge模式
bridge模式是Docker默认的网络设置,此模式会为每一个容器分配Network Namespace、设置IP等,并将一个主机上的Docker容器连接到一个虚拟网桥上。下面着重介绍一下此模式。
host模式
使用Docker run时使用–net=host指定
Docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip是宿主机上的ip。
[root@localhost ~]# docker run -it –rm –net=host centos_with_net bash
–rm,退出镜像时同时删除该镜像
[root@localhost /]# ifconfig
docker0: flags=4163 mtu 1500
inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::8cfc:c7ff:fe49:f1ae prefixlen 64 scopeid 0x20
ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet)
RX packets 58 bytes 3820 (3.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 468 (468.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163 mtu 1500
inet 192.168.1.179 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fedb:b228 prefixlen 64 scopeid 0x20
ether 00:0c:29:db:b2:28 txqueuelen 1000 (Ethernet)
RX packets 10562 bytes (847.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2985 bytes (381.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 16 bytes 960 (960.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 960 (960.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth: flags=4163 mtu 1500
inet6 fe80::c0f4:f5ff:fe71:f3bd prefixlen 64 scopeid 0x20
ether c2:f4:f5:71:f3:bd txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49 bytes 3894 (3.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth111b1ca: flags=4163 mtu 1500
inet6 fe80::4c90:a4ff:feb6:9191 prefixlen 64 scopeid 0x20
ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1026 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth55dbbb2: flags=4163 mtu 1500
inet6 fe80::c84d:9ff:fecd:da27 prefixlen 64 scopeid 0x20
ether ca:4d:09:cd:da:27 txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 3336 (3.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth5e2dff4: flags=4163 mtu 1500
inet6 fe80::9465:1bff:fed2:f75d prefixlen 64 scopeid 0x20
ether 96:65:1b:d2:f7:5d txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1584 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth628d605: flags=4163 mtu 1500
inet6 fe80::5cc8:ebff:fedb:ea69 prefixlen 64 scopeid 0x20
ether 5e:c8:eb:db:ea:69 txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 468 (468.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethe: flags=4163 mtu 1500
inet6 fe80::b464:e5ff:fed5:1bd6 prefixlen 64 scopeid 0x20
ether b6:64:e5:d5:1b:d6 txqueuelen 0 (Ethernet)
RX packets 7 bytes 558 (558.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27 bytes 2142 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethb086b1c: flags=4163 mtu 1500
inet6 fe80::dcdf:66ff:fed8:f2df prefixlen 64 scopeid 0x20
ether de:df:66:d8:f2:df txqueuelen 0 (Ethernet)
RX packets 8 bytes 636 (636.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2700 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost /]# exit
exit
与宿主机的IP信息对比
[root@localhost ~]# ifconfig
docker0 Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::8cfc:c7ff:fe49:f1ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3820 (3.7 KiB) TX bytes:468 (468.0 b)
eth0 Link encap:Ethernet HWaddr 00:0C:29:DB:B2:28
inet addr:192.168.1.179 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fedb:b228/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10661 errors:0 dropped:0 overruns:0 frame:0
TX packets:3012 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes: (856.2 KiB) TX bytes: (388.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)
veth5e2dff4 Link encap:Ethernet HWaddr 96:65:1B:D2:F7:5D
inet6 addr: fe80::9465:1bff:fed2:f75d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:558 (558.0 b) TX bytes:1584 (1.5 KiB)
vethb086b1c Link encap:Ethernet HWaddr DE:DF:66:D8:F2:DF
inet6 addr: fe80::dcdf:66ff:fed8:f2df/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:636 (636.0 b) TX bytes:2700 (2.6 KiB)
veth55dbbb2 Link encap:Ethernet HWaddr CA:4D:09:CD:DA:27
inet6 addr: fe80::c84d:9ff:fecd:da27/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:558 (558.0 b) TX bytes:3336 (3.2 KiB)
veth111b1ca Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91
inet6 addr: fe80::4c90:a4ff:feb6:9191/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:558 (558.0 b) TX bytes:1026 (1.0 KiB)
veth628d605 Link encap:Ethernet HWaddr 5E:C8:EB:DB:EA:69
inet6 addr: fe80::5cc8:ebff:fedb:ea69/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:558 (558.0 b) TX bytes:468 (468.0 b)
vethe Link encap:Ethernet HWaddr B6:64:E5:D5:1B:D6
inet6 addr: fe80::b464:e5ff:fed5:1bd6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:558 (558.0 b) TX bytes:2142 (2.0 KiB)
veth Link encap:Ethernet HWaddr C2:F4:F5:71:F3:BD
inet6 addr: fe80::c0f4:f5ff:fe71:f3bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:558 (558.0 b) TX bytes:3894 (3.8 KiB)
container模式
使用–net=Container:container_id/container_name,多个容器使用共同的网络看到的ip是一样的。
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7169e8be6d3e centos “/bin/bash” About an hour ago Up About an hour serene_goldstine
4cdbbe centos “bash” About an hour ago Up About an hour cent_testv2
4f5bf6f33f2c centos “bash” About an hour ago Up About an hour gloomy_colden
0ac9 centos “bash” About an hour ago Up About an hour mad_carson
fb45150dbc21 centos “bash” About an hour ago Up About an hour cent_testv
3222c7c5c456 centos “bash” 2 hours ago Up 2 hours sick_albattani
e136b27a8e17 centos “bash” 2 hours ago Up 2 hours tender_euclid
[root@localhost ~]# docker exec -it 7169 bash
[root@7169e8be6d3e /]# ifconfig
bash: ifconfig: command not found
[root@7169e8be6d3e /]# yum install -y net-tools ifconfig
[root@7169e8be6d3e /]# ifconfig
eth0: flags=4163 mtu 1500
inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20
ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet)
RX packets 5938 bytes (14.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4841 bytes (321.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@7169e8be6d3e /]# exit
exit
[root@localhost ~]# docker run -it –rm –net=container:7169 centos_with_net bash
[root@7169e8be6d3e /]# ifconfig
eth0: flags=4163 mtu 1500
inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20
ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet)
RX packets 5942 bytes (14.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4855 bytes (322.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
none模式
使用–net=none指定,这种模式下不会配置任何网络。
[root@localhost ~]# docker run -it –rm –net=none centos_with_net bash
[root@67d0 /]# ifconfig
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
bridge模式(默认模式)
使用–net=bridge指定,不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。类似于Vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的。
感谢阅读,希望能帮助到大家,谢谢大家对本站的支持!
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/219873.html原文链接:https://javaforall.net
