标签:forever 00 172.17 网络 lft ff docker Docker
Docker网络
理解Docker0
ip addr 查看本机网络信息
docker如何处理容器间的网络访问?
举例说明
#开启一个tomcat01容器,命令如下:
docker run -d -P --name tomcat01 tomcat:9.0
#使用交互模式查看启动的tomcat01容器的ip地址,发现docker容器启动的时候会得到一个"eth0@if81"的ip地址,这个ip地址就是docker0给他分配的
[root@localhost ~]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
80: eth0@if81: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
#查看linux主机是否可以ping同容器内,若可以则证明他们之间的网络的互通的
[root@localhost ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.460 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.142 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.123 ms
#由上说明linux可以ping同tomcat01容器内部
#我们在查看linux虚拟机网络信息,发现多了一个网卡信息为“81: vethb9cb69f@if80” 而这个正是我们的tomcat01的地址信息
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:2c:95:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.17.110/24 brd 192.168.17.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::752a:93de:94f6:def0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:d5:5c:ab:ab brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:d5ff:fe5c:abab/64 scope link
valid_lft forever preferred_lft forever
81: vethb9cb69f@if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 3e:15:41:f2:c6:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3c15:41ff:fef2:c6b1/64 scope link
valid_lft forever preferred_lft forever
网络原理解析
从上面可以看出来docker0的IP地址为:172.17.0.1 这个相当于路由器
容器tomcat01的ip地址为:172.17.0.2 容器地址相当于由路由器分配
- 我们每安装了一个容器,docker就会给每个容器分配一个ip,我们只要安装了docker那么linux宿主机就会有一个docker0的网卡,它采用的是
桥接模式,使用的是evth-pair技术.。
我们查看主机信息可以查看如下:
- 如果我在启动一个tomcat02,再去分别查看主机网络信息及02容器ip信息,发现又多了一对网卡83: veth262069a@if82
[root@localhost ~]# docker run -d -P --name tomcat02 tomcat:9.0
4c359707ed6b4e8e900cf5f1b6708316a327c5858f97504f8c6842d772b5348f
[root@localhost ~]# docker exec -it tomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
82: eth0@if83: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:2c:95:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.17.110/24 brd 192.168.17.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::752a:93de:94f6:def0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:d5:5c:ab:ab brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:d5ff:fe5c:abab/64 scope link
valid_lft forever preferred_lft forever
81: vethb9cb69f@if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 3e:15:41:f2:c6:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3c15:41ff:fef2:c6b1/64 scope link
valid_lft forever preferred_lft forever
83: veth262069a@if82: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 0e:57:6c:5f:01:7a brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::c57:6cff:fe5f:17a/64 scope link
valid_lft forever preferred_lft forever
- 我们测试一下tomcat01和02是否能够进行容器内部ping通
#使用02ping01,但是只能使用ip来进行ping通,但是实际docker下面存在重启容器IP地址就会变化,那么我们该如何处理这种情况,我们可以使用,自定义网络或者--link方式
[root@localhost ~]# docker exec -it tomcat02 ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.063 ms
evth-pair技术是什么
evth-pair就是一对虚拟设备接口,他们是成对出现的,一端连着协议,一边进行通信,正因为有这个特性,所以经常使用evth-pair技术充当桥梁,专门用来连接各种虚拟网络设备。其中Openstack,Docker容器之间的连接,OVS的连接,都是使用的此技术。
docker网络桥接原理图
结论: tomcat01和tomcat02 是公用一个路由器,docker0 所有的容器在不指定网络的情况下,都是docker0分配的,docker会给我们分配一个默认的ip,docker中所有的网络接口都是虚拟的,虚拟的转发效率变焦高,就相当于内网传输,只要容器删除对应的主机网卡中的网桥就会删除
docker使用的linux的桥接模式:
–Link学习
--link的作用就是改变容器的host的文件,将容器名映射到对应的容器IP地址
#使用 --link来通过容器名来进行网络通讯,在创建tomcat03服务的时候就直接进行link另一个容器即可,这样03就可以直接ping通01,但是不可逆
[root@localhost ~]# docker run -d -P --name tomcat03 --link tomcat01 tomcat:9.0
048081e338242f537289c7f6c76d667c8029075bdc735bd8d3576bc9e2f44378
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
048081e33824 tomcat:9.0 "catalina.sh run" 4 seconds ago Up 3 seconds 0.0.0.0:49158->8080/tcp tomcat03
4c359707ed6b tomcat:9.0 "catalina.sh run" 27 minutes ago Up 27 minutes 0.0.0.0:49157->8080/tcp tomcat02
bb41e417982d tomcat:9.0 "catalina.sh run" 48 minutes ago Up 48 minutes 0.0.0.0:49156->8080/tcp tomcat01
[root@localhost ~]# docker exec -it tomcat03 ping tomcat01
PING tomcat01 (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat01 (172.17.0.2): icmp_seq=1 ttl=64 time=0.135 ms
64 bytes from tomcat01 (172.17.0.2): icmp_seq=2 ttl=64 time=0.077 ms
#我们可以查看tomcat03网络配置host文件,我们在host文件中增加了tomcat01的映射
[root@localhost ~]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 tomcat01 bb41e417982d
172.17.0.4 048081e33824
docker network 命令学习
#通过docker network ls 查看当前docker容器网络配置
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0d022035e3eb bridge bridge local
221fa24372c0 host host local
4f887466cdec none null local
#移除network命令
`docker network rm 网络名称或者ID`
#通过docker network inspect docker0 网络ID 查看当前docker容器网络详情元数据
[root@localhost ~]# docker network inspect 0d022035e3eb
[
{
"Name": "bridge",
"Id": "0d022035e3eb55eddbd373ff81d7276b42957271ecf80e5eb6448f139189e949",
"Created": "2021-01-27T11:19:51.128040455+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"048081e338242f537289c7f6c76d667c8029075bdc735bd8d3576bc9e2f44378": {
"Name": "tomcat03",
"EndpointID": "7afc49b9c270a281b86679d3017a488f4098d00368b94d4dbfb9c2c8b11f44f3",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"4c359707ed6b4e8e900cf5f1b6708316a327c5858f97504f8c6842d772b5348f": {
"Name": "tomcat02",
"EndpointID": "ac1411756a405434c0949126f09e37c397ff78ce9e971e32011738c90890f0e8",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"bb41e417982d8e48e4875557e359b2ee094fc0b379ea57860b896fd1388990ec": {
"Name": "tomcat01",
"EndpointID": "e3c7a1478a081e9d0eb35193f3626e223f867bd748b7c07a3e1d70f9a8cce749",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
自定义docker网络
查看所有的网络
网络模式:桥接 bridge ,none 不配置网络, host 和宿主机网络,container:容器联通网络,用的少,局限大
创建mynet网络
#我们在默认创建容器的时候,网络连接已经默认使用`--net bridge `了,而这个birdge就是我们的docker0网络,所以我们可以自定义我们自己的网络
[root@localhost ~]# docker run -d -P --name tomcat04 --net bridge tomcat:9.0
462bcd1f64bfe8a69a430103efffde9df24a74ca5fd9f3099dfc199b66136087
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
462bcd1f64bf tomcat:9.0 "catalina.sh run" 7 seconds ago Up 6 seconds 0.0.0.0:49159->8080/tcp tomcat04
048081e33824 tomcat:9.0 "catalina.sh run" 19 minutes ago Up 19 minutes 0.0.0.0:49158->8080/tcp tomcat03
4c359707ed6b tomcat:9.0 "catalina.sh run" 46 minutes ago Up 46 minutes 0.0.0.0:49157->8080/tcp tomcat02
bb41e417982d tomcat:9.0 "catalina.sh run" About an hour ago Up About an hour 0.0.0.0:49156->8080/tcp tomcat01
[root@localhost ~]#
创建网络
[root@localhost ~]# docker network create --driver bridge --subnet 192.168.0.1/16 --gateway 192.168.0.1 mynet
aff6f661639b31e09f2f92e3e1302fbb8a5737477a76a3287181ec95ed2991b2
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0d022035e3eb bridge bridge local
221fa24372c0 host host local
aff6f661639b mynet bridge local
4f887466cdec none null local
#这样我们就看见了我们自定义的mynet网络,其中默认驱动为桥接,子网掩码:192.168.0.1/16,网关为,192.168.0.1
#我们查看自己的网络信息
[root@localhost ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "aff6f661639b31e09f2f92e3e1302fbb8a5737477a76a3287181ec95ed2991b2",
"Created": "2021-01-29T18:47:06.34377289+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.1/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
#然后后面的服务器就可以放在我们自己网络里面船舰容器
[root@localhost ~]# docker run -d -P --name t01 --net mynet tomcat:9.0
a29685b1ff4504620ca18be575c258aebc4e9ed436967eb8987aeb34509a336a
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0d022035e3eb bridge bridge local
221fa24372c0 host host local
aff6f661639b mynet bridge local
4f887466cdec none null local
[root@localhost ~]# docker network inspect mynet
[
{
"Name": "mynet",
"Id": "aff6f661639b31e09f2f92e3e1302fbb8a5737477a76a3287181ec95ed2991b2",
"Created": "2021-01-29T18:47:06.34377289+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.1/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"a29685b1ff4504620ca18be575c258aebc4e9ed436967eb8987aeb34509a336a": {
"Name": "t01",
"EndpointID": "427fbf70c8cb6a99bf68c57d8bd8cb46abdbfaf0d99922cfca550b74da97d312",
"MacAddress": "02:42:c0:a8:00:02",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
总结: 我们自定义的网络就帮我们维护好了对应关系,直接就可以使用容器明进行连通。
网络连通的操作
所谓网络连通就是,同一种集群使用自已的自定义网络,这样可以保证集群的安全和健壮性,那么不同的集群使用不同的自定义网络,那如果要使他们进行通讯,就要进行网络连通操作,如,mysql集群和redis集群。
标签:forever,00,172.17,网络,lft,ff,docker,Docker 来源: https://blog.csdn.net/Exception_sir/article/details/113398598
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。