Docker网络

理解docker0

宿主机的IP地址情况

[root@localhost dockerfile]# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:71:6e:65 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.177/24 brd 192.168.100.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::740c:b13c:7ae:d319/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:43:fe:4b:6c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:43ff:fefe:4b6c/64 scope link 
       valid_lft forever preferred_lft forever

启动一个centos01容器，外面的宿主机可以ping里面172.17.0.3.容器里面会生成一个eth0，和docker0在一个网段，docker0在宿主机上，启动了docker服务后自动生成。

[root@localhost dockerfile]# docker run -it --name centos01 centos /bin/bash
[root@025a7676b27f /]# 
[root@025a7676b27f /]# 
[root@025a7676b27f /]# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
56: eth0@if57:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@025a7676b27f /]# whereis ip
ip: /usr/sbin/ip
[root@025a7676b27f /]# [root@localhost dockerfile]# 
[root@localhost dockerfile]# 
[root@localhost dockerfile]# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.169 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.123 ms
^X^X64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.150 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.133 ms

一旦启动一个容器，宿主机ip addr就会多一个虚拟设备接口

例如下面的57: vethb4152fa@if56和容器里的56: eth0@if57:是一对。

这个evth-pair充当桥梁，连接各种虚拟网络

verse-pair。所以启动两个容器，相互之间也可以Ping通！

只要容器删除，对应的一对网口也就消失了

[root@localhost dockerfile]# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:71:6e:65 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.177/24 brd 192.168.100.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::740c:b13c:7ae:d319/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:43:fe:4b:6c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:43ff:fefe:4b6c/64 scope link 
       valid_lft forever preferred_lft forever
55: veth19f366b@if54:  mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 86:b3:6d:11:56:6f brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::84b3:6dff:fe11:566f/64 scope link 
       valid_lft forever preferred_lft forever
57: vethb4152fa@if56:  mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 46:2a:45:40:64:e7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::442a:45ff:fe40:64e7/64 scope link 
       valid_lft forever preferred_lft forever

假设有两个容器，tomcat01,tomcat02.

启动两个容器，执行下面的命令

docker exec -it tomcat01 ping tomcat02

结果：报错，不能找到tomcat02

假设在启动一个容器，tomcat03

docker run -d -P --name tomcat03 --link tomcat02 tomcat

docker exec -it tomcat03 ping tomcat02  #03可以ping通02

docker exec -it tomcat02 ping tomcat03   #但是02不能ping 03

原因在于docker3的/etc/hosts文件下面写入了tomcat2的条目，但是02没有写03的。

docker exec -it tomcat03 cat /etc/hosts
172.18.0.3 tomcat02 tomcat02ID

通过docker network可以查看网络设置，通过docker inspect容器ID也可以看到networking settings.

[root@localhost dockerfile]# docker network ls    #这就是展示了docker的网络。
NETWORK ID     NAME      DRIVER    SCOPE
65f61d1d236d   bridge    bridge    local
7997a9ebd537   host      host      local
ba70c8c166a2   none      null      local
[root@localhost dockerfile]# docker inspect 65f61d1d236d   #展示了docker0内部的网络
[
    {
        "Name": "bridge",
        "Id": "65f61d1d236de31ba89654b1cb9e718394a8cc60a678e0f98528576b140cba89",
        "Created": "2022-01-28T06:16:18.252096262+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",   #docker的网络
                    "Gateway": "172.17.0.1"       #docker0的IP
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "025a7676b27f2e4eb79178cb9fd4c4494f4521d9cdc38a7553bfadd91c1e4cdc": {
                "Name": "centos01",
                "EndpointID": "8a2a079f39965f3c460bcf0ce08c945b7e7a8722b7f2220bfbd1f6c5c2a0d63e",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",         #两个容器的IP和name
                "IPv6Address": ""
            },
            "43af7e3f1e0987eaa666e44deb2acba04871c1965e23e9ee179c3e426158d07e": {
                "Name": "tomcat01",
                "EndpointID": "95e7ae57515d547b32647f5abfb1913918d190b9a3af38844c9090684073fdfa",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
[root@localhost dockerfile]#

--link现在不推荐使用了！

Docker网络

Linux相关栏目本月热门文章