理解docker0
2. 查看宿主机网卡
演示环境为:阿里云主机
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:40:fc:42:bd txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.26.207.139 netmask 255.255.240.0 broadcast 172.26.207.255
inet6 fe80::216:3eff:fe0a:a34 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:0a:0a:34 txqueuelen 1000 (Ethernet)
RX packets 48090170 bytes 11229282579 (11.2 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46121258 bytes 15555060022 (15.5 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 15313336 bytes 4029284882 (4.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15313336 bytes 4029284882 (4.0 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
系统安装docker容器后,会自动的创建一个 docker0的虚拟网卡。
3. 启动容器
3.1 启动一个tomcat
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# docker run -d -p8787:8080 --name tomcat01 tomcat
Unable to find image 'tomcat:latest' locally
latest: Pulling from library/tomcat
405f018f9d1d: Pull complete
160c99d3182b: Pull complete
e07a736be37f: Pull complete
eb991d49ce62: Pull complete
0ff310af806b: Pull complete
5471efbd5b51: Pull complete
4b20fab9f120: Pull complete
Digest: sha256:df634a0b4a2a61069521c4681609423b3794d2a3120821b92f346710450ad344
Status: Downloaded newer image for tomcat:latest
fadea24341571729e60b82fc55d1735ede022a609430ff61a1a1c328db1e972a
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fadea2434157 tomcat "catalina.sh run" 5 seconds ago Up 4 seconds 0.0.0.0:8787->8080/tcp tomcat01
3.2 查看容器IP信息
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
可以看到。启动的虚拟机有一个名为:eth0@if5 网卡。ip地址为:172.17.0.2
3.3 再次查看宿主机网卡
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:16:3e:0a:0a:34 brd ff:ff:ff:ff:ff:ff
inet 172.26.207.139/20 brd 172.26.207.255 scope global dynamic eth0
valid_lft 248749875sec preferred_lft 248749875sec
inet6 fe80::216:3eff:fe0a:a34/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:40:fc:42:bd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: veth44ae3dc@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether c2:d2:da:b4:61:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
宿主机的网卡多出来一个 veth44ae3dc@if4 。
3.4 在启动一个容器
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# docker run -d -p8686:8080 --name tomcat02 tomcat
1457e8972fe7befab5eb4abd78b92117f54bd7e277d6f1aeb651239a033601dd
3.5 查看容器IP信息
网卡名称:eth0@if7
IP地址:172.17.0.3
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# docker exec -it tomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
3.6 再次查看宿主机网卡
多出来虚拟网卡信息:vethb37b6b6@if6
root@iZ8vb28ugr0yzmw9dv50ciZ:~/docker# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:16:3e:0a:0a:34 brd ff:ff:ff:ff:ff:ff
inet 172.26.207.139/20 brd 172.26.207.255 scope global dynamic eth0
valid_lft 248747109sec preferred_lft 248747109sec
inet6 fe80::216:3eff:fe0a:a34/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:40:fc:42:bd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: veth44ae3dc@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether c2:d2:da:b4:61:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
7: vethb37b6b6@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether fe:16:19🇧🇪21:12 brd ff:ff:ff:ff:ff:ff link-netnsid 1
我们发现这个容器创建网卡(虚拟机和宿主机)是成对出现的。
evth-pair 就是一对的虚拟设备接口,他们成对出现。一端连着协议,一端彼此相连。
正因为这个特性,evth-pair充当了一个桥梁,连接各种虚拟网络设备。
4. link
实战:
#连接容器
docker run -d -p8585:8080 --name tomcat03 --link tomcat02 tomcat
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: icmp_seq=0 ttl=64 time=0.115 ms
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.085 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.086 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.084 ms
64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.102 ms
64 bytes from 172.17.0.3: icmp_seq=6 ttl=64 time=0.085 ms
64 bytes from 172.17.0.3: icmp_seq=7 ttl=64 time=0.081 ms
64 bytes from 172.17.0.3: icmp_seq=8 ttl=64 time=0.085 ms
64 bytes from 172.17.0.3: icmp_seq=9 ttl=64 time=0.084 ms
64 bytes from 172.17.0.3: icmp_seq=10 ttl=64 time=0.075 ms
64 bytes from 172.17.0.3: icmp_seq=11 ttl=64 time=0.096 ms
64 bytes from 172.17.0.3: icmp_seq=12 ttl=64 time=0.103 ms
64 bytes from 172.17.0.3: icmp_seq=13 ttl=64 time=0.084 ms
^C--- tomcat02 ping statistics ---
14 packets transmitted, 14 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.075/0.090/0.115/0.000 ms
4.1 link原理
--link 就是我们在目标hosts中添加一个链接服务器的 映射。
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat02 1457e8972fe7
172.17.0.4 4772b9656299
5. 自定义网络
5.1 创建自定义网络
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 inetwork
5.2 创建基于自定义网络的主机
docker run -d -P --name tomcat-net-01 --net inetwork tomcat
docker run -d -P --name tomcat-net-02 --net inetwork tomcat
5.3 测试网络连通情况
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.inetwork (192.168.0.3): icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from tomcat-net-02.inetwork (192.168.0.3): icmp_seq=2 ttl=64 time=0.078 ms
64 bytes from tomcat-net-02.inetwork (192.168.0.3): icmp_seq=3 ttl=64 time=0.072 ms
64 bytes from tomcat-net-02.inetwork (192.168.0.3): icmp_seq=4 ttl=64 time=0.075 ms
64 bytes from tomcat-net-02.inetwork (192.168.0.3): icmp_seq=5 ttl=64 time=0.079 ms
64 bytes from tomcat-net-02.inetwork (192.168.0.3): icmp_seq=6 ttl=64 time=0.067 ms
^C
--- tomcat-net-02 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5104ms
rtt min/avg/max/mdev = 0.067/0.076/0.085/0.005 ms
5.4 connect 指令
实战案例
~# docker ps # 查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
995115dad420 tomcat "catalina.sh run" 22 minutes ago Up 22 minutes 0.0.0.0:49154->8080/tcp tomcat-net-02
ee098d08f382 tomcat "catalina.sh run" 22 minutes ago Up 22 minutes 0.0.0.0:49153->8080/tcp tomcat-net-01
4772b9656299 tomcat "catalina.sh run" About an hour ago Up About an hour 0.0.0.0:8585->8080/tcp tomcat03
1457e8972fe7 tomcat "catalina.sh run" 4 days ago Up 4 days 0.0.0.0:8686->8080/tcp tomcat02
fadea2434157 tomcat "catalina.sh run" 5 days ago Up 5 days 0.0.0.0:8787->8080/tcp tomcat01
#尝试使用两个网段的容器ping
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker exec -it tomcat01 ping tomcat-net-01
ping: unknown host
#查看network connect 命令使用方法
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker network connect --help
Usage: docker network connect [OPTIONS] NETWORK CONTAINER
Connect a container to a network
Options:
--alias strings Add network-scoped alias for the container
--driver-opt strings driver options for the network
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--link list Add link to another container
--link-local-ip strings Add a link-local address for the container
#将容器和网络连通
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker network connect inetwork tomcat01
#测试
root@iZ8vb28ugr0yzmw9dv50ciZ:~# docker exec -it tomcat01 ping tomcat-net-01
PING tomcat-net-01 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.123 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.114 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.082 ms
^C--- tomcat-net-01 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.082/0.106/0.123/0.000 ms
root@iZ8vb28ugr0yzmw9dv50ciZ:~#
本文由 huzd 创作,采用 知识共享署名4.0 国际许可协议进行许可本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名最后编辑时间
为:
2022/08/01 16:54