docker筆記49-容器虛擬化網路
overlay network(疊加網路)
docker網路
bridge
docker安裝後,自動會有
[root@master chenzx]# docker network ls NETWORK ID NAME DRIVER SCOPE 74997b46b6c7 bridge bridge local ae048711b7aa host host local 77190e2a8be4 none null local
說明:
bridge:表示橋接網路,但並非物理橋,它會在宿主機上建立一個純粹的docker0軟交換機(ifconfig可以看到),這個docker0也可以當網路卡使用。也就是說這個docker0 同時扮演二層的交換機裝置,同時也扮演二層的網路卡裝置。如果你不給docker0地址,那麼docker0就只是交換機;如果你給docker0個ip地址,那麼這個docker0既能當交換機、又能當網路卡。之後我們在這個宿主機上建立的容器,會自動建立一對網路卡,一個放在容器上,一個放在docker0橋這個虛擬交換機上。另外透過ifconfig命令還能看到vetha1a84f這樣的網路卡,這就是每個啟動起來的容器(docker ps看)對應的一對網路卡,一半在容器裡面,另一半就在宿主機上,並插在docker0橋上。需要透過brctl命令來看。
[root@master chenzx]#yum -y install bridge-utils [root@master chenzx]# brctl show bridge name bridge id STP enabled interfaces docker0 8000.024221ea33da no vetha1a84fa [root@master chenzx]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:50:56:a2:56:4a brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 02:42:21:ea:33:da brd ff:ff:ff:ff:ff:ff 5: vetha1a84fa@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT link/ether 2a:cc:7c:a9:75:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
docker0橋預設是nat橋,每生成一個容器,會自動產生一條iptables規則:
[root@master chenzx]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 32550 packets, 2318K bytes) pkts bytes target prot opt in out source destination 5 324 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 2486 packets, 502K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 44775 packets, 2700K bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 44775 packets, 2700K bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:443 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.17.0.2:443 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:80
看POSTROUTING鏈,從任何地址進來(in * ),只要不是從docker0出去(!docker0),源地址來自172.17.0.0/16,無論到達任何主機(0.0.0.0),我們都要做地址偽裝(MASQUERADE),即自動snat。其意思就是自動在物理機上選擇一個地址當做源地址。所以docker0橋預設就是nat橋。
[root@master chenzx]# docker inspect 容器名字 //可以看容器詳細資訊
bridge的缺點:
一個物理機1上的容器,想要被另外一個物理機2訪問,只能訪問1號物理機上的宿主機ip+容器對映出來的埠。一個物理機只能有一個80埠,所以有多個容器都有80埠時,就不好辦了。這時用overlay networkd來解決。
[root@master chenzx]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "74997b46b6c7f3a130942bce4e26a9f1b691eb96b497aa7b5bec3d68405eeb70",
"Created": "2019-06-25T05:32:31.482091683-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"1877cad503409040e026e1e7194751f0f23a627d9aa572aebfdc54ab679ec102": {
"Name": "xenodochial_galois",
"EndpointID": "4336bb5aef3245eab6d79a5f67d51c8bd684b6e03ec34a60445cd5ab0ed65b4a",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
host
[root@master chenzx]# docker network ls NETWORK ID NAME DRIVER SCOPE 74997b46b6c7 bridge bridge local ae048711b7aa host host local 77190e2a8be4 none null local
host表示讓容器使用宿主機的網路名稱空間。
一個容器(包含一個虛擬機器、一個實體機)有如下六大名稱空間:
但是我們可以讓每個容器共用一個宿主機的網路空間,這就是host:
使用ip netns命令管理宿主機的網路名稱空間
用ip netns(network name space)管理網路名稱空間時,只有網路名稱空間是隔離的,其他名稱空間(USER使用者、IPC、Mount問阿金系統、UTS主機等)都是共享的
[root@master chenzx]# ip netns add r1 [root@master chenzx]# ip netns add r2 [root@master chenzx]# ip netns list r2 r1 [root@master chenzx]# ip netns exec r1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
看到網路名稱空間中只有一個網路卡裝置叫lo。
我們也可以用ip link建立一對網路卡:
[root@master chenzx]# ip link add name veth1.1 type veth peer name veth1.2 [root@master chenzx]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:50:56:a2:56:4a brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 02:42:21:ea:33:da brd ff:ff:ff:ff:ff:ff 5: vetha1a84fa@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT link/ether 2a:cc:7c:a9:75:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0 6: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 36:a6:f8:b4:d0:c6 brd ff:ff:ff:ff:ff:ff 7: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether de:b7:a4:16:2b:c1 brd ff:ff:ff:ff:ff:ff
veth1.1@veth1.2 表示 veth1.1的另一半是 veth1.2,這兩頭都在我們的宿主機上。
下面我們把網路裝置移動到另外一個名稱空間中。
[root@master chenzx]# ip link set dev veth1.2 netns r1
上面表示把網路裝置veth1.2移動到r1網路名稱空間中。注意,一個裝置只能屬於一個名稱空間。
[root@master chenzx]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:50:56:a2:56:4a brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 02:42:21:ea:33:da brd ff:ff:ff:ff:ff:ff 5: vetha1a84fa@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT link/ether 2a:cc:7c:a9:75:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0 7: veth1.1@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether de:b7:a4:16:2b:c1 brd ff:ff:ff:ff:ff:ff link-netnsid 1
上面看到宿主機上網路卡裝置veth1.2已經沒有了。
[root@master chenzx]# ip netns exec r1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 36:a6:f8:b4:d0:c6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
上面看到r1名稱空間中有veth1.2這個網路卡裝置了。
下面我們把r1名稱空間中的veth1.2改名為eth0:
[root@master chenzx]# ip netns exec r1 ip link set dev veth1.2 name eth0 [root@master chenzx]# ip netns exec r1 ifconfig -a eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 36:a6:f8:b4:d0:c6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們把宿主機上的veth1.1網路卡啟用:
[root@master chenzx]# ifconfig veth1.1 10.1.0.1/24 up [root@master chenzx]# ifconfig veth1.1 veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255 ether de:b7:a4:16:2b:c1 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們把宿主機上網路卡veth1.1的另一半網路卡veth1.2(目前該名為eth0,並在r1網路名稱空間中)也給啟用:
[root@master chenzx]# ip netns exec r1 ifconfig eth0 10.1.0.2/24 up [root@master chenzx]# ip netns exec r1 ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::34a6:f8ff:feb4:d0c6 prefixlen 64 scopeid 0x20<link> ether 36:a6:f8:b4:d0:c6 txqueuelen 1000 (Ethernet) RX packets 17 bytes 1026 (1.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在宿主機上ping r1網路名稱空間中的eth0裝置,是可以通訊了:
[root@master chenzx]# ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.071 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.032 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.056 ms
下面我們把宿主機上的veth1.1這塊網路卡移動到r2網路名稱空間中
[root@master chenzx]# ip link set dev veth1.1 netns r2 [root@master chenzx]# ifconfig //發現宿主機上已經沒有veth1.1這塊網路卡了 [root@master chenzx]# ip netns exec r2 ifconfig veth1.1 10.1.0.3/24 up [root@master chenzx]# ip netns exec r2 ifconfig veth1.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.3 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::dcb7:a4ff:fe16:2bc1 prefixlen 64 scopeid 0x20<link> ether de:b7:a4:16:2b:c1 txqueuelen 1000 (Ethernet) RX packets 13 bytes 1026 (1.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 29 bytes 1982 (1.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們去r2網路名稱空間中,去ping r1中的網路卡地址,發現是通的:
[root@master chenzx]# ip netns exec r2 ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.066 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.036 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.028 ms
容器的四種網路模型
執行一個封閉式容器,讓不和外界通訊
[root@master chenzx]# docker run --name t1 -it --network none --rm busybox:latest / # ifconfig -a lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # exit
看到,上面我們建立的容器只有lo,沒有任何網路卡,這就是封閉式網路模型
預設建立的容器是bridge網路模型
[root@master chenzx]# docker run --name t1 -it --rm busybox:latest Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox 8e674ad76dce: Pull complete Digest: sha256:c94cf1b87ccb80f2e6414ef913c748b105060debda482058d2b8d0fce39f11b9 Status: Downloaded newer image for busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03 inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
說明: --rm表示容器關閉就自動刪除了。
看到,預設建立的容器有ip 172.17.0.3,說明是bridge模型,和宿主機上的docker0交換機一個網段。
建立容器時,直接指定主機名:
[root@master chenzx]# docker run --name t1 -it --network bridge -h t1 --rm busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # hostname t1 / # cat /etc/resolv.conf //看到用的是宿主機的DNS nameserver 172.16.1.20
說明:-h就是指定主機名。
下面我們在建立容器時就指定DNS:
[root@master chenzx]# docker run --name t1 -it --network bridge -h t1 --dns 114.114.114.114 --rm busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # cat /etc/resolv.conf nameserver 114.114.114.114
下面我們在建立容器時指定域名和ip:
[root@master chenzx]# docker run --name t1 -it --network bridge -h t1 --dns 114.114.114.114 --dns-search czxin.com --add-host WARNING: IPv4 forwarding is disabled. Networking will not work. / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 1.1.1.1 172.17.0.3 t1
開放式容器模型
使用-p埠把容器裡面的埠和宿主機裡面的埠,進行對映。
[root@master chenzx]# docker run --name myweb --rm -p 0.0.0.0:8080:80 nginx 說明:0.0.0.0代表宿主機上的所有地址,不寫就預設是0.0.0.0,宿主機上的8080埠對應容器裡面的80埠 [root@master chenzx]# docker port myweb 80/tcp -> 0.0.0.0:8080 [root@master chenzx]# docker kill myweb myweb
聯盟式容器模型(joined containers)
讓兩個容器共享同一個網路名稱空間,這叫聯盟式容器。
[root@master chenzx]# docker run -name b1 -it --rm busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03 inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
再開一個視窗:
[root@master chenzx]# docker run --name b2 --network container:b1 -it --rm busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03 inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) 說明:--network container:b1表示b2容器共享b1的網路名稱空間。
這樣,在b2中建立一個web服務,在b1中可以用
host網路容器模型
[root@master chenzx]# docker run --name b2 --network host -it --rm busybox / # ifconfig docker0 Link encap:Ethernet HWaddr 02:42:43:84:8F:9A inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:43ff:fe84:8f9a/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:10703077 errors:0 dropped:0 overruns:0 frame:0 TX packets:8005286 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2802551116 (2.6 GiB) TX bytes:2896826107 (2.6 GiB) ens192 Link encap:Ethernet HWaddr 00:50:56:A2:58:7C inet addr:172.16.22.100 Bcast:172.16.22.255 Mask:255.255.255.0 inet6 addr: fe80::9cf3:d9de:59f:c320/64 Scope:Link inet6 addr: fe80::e34:f952:2859:4c69/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4846834 errors:0 dropped:17 overruns:0 frame:0 TX packets:1920701 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1970381702 (1.8 GiB) TX bytes:199949362 (190.6 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:316 errors:0 dropped:0 overruns:0 frame:0 TX packets:316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:35923 (35.0 KiB) TX bytes:35923 (35.0 KiB) veth344969e Link encap:Ethernet HWaddr 7E:3C:4A:6A:52:65 inet6 addr: fe80::7c3c:4aff:fe6a:5265/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:41635 errors:0 dropped:0 overruns:0 frame:0 TX packets:34905 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:21175416 (20.1 MiB) TX bytes:7734711 (7.3 MiB) veth39b8902 Link encap:Ethernet HWaddr 36:68:B9:A7:04:56 inet6 addr: fe80::3468:b9ff:fea7:456/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:378 (378.0 B) TX bytes:1026 (1.0 KiB)
可見,host網路模型,容器裡面的ip是宿主機的ip。這有什麼用呢,這可以充分利用容器的特性,但是又想用宿主機網路的情況。
更改docer0的預設網段
轉載: http://blog.51cto.com/wsxxsl/2060761
第一步 刪除原有配置
sudo service docker stopsudo ip link set dev docker0 downsudo brctl delbr docker0sudo iptables -t nat -F POSTROUTING
第二步 建立新的網橋
sudo brctl addbr docker0sudo ip addr add 172.17.0.1/16 dev docker0sudo ip link set dev docker0 up
第三步 配置Docker的檔案
注意: 這裡是 增加下面的配置
cat /etc/docker/daemon.json ##追加的即可{ "bip": "172.17.0.1/16"}
自定義docker0橋的網路屬性資訊:/etc/docker/daemon.json
{
"registry-mirrors": ["],
"bip": "172.17.0.1/16",
"dns": ["114.114.114.114", "8.8.8.8"]
}
說明:bip就是docker 0的ip地址,以後容器的地址都和docker 0一個網段。
第四步 重啟docker
systemctl restart docker 或者 service restart docker
建立自定義的橋
[root@master chenzx]# docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" mybr0 4e70305bb5c793e457f57486aef0ac9ac0567432a73a1b6884898fc4c9a09d06 [root@master chenzx]# [root@master chenzx]# docker network ls NETWORK ID NAME DRIVER SCOPE 863255cf4b6e bridge bridge local ae048711b7aa host host local 4e70305bb5c7 mybr0 bridge local 77190e2a8be4 none null local
[root@master chenzx]# ifconfig br-4e70305bb5c7: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.26.0.1 netmask 255.255.0.0 broadcast 172.26.255.255 ether 02:42:01:cb:21:78 txqueuelen 0 (Ethernet) RX packets 10703186 bytes 2802559748 (2.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8005375 bytes 2896856389 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet 10.42.0.1 netmask 255.255.0.0 broadcast 10.42.255.255 inet6 fe80::42:43ff:fe84:8f9a prefixlen 64 scopeid 0x20<link> ether 02:42:43:84:8f:9a txqueuelen 0 (Ethernet) RX packets 10703186 bytes 2802559748 (2.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8005375 bytes 2896856389 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
把br-4e70305bb5c7改名為docker1
[root@master chenzx]# ifconfig br-4e70305bb5c7 down [root@master chenzx]# ip link set dev br-4e70305bb5c7 name docker1 [root@master chenzx]# ifconfig docker1 up [root@master chenzx]# ifconfig docker0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet 10.42.0.1 netmask 255.255.0.0 broadcast 10.42.255.255 inet6 fe80::42:43ff:fe84:8f9a prefixlen 64 scopeid 0x20<link> ether 02:42:43:84:8f:9a txqueuelen 0 (Ethernet) RX packets 10703186 bytes 2802559748 (2.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8005375 bytes 2896856389 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.26.0.1 netmask 255.255.0.0 broadcast 172.26.255.255 ether 02:42:01:cb:21:78 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們建立一個容器,加入mybr0網路
[root@master chenzx]# docker run --name afdfdfda -it --rm --net mybr0 busybox:latest
在容器ifconfig裡面後,就能看的建立的容器ip和mybr0一個網段。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28916011/viewspace-2648767/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Docker技術( 容器虛擬化技術 )Docker
- Docker容器與虛擬化技術:OpenEuler 部署 docker容器應用Docker
- Docker實踐(2)—虛擬網路Docker
- 網路虛擬化之linux虛擬網路基礎Linux
- 網路虛擬化VXLAN網路架構架構
- KVM虛擬化學習筆記筆記
- Docker容器和虛擬機器區別Docker虛擬機
- 網路虛擬化技術棧
- 說透 Docker:虛擬化Docker
- 初學Docker容器網路不得不看的學習筆記Docker筆記
- Docker筆記(六):容器管理Docker筆記
- Docker筆記二之容器Docker筆記
- Docker,容器,虛擬機器和紅燒肉Docker虛擬機
- 虛擬化網路演進模擬對話
- docker容器網路bridgeDocker
- 虛擬記憶體筆記記憶體筆記
- QEMU在Docker容器中的革命:輕量級虛擬化新體驗Docker
- 《Docker容器和容器雲》讀書筆記(1)Docker筆記
- JAVA虛擬機器學習筆記Java虛擬機機器學習筆記
- 虛擬化學習筆記-基礎知識筆記
- 沙盒化容器:是容器還是虛擬機器虛擬機
- 路由+電腦+虛擬機器 筆記本網路安裝linux路由虛擬機筆記Linux
- 如何在 Docker 容器中執行支援 OData 的 JBoss 資料虛擬化 GADocker
- 容器技術之Docker網路Docker
- Docker容器的網路連線Docker
- 詳解 Docker 容器網路配置Docker
- VMware NSX 4.1.2.3 - 網路安全虛擬化平臺
- java虛擬機器學習筆記(0)Java虛擬機機器學習筆記
- Java虛擬機器學習筆記整理Java虛擬機機器學習筆記
- RHEL7 Docker 虛擬化使用(二)Docker
- RHEL7 Docker 虛擬化使用(一)Docker
- docker筆記31-網路外掛flannelDocker筆記
- 由淺入深 docker 系列:(4) 容器與虛擬機器Docker虛擬機
- 虛擬機器和容器的對比 Virtual Server VS Docker虛擬機ServerDocker
- 在Linux中,Docker和容器虛擬概念是什麼?LinuxDocker
- docker 筆記1--在virtualBox + vagrant 建立的虛擬環境下安裝dockerDocker筆記
- docker容器跨主機網路overlayDocker
- 系統架構設計筆記(104)—— 虛擬化架構筆記