Article Directory
- Preface
- One: Detailed explanation of Dcker network resources
- 2. Explanation of Docker0 network card
- Two: How to use the network mode
- Three. Small case
-
- 1. Create a custom bridge mybework and specify the network segment
- 2. Create a container, specify the bridge to the network card mynetwork, and specify its IP as 172.18.0.10
- 3. Enter the container to view the IP confirmation
- 4. View the host network card list
- 5. Through the ID number correspondence, you can confirm the IP network segment range
Preface
One: Detailed explanation of Dcker network resources
Simple cloud platform ecological environment map
Ordinary single node bridge graph
1.1: Detailed network resources: Docker0 network card and four network modes
When we install Docker, we will find that the system has automatically created a docker0 network card and other Docker network modes
[root@docker ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:68:b8:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.233.133/24 brd 192.168.233.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::35a9:b12:5e2b:c44d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:47:ba:2a:13 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@docker ~]# docker network ls '//自动创建了三个网络'
NETWORK ID NAME DRIVER SCOPE
17c7a951c27d bridge bridge local
7bc6ae3204ea host host local
953022b62b1c none null local
2. Explanation of Docker0 network card
After the Docker installation is complete, the Docker0 network card is used as the gateway of the container. When the container starts, an IP address will be assigned to the container from this network segment, called container-ip, and the containers communicate through Docker0.
Since the Docker0 network card is virtualized, the external network cannot communicate directly, and can only access the container through port mapping
1. Host mode
The container and the host share the network namespace
The container will use the host's IP address and port, but other aspects of the container, such as the file system, are still isolated from the host
The advantage is that the network performance is good, without nat conversion
The disadvantage is that the isolation of the network is not good, and the used ports can no longer be used
2. Container mode
The container mode is to share a network namespace with an existing container. The newly created container will not create its own network card and its own IP. In this way, the two containers can communicate through the lo network card device.
But like the host mode, the file system, process list, etc. are still isolated
3. none mode
The none mode turns off the network function of the container,
The container will have its own network namespace, but the container will not have other network configuration, such as network card, ip, routing and other information, we need to add it manually
The advantages are good network closure and high container security
4. Bridge mode
The bridge mode assigns and sets an IP address for each container, and connects the container to a Docker0 virtual bridge through the veth pair, and communicates with the host through the docker0 bridge and the iptables nat table configuration
Bridge mode is the default mode of Docker. Generally, Docker will use the network segment 172.17.0.0/16
Two: How to use the network mode
Specify mode and specify ip
The bridge mode is the default and does not need to be specified. If you want to specify the mode, you need to add –net=“none”, –net=“host”, –
net="container:name or id" 例如:
[root@docker ~]# docker run -it centos:7 /bin/bash '//这个默认就是桥接模式'
The bridge mode cannot directly specify the ip. If you want to specify the ip, you need to create the network by yourself. The created network is at the same level as the Docker0 network.
[root@docker ~]# docker network create --subnet=172.18.0.0/24 mynetwork
[root@docker ~]# docker run -itd --name test004 --net mynetwork --ip 172.18.0.10 centos:7 /bin/bash
[root@docker ~]# docker ps -a
Three. Small case
1. Create a custom bridge mybework and specify the network segment
[root@docker2 ~]# docker network create --subnet=172.18.0.0/24 mynetwork
19d86a0d935fee82cc692babe5760b7303fe1be93f1f8e4ba93c80d1d2b17c17
[root@docker2 ~]# ifconfig
br-19d86a0d935f: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.255.0 broadcast 172.18.0.255
ether 02:42:58:33:a7:e1 txqueuelen 0 (Ethernet)
RX packets 41 bytes 3153 (3.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49 bytes 3211 (3.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:76ff:fe5d:22a1 prefixlen 64 scopeid 0x20<link>
ether 02:42:76:5d:22:a1 txqueuelen 0 (Ethernet)
RX packets 20315 bytes 827845 (808.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22061 bytes 134128614 (127.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.11 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::20c:29ff:fe0e:5518 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0e:55:18 txqueuelen 1000 (Ethernet)
RX packets 123326 bytes 149402434 (142.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49778 bytes 6449791 (6.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 16 bytes 800 (800.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 800 (800.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth8383311: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::6cdb:eeff:fec2:ce8b prefixlen 64 scopeid 0x20<link>
ether 6e:db:ee:c2:ce:8b txqueuelen 0 (Ethernet)
RX packets 41 bytes 3153 (3.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 49 bytes 3211 (3.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:48:6e:c2 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2. Create a container, specify the bridge to the network card mynetwork, and specify its IP as 172.18.0.10
[root@docker2 ~]# docker run -itd --name test2 --net mynetwork --ip 172.18.0.10 centos:7 /bin/bash
3e45de1e549ad41ab97e24cdb01df50531d550f771c094a560db262506b7e758
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3e45de1e549a centos:7 "/bin/bash" 13 seconds ago Up 11 seconds test2
83a4476a2a6e centos:7 "/bin/bash" 37 seconds ago Created
3. Enter the container to view the IP confirmation
[root@docker2 ~]# docker exec -it 3e45de1e549a bash
[root@3e45de1e549a /]# ifconfig
Yum install net-tools -y
[root@3e45de1e549a /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.10 netmask 255.255.255.0 broadcast 172.18.0.255
ether 02:42:ac:12:00:0a txqueuelen 0 (Ethernet)
RX packets 2234 bytes 11881774 (11.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2211 bytes 122963 (120.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 82 bytes 7643 (7.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 82 bytes 7643 (7.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@3e45de1e549a /]#
4. View the host network card list
[root@docker2 mysql]# docker network ls
NETWORK ID NAME DRIVER SCOPE
0d8a08e72533 bridge bridge local
41aec0a12cdb host host local
19d86a0d935f mynetwork bridge local
68aa8c25f2bc none null local
5. Through the ID number correspondence, you can confirm the IP network segment range
[root@docker2 mysql]# ifconfig
br-19d86a0d935f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.255.0 broadcast 172.18.0.255
inet6 fe80::42:58ff:fe33:a7e1 prefixlen 64 scopeid 0x20<link>
ether 02:42:58:33:a7:e1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 2440 (2.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0