Introduction to various network models of docker
1.1 host mode
As we all know, Docker uses Linux Namespaces technology to isolate resources, such as PID Namespace isolation process, Mount Namespace isolation file system, Network Namespace isolation network and so on. A Network Namespace provides an independent network environment, including network cards, routing, Iptable rules, etc., which are isolated from other Network Namespaces . A Docker container is generally allocated a separate Network Namespace . However, if the host mode is used when starting the container, the container will not obtain an independent Network Namespace , but will share a Network Namespace with the host . The container will not virtualize its own network card, configure its own IP , etc., but use the host's IP and port.
For example, we start a Docker container with a web application in host mode on the 10.10.101.105/24 machine , listening on port tcp80 . When we execute any command like ifconfig in the container to view the network environment, all we see is the information on the host. To access the application in the container from the outside world, you can directly use 10.10.101.105:80 without any NAT translation, just like running directly in the host machine. However, other aspects of the container, such as the file system, process list, etc., are still isolated from the host.
1.2 container mode
After understanding the host mode, this mode is easy to understand. This mode specifies that newly created containers share a Network Namespace with an existing container , rather than with the host. The newly created container will not create its own network card, configure its own IP , but share the IP , port range, etc. with a specified container. Similarly, in addition to the network, the two containers are isolated from other aspects such as file systems, process lists, etc. The processes of the two containers can communicate through the lo network card device.
1.3 none mode
This mode is different from the first two. In this mode, the Docker container has its own Network Namespace , however, no network configuration is done for the Docker container. That is to say, this Docker container has no network card, IP , routing and other information. We need to add network cards, configure IP , etc. to the Docker container ourselves .
1.4 bridge mode
Bridge mode is the default network setting of Docker . This mode assigns Network Namespace to each container , sets IP , etc., and connects a Docker container on a host to a virtual bridge. The following focuses on this mode.
http://www.superwu.cn/?p=1809