1.What is
1.1 Docker does not start, default network conditions
ens33
lo
virbr0
During the installation process of CentOS7, if you select related virtualization services to install the system, when you start the network card, you will find a virbr0 network card with a private network address connected by a bridge (virbr0 network card: it also has a fixed default IP address 192.168.122.1) is used as a virtual machine bridge. Its function is to provide NAT function for the virtual machine network card connected to it to access the external network.
We learned about Linux installation before, and checked the libvirt service that will be generated when installing the system. If you don’t need it, you can uninstall the libvirtd service directly, yum remove
libvirt-libs.x86_64
1.2 After docker is started, the network situation
View docker network mode commands
3 major network modes are created by default
1.3 Commonly used basic commands
Allcommands
Check the network: docker network ls
1.3.1 View network source data
docker network inspect XXX network name
1.3.2 Delete a network
docker network rm XXX network name
1.3.2 Case
2. What can you do?
2.1 General introduction
Interconnection and communication between containers and port mapping
When the container IP changes, direct network communication can be carried out through the service name without being affected.
General introduction:
2.2 Default network IP production rules within container instances
1 First start two ubuntu container instances
2 docker inspect container ID or container name
3 Close the u2 instance, create a new u3, and check the IP changes
Conclusion: The IP inside the docker container may change
3. Case description
3.1 bridge
1 Docker uses Linux bridging to virtualize a Docker container bridge ( docker0 ) on the host . When Docker starts a container, it will assign an IP address to the container based on the network segment of the Docker bridge, called Container-IP . At the same time, the Docker bridge is The default gateway for each container. Because containers in the same host are all connected to the same network bridge, containers can communicate directly through the container's Container-IP .
2 When docker runs , if the network is not specified, the default bridge mode used is bridge , and docker0 is used . In the host ifconfig , you can see docker0 and the network you created (discussed later) eth0, eth1, eth2... represent network card one, network card two, network card three..., lo represents 127.0.0.1, which is localhost, inet addr is used To represent the IP address of the network card
3, the bridge docker0 creates a pair of peer virtual device interfaces , one called veth and the other called eth0 , matching in pairs.
3.1 The bridge mode of the entire host is docker0 , similar to a switch with a bunch of interfaces, each interface is called veth, create a virtual interface in the local host and the container respectively, and let them communicate with each other (such a pair of interfaces is called veth pair );
3.2 There is also a network card inside each container instance, and each interface is called eth0 ;
3.3 Each of the above docker0 veth matches eth0 inside a certain container instance , matching two by two, and matching one by one.
Through the above, all containers on the host are connected to this internal network. If two containers are on the same network, they will each get their assigned IP from this gateway. At this time, the networks of the two containers are interoperable .
code
docker run -d -p 8081:8080 --name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 --name tomcat82 billygoo/tomcat8-jdk8
Pairwise matching verification
3.2host
What is it?
Directly use the host's IP address to communicate with the outside world, eliminating the need for additional NAT translation.
Case
The container will not get an independent Network Namespace, but will share the same Network Namespace with the host. The container will not virtualize its own network card but use the host's IP and port.
code
warn
docker run -d -p 8083:8080 --network host --name tomcat83 billygoo/tomcat8-jdk8
Problem :
I always encounter the warning in the title when docker starts.
Reason:
Specify --network=host or -net=host when docker starts . If -p mapping port is also specified, then this warning will appear at this time,
and pass - The parameters set by p will not play any role. The port number will be based on the host port number, and will increase when repeated.
Solution:
The solution is to use other network modes of docker, such as --network=bridge, which can solve the problem, or simply ignore it. . . . O(∩_∩)O haha~
correct
docker run -d --network host --name tomcat83 billygoo/tomcat8-jdk8
No previous pairing is displayed, look inside the container instance
There is no -p port mapping set. How to access the started tomcat83? ?
http://Host IP:8080/
Use the default Firefox browser in CentOS to access tomcat83 in the container and see that the access is successful. Because the IP of the container is borrowed from the host at this time,
the container shares the host network IP. This is a benefit. The external host and the container can communicate directly.
3.2.none
what is
In none mode, no network configuration is performed for the Docker container.
In other words, this Docker container does not have network card, IP, routing and other information. There is only one lo.
We need to add a network card, configure IP, etc. to the Docker container ourselves.
Disable network functions, only lo logo (that is, 127.0.0.1 means local loopback)
Case
docker run -d -p 8084:8080 --network none --name tomcat84 billygoo/tomcat8-jdk8
Look inside the container
View outside container
3.3 container
What is it?
The newly created container in container network mode
shares a network IP configuration with an existing container instead of sharing it with the host . The newly created container will not create its own network card and configure its own IP, but will share the IP, port range, etc. with a specified container. Similarly, apart from the network, the two containers are also isolated in other aspects such as file systems, process lists, etc.
Case (X)
docker run -d -p 8085:8080 --name tomcat85 billygoo/tomcat8-jdk8
docker run -d -p 8086:8080 --network container:tomcat85 --name tomcat86 billygoo/tomcat8-jdk8
operation result
# It is equivalent to tomcat86 and tomcat85 sharing the same IP and the same port, resulting in port conflict.
It is not appropriate to use tomcat for demonstration in this case. . . Demonstration pit. . . . . . o(╥﹏╥)o
Case 2 (V)
Alpine OS is a security-oriented lightweight Linux distribution
Alpine Linux is an independent, non-commercial general-purpose Linux distribution designed for users who pursue security, simplicity and resource efficiency. Many people may not have heard of this Linux distribution, but friends who often use Docker may have used it. Because it is small, simple, and safe, it is a very good choice as a basic image. It can be said that it is small but powerful. It has all the necessary features and the image is very small, less than 6M in size, so it is particularly suitable for container packaging.
docker run -it --name alpine1 alpine /bin/sh
docker run -it --network container:alpine1 --name alpine2 alpine /bin/sh
Run the results to verify the shared bridge
If you close alpine1 at this time, look at alpine2 again
15: eth0@if16: disappeared. . . . . . Close alpine1 and look at alpine2 again
3.4 Custom network
Outdated link
what is
Case
before
docker run -d -p 8081:8080 --name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 --name tomcat82 billygoo/tomcat8-jdk8
The above was successfully started and used docker exec to enter the respective container instances.
question
Ping by IP address is OK
Ping results by service name???
after
Customize the bridge network. The custom network uses the bridge network by default.
Create a new custom network
Create a new container and join the custom network created in the previous step
docker run -d -p 8081:8080 --network zzyy_network --name tomcat81 billygoo/tomcat8-jdk8
docker run -d -p 8082:8080 --network zzyy_network --name tomcat82 billygoo/tomcat8-jdk8
Ping test each other
Problem conclusion
4 Docker platform architecture diagram
in summary
From the perspective of its architecture and operating process, Docker is a C/S mode architecture , and the backend is a loosely coupled architecture, with many modules performing their own duties.
The basic process of Docker operation is:
1. The user uses Docker Client to establish communication with Docker Daemon and sends a request to the latter.
2 Docker Daemon, as the main part of the Docker architecture , first provides the function of Docker Server so that it can accept requests from Docker Client.
3 Docker Engine performs a series of tasks inside Docker, and each task exists in the form of a Job.
4 During the running of Job , when a container image is needed, the image is downloaded from the Docker Registry , and the downloaded image is stored in the form of Graph through the image management driver Graph driver.
5 When it is necessary to create a network environment for Docker, create and configure the Docker container network environment through the network management driver Network driver.
6 When it is necessary to limit the Docker container running resources or execute user instructions, etc., it is done through Execdriver .
7Libcontainer is an independent container management package . Network driver and Exec driver use Libcontainer to implement specific operations on containers.
Overall structure