Docker 網絡模式
本文首先介紹了Docker自身的4種網絡工作方式,
Docker作為目前最火的輕量級容器技術,有很多令人稱道的功能,如Docker的鏡像管理。然而,Docker同樣有著很多不完善的地方,網絡方面就是Docker比較薄弱的部分。因此,我們有必要深入了解Docker的網絡知識,以滿足更高的網絡需求。
四種網絡模式
我們在使用docker run創建Docker容器時,可以用--net選項指定容器的網絡模式,Docker有以下4種網絡模式:
· host模式,使用--net=host指定。
· container模式,使用--net=container:NAME_or_ID指定。
· none模式,使用--net=none指定。
· bridge模式,使用--net=bridge指定,默認設置。
1 host模式
眾所周知,Docker使用了Linux的Namespaces技術來進行資源隔離,如PID Namespace隔離進程,Mount Namespace隔離文件系統,Network Namespace隔離網絡等。一個Network Namespace提供了一份獨立的網絡環境,包括網卡、路由、Iptable規則等都與其他的Network Namespace隔離。一個Docker容器一般會分配一個獨立的Network Namespace。但如果啟動容器的時候使用host模式,那么這個容器將不會獲得一個獨立的Network Namespace,而是和宿主機共用一個Network Namespace。容器將不會虛擬出自己的網卡,配置自己的IP等,而是使用宿主機的IP和端口。
例如,我們在10.10.101.105/24的機器上用host模式啟動一個含有web應用的Docker容器,監聽tcp80端口。當我們在容器中執行任何類似ifconfig命令查看網絡環境時,看到的都是宿主機上的信息。而外界訪問容器中的應用,則直接使用10.10.101.105:80即可,不用任何NAT轉換,就如直接跑在宿主機中一樣。但是,容器的其他方面,如文件系統、進程列表等還是和宿主機隔離的。
2 container模式
在理解了host模式后,這個模式也就好理解了。這個模式指定新創建的容器和已經存在的一個容器共享一個Network Namespace,而不是和宿主機共享。新創建的容器不會創建自己的網卡,配置自己的IP,而是和一個指定的容器共享IP、端口范圍等。同樣,兩個容器除了網絡方面,其他的如文件系統、進程列表等還是隔離的。兩個容器的進程可以通過lo網卡設備通信。
3 none模式
這個模式和前兩個不同。在這種模式下,Docker容器擁有自己的Network Namespace,但是,并不為Docker容器進行任何網絡配置。也就是說,這個Docker容器沒有網卡、IP、路由等信息。需要我們自己為Docker容器添加網卡、配置IP等。
4 bridge模式
bridge模式是Docker默認的網絡設置,此模式會為每一個容器分配Network Namespace、設置IP等,并將一個主機上的Docker容器連接到一個虛擬網橋上。下面著重介紹一下此模式。
host模式
使用Docker run時使用–net=host指定
Docker使用的網絡實際上和宿主機一樣,在容器內看到的網卡ip是宿主機上的ip。
[root@localhost ~]# docker run -it --rm --net=host centos_with_net bash
–rm,退出鏡像時同時刪除該鏡像
[root@localhost /]# ifconfigdocker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::8cfc:c7ff:fe49:f1ae prefixlen 64 scopeid 0x20<link> ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet) RX packets 58 bytes 3820 (3.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6 bytes 468 (468.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.179 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::20c:29ff:fedb:b228 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:b2:28 txqueuelen 1000 (Ethernet) RX packets 10562 bytes 868003 (847.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2985 bytes 390673 (381.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 16 bytes 960 (960.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16 bytes 960 (960.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth5446780: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::c0f4:f5ff:fe71:f3bd prefixlen 64 scopeid 0x20<link> ether c2:f4:f5:71:f3:bd txqueuelen 0 (Ethernet) RX packets 7 bytes 558 (558.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 49 bytes 3894 (3.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth111b1ca: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::4c90:a4ff:feb6:9191 prefixlen 64 scopeid 0x20<link> ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet) RX packets 7 bytes 558 (558.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13 bytes 1026 (1.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth55dbbb2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::c84d:9ff:fecd:da27 prefixlen 64 scopeid 0x20<link> ether ca:4d:09:cd:da:27 txqueuelen 0 (Ethernet) RX packets 7 bytes 558 (558.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 42 bytes 3336 (3.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth5e2dff4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::9465:1bff:fed2:f75d prefixlen 64 scopeid 0x20<link> ether 96:65:1b:d2:f7:5d txqueuelen 0 (Ethernet) RX packets 7 bytes 558 (558.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20 bytes 1584 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth628d605: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::5cc8:ebff:fedb:ea69 prefixlen 64 scopeid 0x20<link> ether 5e:c8:eb:db:ea:69 txqueuelen 0 (Ethernet) RX packets 7 bytes 558 (558.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6 bytes 468 (468.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0veth991629e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::b464:e5ff:fed5:1bd6 prefixlen 64 scopeid 0x20<link> ether b6:64:e5:d5:1b:d6 txqueuelen 0 (Ethernet) RX packets 7 bytes 558 (558.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 27 bytes 2142 (2.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0vethb086b1c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::dcdf:66ff:fed8:f2df prefixlen 64 scopeid 0x20<link> ether de:df:66:d8:f2:df txqueuelen 0 (Ethernet) RX packets 8 bytes 636 (636.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 34 bytes 2700 (2.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost /]# exitexit
與宿主機的IP信息對比
[root@localhost ~]# ifconfigdocker0 Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91 inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::8cfc:c7ff:fe49:f1ae/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:58 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3820 (3.7 KiB) TX bytes:468 (468.0 b)eth0 Link encap:Ethernet HWaddr 00:0C:29:DB:B2:28 inet addr:192.168.1.179 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fedb:b228/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10661 errors:0 dropped:0 overruns:0 frame:0 TX packets:3012 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:876797 (856.2 KiB) TX bytes:398049 (388.7 KiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)veth5e2dff4 Link encap:Ethernet HWaddr 96:65:1B:D2:F7:5D inet6 addr: fe80::9465:1bff:fed2:f75d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:1584 (1.5 KiB)vethb086b1c Link encap:Ethernet HWaddr DE:DF:66:D8:F2:DF inet6 addr: fe80::dcdf:66ff:fed8:f2df/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:636 (636.0 b) TX bytes:2700 (2.6 KiB)veth55dbbb2 Link encap:Ethernet HWaddr CA:4D:09:CD:DA:27 inet6 addr: fe80::c84d:9ff:fecd:da27/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:3336 (3.2 KiB)veth111b1ca Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91 inet6 addr: fe80::4c90:a4ff:feb6:9191/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:1026 (1.0 KiB)veth628d605 Link encap:Ethernet HWaddr 5E:C8:EB:DB:EA:69 inet6 addr: fe80::5cc8:ebff:fedb:ea69/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:468 (468.0 b)veth991629e Link encap:Ethernet HWaddr B6:64:E5:D5:1B:D6 inet6 addr: fe80::b464:e5ff:fed5:1bd6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:2142 (2.0 KiB)veth5446780 Link encap:Ethernet HWaddr C2:F4:F5:71:F3:BD inet6 addr: fe80::c0f4:f5ff:fe71:f3bd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:49 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:3894 (3.8 KiB)
container模式
使用–net=Container:container_id/container_name,多個容器使用共同的網絡看到的ip是一樣的。
[root@localhost ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7169e8be6d3e centos "/bin/bash" About an hour ago Up About an hour serene_goldstine4cd696928bbe centos "bash" About an hour ago Up About an hour cent_testv24f5bf6f33f2c centos "bash" About an hour ago Up About an hour gloomy_colden0a80861145c9 centos "bash" About an hour ago Up About an hour mad_carsonfb45150dbc21 centos "bash" About an hour ago Up About an hour cent_testv3222c7c5c456 centos "bash" 2 hours ago Up 2 hours sick_albattanie136b27a8e17 centos "bash" 2 hours ago Up 2 hours tender_euclid[root@localhost ~]# docker exec -it 7169 bash[root@7169e8be6d3e /]# ifconfigbash: ifconfig: command not found[root@7169e8be6d3e /]# yum install -y net-tools ifconfig[root@7169e8be6d3e /]# ifconfigeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20<link> ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet) RX packets 5938 bytes 15420209 (14.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4841 bytes 329652 (321.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@7169e8be6d3e /]# exitexit[root@localhost ~]# docker run -it --rm --net=container:7169 centos_with_net bash[root@7169e8be6d3e /]# ifconfigeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20<link> ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet) RX packets 5942 bytes 15420377 (14.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4855 bytes 330480 (322.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
none模式
使用–net=none指定,這種模式下不會配置任何網絡。
[root@localhost ~]# docker run -it --rm --net=none centos_with_net bash[root@67d037935636 /]# ifconfiglo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
bridge模式(默認模式)
使用–net=bridge指定,不用指定默認就是這種網絡模式。這種模式會為每個容器分配一個獨立的Network Namespace。類似于Vmware的nat網絡模式。同一個宿主機上的所有容器會在同一個網段下,相互之間是可以通信的。
感謝閱讀,希望能幫助到大家,謝謝大家對本站的支持!
新聞熱點
疑難解答
圖片精選
