溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要為大家展示了“docker中如何實現容器虛擬化網絡”,內容簡而易懂,條理清晰,希望能夠幫助大家解決疑惑,下面讓小編帶領大家一起研究并學習一下“docker中如何實現容器虛擬化網絡”這篇文章吧。
docker安裝后,自動會有
[root@master chenzx]# docker network ls NETWORK ID NAME DRIVER SCOPE 74997b46b6c7 bridge bridge local ae048711b7aa host host local 77190e2a8be4 none null local
說明:
bridge:表示橋接網絡,但并非物理橋,它會在宿主機上創建一個純粹的docker0軟交換機(ifconfig可以看到),這個docker0也可以當網卡使用。也就是說這個docker0 同時扮演二層的交換機設備,同時也扮演二層的網卡設備。如果你不給docker0地址,那么docker0就只是交換機;如果你給docker0個ip地址,那么這個docker0既能當交換機、又能當網卡。之后我們在這個宿主機上創建的容器,會自動創建一對網卡,一個放在容器上,一個放在docker0橋這個虛擬交換機上。另外通過ifconfig命令還能看到vetha1a84f這樣的網卡,這就是每個啟動起來的容器(docker ps看)對應的一對網卡,一半在容器里面,另一半就在宿主機上,并插在docker0橋上。需要通過brctl命令來看。
[root@master chenzx]#yum -y install bridge-utils [root@master chenzx]# brctl show bridge name bridge id STP enabled interfaces docker0 8000.024221ea33da no vetha1a84fa [root@master chenzx]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:50:56:a2:56:4a brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 02:42:21:ea:33:da brd ff:ff:ff:ff:ff:ff 5: vetha1a84fa@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT link/ether 2a:cc:7c:a9:75:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
docker0橋默認是nat橋,每生成一個容器,會自動產生一條iptables規則:
[root@master chenzx]# iptables -t nat -vnL Chain PREROUTING (policy ACCEPT 32550 packets, 2318K bytes) pkts bytes target prot opt in out source destination 5 324 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 2486 packets, 502K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 44775 packets, 2700K bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 44775 packets, 2700K bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:443 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.17.0.2:443 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:80
看POSTROUTING鏈,從任何地址進來(in * ),只要不是從docker0出去(!docker0),源地址來自172.17.0.0/16,無論到達任何主機(0.0.0.0),我們都要做地址偽裝(MASQUERADE),即自動snat。其意思就是自動在物理機上選擇一個地址當做源地址。所以docker0橋默認就是nat橋。
[root@master chenzx]# docker inspect 容器名字 //可以看容器詳細信息
bridge的缺點:
一個物理機1上的容器,想要被另外一個物理機2訪問,只能訪問1號物理機上的宿主機ip+容器映射出來的端口。一個物理機只能有一個80端口,所以有多個容器都有80端口時,就不好辦了。這時用overlay networkd來解決。
[root@master chenzx]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "74997b46b6c7f3a130942bce4e26a9f1b691eb96b497aa7b5bec3d68405eeb70",
"Created": "2019-06-25T05:32:31.482091683-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"1877cad503409040e026e1e7194751f0f23a627d9aa572aebfdc54ab679ec102": {
"Name": "xenodochial_galois",
"EndpointID": "4336bb5aef3245eab6d79a5f67d51c8bd684b6e03ec34a60445cd5ab0ed65b4a",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
][root@master chenzx]# docker network ls NETWORK ID NAME DRIVER SCOPE 74997b46b6c7 bridge bridge local ae048711b7aa host host local 77190e2a8be4 none null local
host表示讓容器使用宿主機的網絡名稱空間。
一個容器(包含一個虛擬機、一個實體機)有如下六大名稱空間:
但是我們可以讓每個容器共用一個宿主機的網絡空間,這就是host:
用ip netns(network name space)管理網絡名稱空間時,只有網絡名稱空間是隔離的,其他名稱空間(USER用戶、IPC、Mount問阿金系統、UTS主機等)都是共享的
[root@master chenzx]# ip netns add r1 [root@master chenzx]# ip netns add r2 [root@master chenzx]# ip netns list r2 r1 [root@master chenzx]# ip netns exec r1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
看到網絡名稱空間中只有一個網卡設備叫lo。
我們也可以用ip link創建一對網卡:
[root@master chenzx]# ip link add name veth2.1 type veth peer name veth2.2 [root@master chenzx]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:50:56:a2:56:4a brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 02:42:21:ea:33:da brd ff:ff:ff:ff:ff:ff 5: vetha1a84fa@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT link/ether 2a:cc:7c:a9:75:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0 6: veth2.2@veth2.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 36:a6:f8:b4:d0:c6 brd ff:ff:ff:ff:ff:ff 7: veth2.1@veth2.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether de:b7:a4:16:2b:c1 brd ff:ff:ff:ff:ff:ff
veth2.1@veth2.2 表示veth2.1的另一半是veth2.2,這兩頭都在我們的宿主機上。
下面我們把網絡設備移動到另外一個名稱空間中。
[root@master chenzx]# ip link set dev veth2.2 netns r1
上面表示把網絡設備veth2.2移動到r1網絡名稱空間中。注意,一個設備只能屬于一個名稱空間。
[root@master chenzx]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:50:56:a2:56:4a brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 02:42:21:ea:33:da brd ff:ff:ff:ff:ff:ff 5: vetha1a84fa@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT link/ether 2a:cc:7c:a9:75:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0 7: veth2.1@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether de:b7:a4:16:2b:c1 brd ff:ff:ff:ff:ff:ff link-netnsid 1
上面看到宿主機上網卡設備veth2.2已經沒有了。
[root@master chenzx]# ip netns exec r1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth2.2: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 36:a6:f8:b4:d0:c6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
上面看到r1名稱空間中有veth2.2這個網卡設備了。
下面我們把r1名稱空間中的veth2.2改名為eth0:
[root@master chenzx]# ip netns exec r1 ip link set dev veth2.2 name eth0 [root@master chenzx]# ip netns exec r1 ifconfig -a eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 36:a6:f8:b4:d0:c6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們把宿主機上的veth2.1網卡激活:
[root@master chenzx]# ifconfig veth2.1 10.1.0.1/24 up [root@master chenzx]# ifconfig veth2.1 veth2.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255 ether de:b7:a4:16:2b:c1 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們把宿主機上網卡veth2.1的另一半網卡veth2.2(目前該名為eth0,并在r1網絡名稱空間中)也給激活:
[root@master chenzx]# ip netns exec r1 ifconfig eth0 10.1.0.2/24 up [root@master chenzx]# ip netns exec r1 ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::34a6:f8ff:feb4:d0c6 prefixlen 64 scopeid 0x20<link> ether 36:a6:f8:b4:d0:c6 txqueuelen 1000 (Ethernet) RX packets 17 bytes 1026 (1.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在宿主機上ping r1網絡名稱空間中的eth0設備,是可以通信了:
[root@master chenzx]# ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.071 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.032 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.056 ms
下面我們把宿主機上的veth2.1這塊網卡移動到r2網絡名稱空間中
[root@master chenzx]# ip link set dev veth2.1 netns r2 [root@master chenzx]# ifconfig //發現宿主機上已經沒有veth2.1這塊網卡了 [root@master chenzx]# ip netns exec r2 ifconfig veth2.1 10.1.0.3/24 up [root@master chenzx]# ip netns exec r2 ifconfig veth2.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.3 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::dcb7:a4ff:fe16:2bc1 prefixlen 64 scopeid 0x20<link> ether de:b7:a4:16:2b:c1 txqueuelen 1000 (Ethernet) RX packets 13 bytes 1026 (1.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 29 bytes 1982 (1.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們去r2網絡名稱空間中,去ping r1中的網卡地址,發現是通的:
[root@master chenzx]# ip netns exec r2 ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.066 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.036 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.028 ms
[root@master chenzx]# docker run --name t1 -it --network none --rm busybox:latest / # ifconfig -a lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # exit
看到,上面我們創建的容器只有lo,沒有任何網卡,這就是封閉式網絡模型
[root@master chenzx]# docker run --name t1 -it --rm busybox:latest Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox 8e674ad76dce: Pull complete Digest: sha256:c94cf1b87ccb80f2e6414ef913c748b105060debda482058d2b8d0fce39f11b9 Status: Downloaded newer image for busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03 inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
說明: --rm表示容器關閉就自動刪除了。
看到,默認創建的容器有ip 172.17.0.3,說明是bridge模型,和宿主機上的docker0交換機一個網段。
創建容器時,直接指定主機名:
[root@master chenzx]# docker run --name t1 -it --network bridge -h t1 --rm busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # hostname t1 / # cat /etc/resolv.conf //看到用的是宿主機的DNS nameserver 172.16.1.20
說明:-h就是指定主機名。
下面我們在創建容器時就指定DNS:
[root@master chenzx]# docker run --name t1 -it --network bridge -h t1 --dns 114.114.114.114 --rm busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # cat /etc/resolv.conf nameserver 114.114.114.114
下面我們在創建容器時指定域名和ip:
[root@master chenzx]# docker run --name t1 -it --network bridge -h t1 --dns 114.114.114.114 --dns-search czxin.com --add-host www.baidu,com:1.1.1.1 --rm busybox:latest WARNING: IPv4 forwarding is disabled. Networking will not work. / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 1.1.1.1 www.baidu,com 172.17.0.3 t1
使用-p端口把容器里面的端口和宿主機里面的端口,進行映射。
[root@master chenzx]# docker run --name myweb --rm -p 0.0.0.0:8080:80 nginx 說明:0.0.0.0代表宿主機上的所有地址,不寫就默認是0.0.0.0,宿主機上的8080端口對應容器里面的80端口 [root@master chenzx]# docker port myweb 80/tcp -> 0.0.0.0:8080 [root@master chenzx]# docker kill myweb myweb
讓兩個容器共享同一個網絡名稱空間,這叫聯盟式容器。
[root@master chenzx]# docker run -name b1 -it --rm busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03 inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
再開一個窗口:
[root@master chenzx]# docker run --name b2 --network container:b1 -it --rm busybox / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03 inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) 說明:--network container:b1表示b2容器共享b1的網絡名稱空間。
這樣,在b2中創建一個web服務,在b1中可以用 http://127.0.0.1 訪問到頁面。
[root@master chenzx]# docker run --name b2 --network host -it --rm busybox / # ifconfig docker0 Link encap:Ethernet HWaddr 02:42:43:84:8F:9A inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:43ff:fe84:8f9a/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:10703077 errors:0 dropped:0 overruns:0 frame:0 TX packets:8005286 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2802551116 (2.6 GiB) TX bytes:2896826107 (2.6 GiB) ens192 Link encap:Ethernet HWaddr 00:50:56:A2:58:7C inet addr:172.16.22.100 Bcast:172.16.22.255 Mask:255.255.255.0 inet6 addr: fe80::9cf3:d9de:59f:c320/64 Scope:Link inet6 addr: fe80::e34:f952:2859:4c69/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4846834 errors:0 dropped:17 overruns:0 frame:0 TX packets:1920701 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1970381702 (1.8 GiB) TX bytes:199949362 (190.6 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:316 errors:0 dropped:0 overruns:0 frame:0 TX packets:316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:35923 (35.0 KiB) TX bytes:35923 (35.0 KiB) veth444969e Link encap:Ethernet HWaddr 7E:3C:4A:6A:52:65 inet6 addr: fe80::7c3c:4aff:fe6a:5265/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:41635 errors:0 dropped:0 overruns:0 frame:0 TX packets:34905 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:21175416 (20.1 MiB) TX bytes:7734711 (7.3 MiB) veth49b8902 Link encap:Ethernet HWaddr 36:68:B9:A7:04:56 inet6 addr: fe80::3468:b9ff:fea7:456/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:378 (378.0 B) TX bytes:1026 (1.0 KiB)
可見,host網絡模型,容器里面的ip是宿主機的ip。這有什么用呢,這可以充分利用容器的特性,但是又想用宿主機網絡的情況。
轉載:http://blog.51cto.com/wsxxsl/2060761
第一步 刪除原有配置
sudo service docker stopsudo ip link set dev docker0 downsudo brctl delbr docker0sudo iptables -t nat -F POSTROUTING
第二步 創建新的網橋
sudo brctl addbr docker0sudo ip addr add 172.17.0.1/16 dev docker0sudo ip link set dev docker0 up
第三步 配置Docker的文件
注意: 這里是 增加下面的配置
cat /etc/docker/daemon.json ##追加的即可{ "bip": "172.17.0.1/16"}自定義docker0橋的網絡屬性信息:/etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"bip": "172.17.0.1/16",
"dns": ["114.114.114.114", "8.8.8.8"]
} 說明:bip就是docker 0的ip地址,以后容器的地址都和docker 0一個網段。
第四步 重啟docker
systemctl restart docker 或者 service restart docker
[root@master chenzx]# docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" mybr0 4e70305bb5c793e457f57486aef0ac9ac0567432a73a1b6884898fc4c9a09d06 [root@master chenzx]# [root@master chenzx]# docker network ls NETWORK ID NAME DRIVER SCOPE 863255cf4b6e bridge bridge local ae048711b7aa host host local 4e70305bb5c7 mybr0 bridge local 77190e2a8be4 none null local
[root@master chenzx]# ifconfig br-4e70305bb5c7: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.26.0.1 netmask 255.255.0.0 broadcast 172.26.255.255 ether 02:42:01:cb:21:78 txqueuelen 0 (Ethernet) RX packets 10703186 bytes 2802559748 (2.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8005375 bytes 2896856389 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet 10.42.0.1 netmask 255.255.0.0 broadcast 10.42.255.255 inet6 fe80::42:43ff:fe84:8f9a prefixlen 64 scopeid 0x20<link> ether 02:42:43:84:8f:9a txqueuelen 0 (Ethernet) RX packets 10703186 bytes 2802559748 (2.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8005375 bytes 2896856389 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
把br-4e70305bb5c7改名為docker1
[root@master chenzx]# ifconfig br-4e70305bb5c7 down [root@master chenzx]# ip link set dev br-4e70305bb5c7 name docker1 [root@master chenzx]# ifconfig docker1 up [root@master chenzx]# ifconfig docker0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet 10.42.0.1 netmask 255.255.0.0 broadcast 10.42.255.255 inet6 fe80::42:43ff:fe84:8f9a prefixlen 64 scopeid 0x20<link> ether 02:42:43:84:8f:9a txqueuelen 0 (Ethernet) RX packets 10703186 bytes 2802559748 (2.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8005375 bytes 2896856389 (2.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.26.0.1 netmask 255.255.0.0 broadcast 172.26.255.255 ether 02:42:01:cb:21:78 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
下面我們創建一個容器,加入mybr0網絡
[root@master chenzx]# docker run --name afdfdfda -it --rm --net mybr0 busybox:latest
在容器ifconfig里面后,就能看的創建的容器ip和mybr0一個網段。
以上是“docker中如何實現容器虛擬化網絡”這篇文章的所有內容,感謝各位的閱讀!相信大家都有了一定的了解,希望分享的內容對大家有所幫助,如果還想學習更多知識,歡迎關注億速云行業資訊頻道!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
