docker中两个容器之间的网络是如何连接到一起的?
查看本机的docker网络
docker network ls
[root@docker-node1 vagrant]# docker network ls
NETWORK ID NAME DRIVER SCOPE
bc09f52c660b bridge bridge local
022dc4f6024c host host local
ece3e2f6126f none null local查看 bc09f52c660b bridge的网络详情
docker network inspect bc09f52c660b
我们会发现:
"Containers": {
"c49f056b4a2d4d01e7ad0c5f4661ffc0a4982ad23f2c1563c25bfcc6b38602d8": {
"Name": "test1",
"EndpointID": "aa94a60ba56e2967d547f530580ed72ed560dae663db015fd4b02e448ff5d397",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
说明:"IPv4Address": "172.17.0.3/16" 链接到了bridge 上面了查看本机的网络ip a
[root@docker-node1 vagrant]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:6c:3e:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 77956sec preferred_lft 77956sec
inet6 fe80::a00:27ff:fe6c:3e95/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:9c:91:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.205.20/24 brd 192.168.205.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe9c:91a8/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:81:43:bc:79 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:81ff:fe43:bc79/64 scope link
valid_lft forever preferred_lft forever
10: veth0b277e8@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 3a:20:a7:29:46:d8 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::3820:a7ff:fe29:46d8/64 scope link
valid_lft forever preferred_lft forevervath是链接到docker0上面的,下面开始验证:
使用brctl工具
yum install bridge-utils
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02428143bc79 no veth0b277e8
veth0b277e8这是docker0的接口,看看上面的ip a 的第十条数据
10: veth0b277e8 是不是docker0的接口呢?
现在,我们在创立一个容器:docker run -d --name test2 busybox /bin/sh -c "while true; do sleep 3000;done"
docker network inspect bridge
"Containers": {
"c3ea5d284e9ac34843dda43b9d24b0570dec9dceb8e65fc18c4fc2473200ca8f": {
"Name": "test2",
"EndpointID": "13c202260334af4fd6e765e8f5156308646252a6fcaecbfb4ac3252b7ad111b4",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"c49f056b4a2d4d01e7ad0c5f4661ffc0a4982ad23f2c1563c25bfcc6b38602d8": {
"Name": "test1",
"EndpointID": "aa94a60ba56e2967d547f530580ed72ed560dae663db015fd4b02e448ff5d397",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},发现containers又多了一个链接
ip a查看
10: veth0b277e8@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 3a:20:a7:29:46:d8 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::3820:a7ff:fe29:46d8/64 scope link
valid_lft forever preferred_lft forever
14: veth91f5757@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether d6:fe:1a:49:5d:7b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::d4fe:1aff:fe49:5d7b/64 scope link
valid_lft forever preferred_lft forever
veth这个线链接上了
[root@docker-node1 vagrant]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02428143bc79 no veth0b277e8
veth91f5757
我们发现docker0有两个接口了
容器是如何访问外网的?
内部的容器链接上docker0,docker通过NAT和外部相链接