Docker系列器七:Docker网络 Namespace的概念和容器互通

其他 2018-08-16 05:11:58 阅读次数: 0

单机:    Bridge Network
        Host Network
        None Network

多机:    Overlay Network

docker 命名空间 namespace
linux和容器的namespace网络的隔离

docker run -d --name test2 busybox /bin/sh -c "while true; do sleep 3600; done"
 docker run -d --name test1 busybox /bin/sh -c "while true; do sleep 3600; done"

docker ps
 CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
c49f056b4a2d        busybox             "/bin/sh -c 'while t…"   2 seconds ago       Up 2 seconds                            test1
e77c81b22847        busybox             "/bin/sh -c 'while t…"   2 minutes ago       Up 2 minutes                            test2
[root@docker-node1 vagrant]# docker exec c49 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@docker-node1 vagrant]# docker exec e77 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

由此可以知道:
test1 ip=171.17.0.3
test2 ip=172.17.0.2

ping
test1 ping test2 yes
test2 ping test1 yes


查看本机的namespace
ip netns list
删除一个test1的namespace
ip netns delete test1
增加一个namespace
ip netns add test1
ip netns add test2

查看namespace

ip netns exec test1 ip a
ip netns exec test2 ip a
[root@docker-node1 vagrant]# ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@docker-node1 vagrant]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

[root@docker-node1 vagrant]# ip netns exec test1 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@docker-node1 vagrant]# ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

开启test1端口
ip netns exec test1 ip link set dev lo up
ip netns exec test1 ip link

namespace test1  #eth0
namespace test2  #eth1
如何让这两个端口连接起来?
[root@docker-node1 vagrant]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 08:00:27:6c:3e:95 brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 08:00:27:9c:91:a8 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 02:42:81:43:bc:79 brd ff:ff:ff:ff:ff:ff
8: veth56c98cf@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT 
    link/ether 6a:83:d7:77:82:49 brd ff:ff:ff:ff:ff:ff link-netnsid 0
10: veth0b277e8@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT 
    link/ether 3a:20:a7:29:46:d8 brd ff:ff:ff:ff:ff:ff link-netnsid 1

ip link add veth-test1 type veth peer name veth-test2
运行上面添加一个veth-test1 和 veth-test2
查看ip link

[root@docker-node1 vagrant]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 08:00:27:6c:3e:95 brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 08:00:27:9c:91:a8 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 02:42:81:43:bc:79 brd ff:ff:ff:ff:ff:ff
8: veth56c98cf@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT 
    link/ether 6a:83:d7:77:82:49 brd ff:ff:ff:ff:ff:ff link-netnsid 0
10: veth0b277e8@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT 
    link/ether 3a:20:a7:29:46:d8 brd ff:ff:ff:ff:ff:ff link-netnsid 1
11: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 26:9f:2f:18:4f:02 brd ff:ff:ff:ff:ff:ff
12: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether ce:cf:f6:87:51:93 brd ff:ff:ff:ff:ff:ff
11和12就是刚才新加的,发现都有mac地址,但是接口都是down的
将veth-test1添加到namespace test1中:
ip link set veth-test1 netns test1
	先查看test1中
	ip netns exec test1 ip link
		输出:
		1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    绑定,将veth-test1添加到namespace test1中:
	ip link set veth-test1 netns test1
    再次查看:
    ip netns exec test1 ip link
    	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    12: veth-test1@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    	link/ether ce:cf:f6:87:51:93 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    说明已经添加成功!

    查看ip link少了一条连接
将veth-test2添加到namespace test2中:
	ip netns exec test2 ip link2
	ip netns exec test2 ip link
	ip link是否减少

再次查看状态:
[root@docker-node1 vagrant]# ip netns exec test1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth-test1@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether ce:cf:f6:87:51:93 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@docker-node1 vagrant]# ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: veth-test2@if12: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 26:9f:2f:18:4f:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
发现两个接口都是down,并且没有ip地址

添加ip地址:
ip netns exec test1 ip addr add 192.168.1.1/24 dev veth-test1
ip netns exec test2 ip addr add 192.168.1.2/24 dev veth-test2
查看状态(test1):
[root@docker-node1 vagrant]# ip netns exec test1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth-test1@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether ce:cf:f6:87:51:93 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@docker-node1 vagrant]# ip netns exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
12: veth-test1@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ce:cf:f6:87:51:93 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.1/24 scope global veth-test1
       valid_lft forever preferred_lft forever
    inet6 fe80::cccf:f6ff:fe87:5193/64 scope link 
       valid_lft forever preferred_lft forever


查看状态(test2):
[root@docker-node1 vagrant]# ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: veth-test2@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 26:9f:2f:18:4f:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@docker-node1 vagrant]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: veth-test2@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 26:9f:2f:18:4f:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.2/24 scope global veth-test2
       valid_lft forever preferred_lft forever
    inet6 fe80::249f:2fff:fe18:4f02/64 scope link 
       valid_lft forever preferred_lft forever

由此发现,两个容器(namespace test1和namespace test2)的两个端口ip设置成功,并且已经up

开始终极测试:
ip netns exec test1 ping 192.168.1.2
ip netns exec test2 ping 192.168.1.1
都是通畅的

猜你喜欢

转载自blog.csdn.net/weixin_36171533/article/details/81676581
今日推荐
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
周排行
curl的POST请求,封装方法
8.1.1. Integer Types
Java基础 Day05(个人复习整理)
Python - Django - 中间件 process_exception
小L的试卷
【Shell编程】 (函数)判断用户是否存在
python(css样式)
spring ant path 匹配原则 - 【笔记】
《JavaScript与JScript从入门到精通》(美)James.Jaworski.中译本.扫描版.pdf
Eclipse运行带参数的java程序
每日归档
更多
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022