Docker-depth analysis of network mode

Others 2020-03-31 20:29:07 views: null

Article Directory

I. Introduction

When Docker Docker run to create a container-based, you can use -net network mode option specified container, Docker default mode network has the following four:

  • host mode, -net = host specified;
  • container mode, -net = container: NAME_or_ID specified;
  • none mode, -net = none specified;
  • bridge mode, -net = bridge is specified, the default setting;

Two, Host mode (not recommended)

Docker containers will be assigned by default to run a separate Network Namespace isolation subsystem, based on host mode, the container will not get a separate Network Namespace, but the host and share a Network Namespace, the container will not be their own virtual network card configuration own IP, etc., but the use of IP and port of the host.

Three, Container mode (not recommended)

The newly created container does not create its own network card, configure your own IP, but the specified container and a shared IP, port range. The same two vessels in addition to the same networks, other systems, such as file, process lists, or isolated.

Four, Bridge bridge mode (recommended)

1, Basics

Docker Bridge mode is the default network mode, which assigns Network Namespace for each container, provided the IP, routing configuration, the default will Docker containers connected to a virtual bridge switch Docker0.

Host:
Here Insert Picture DescriptionNote: This docker0 both a bridge card is a virtual bridge switch, note that it is virtual. Gateway ip address docker container is the ip.

docker container:
Here Insert Picture Description
First of all I want to say a phenomenon, we open a docker container, ifconfig will be one more thing:
Note: Here I opened two docker container:
Here Insert Picture DescriptionNote: veth Chinese name is a virtual network card device, it is paired after starting the container, a host at one end, called vethxxxx, a man named eth0 in the docker container (the name is fixed)

2, the following bridge mode topology

Here Insert Picture Description

3, brctl command to view the details of the virtual bridge switch
yum install bridge-utils -y
brctl show

Here Insert Picture Description

Five, None mode (Recommended companies)

None model name suggests is, nothing the network configuration, no ip, no card, no nothing, so you need to use pipwork tool configuration.
Note: docker run command in network mode there is none, can no longer -p port mapping, because there is no ip, port can not be mapped, as a solution not found!
pipwork actual network configuration

1, edit docker-network file
vim /etc/sysconfig/docker-network
systemctl restart docker

Here Insert Picture Description

2, edit the ifcfg-ens33, ifcfg-br0 network profiles
cd /etc/sysconfig/network-scripts/
vim ifcfg-ens33

DEVICE=ens33
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
BRIDGE="br0"

vim ifcfg-br0

DEVICE="br0"
BOOTPROTO=none
ONBOOT=yes
TYPE="Bridge"
IPADDR=172.16.193.200
NETMASK=255.255.255.0
GATEWAY=172.16.193.2 #利用pipework工具指定容器网关时,需要使用这个ip

NOTE: The next pipework tool specified container gateway can not use the card ip virtual bridge switch

systemctl restart network #使配置生效
ifconfig

Here Insert Picture DescriptionNote: The ens33 interface to bridge to the virtual network adapter br0!

3, download, install pipwork tool
git clone https://github.com/jpetazzo/pipework
cp ./pipework/pipework /usr/local/bin/
4, Start mode vessel None
docker run -itd -p 6022:22 --net=none docker.io/jdeathe/centos-ssh
ifconfig
5, using the tools provided pipwork network docker container
pipework    br0       0ae0e8cff698 172.16.193.100/24@172.16.193.2
#	虚拟网卡交换机的名称   容器ID		 指定容器的IP      指定容器的网关
#注意这里网关不能填172.16.193.200,至于为什么请看下文详解!
docker exec -it 0ae0e8cff698 /bin/bash
yum install net-tools -y
ifconfig
route -n
ping www.baidu.com #看看网络是否通了,通了就对了!

Here Insert Picture DescriptionLook, this will be successful, if you put the container gateway to the network adapter virtual bridge switch ip (172.16.193.200), then you can ping the internal network ip, not the external network

6. Why container gateway to the virtual switch bridge (br0) network card ip (172.16.193.200) does not work?

Please bridging mode architecture combined with the above chart understand!

Suppose we set its gateway 172.16.193.200, because we do not have the virtual bridge switch routing function, to the gateway routing is required. So it can not route! If you fill 172.16.193.2, 172.16.193.2 before it reaches the gateway is the LAN broadcast address, the gateway can be found, and the gateway routing function. Why we previously set gateway 172.16.193.200 can do! Since the merger ip ip and our host virtual switches of the bridge. When you fill previously unconsolidated ip is the host, the host is routing table is a routing function, you can route -n.

Siege will Que
He published 188 original articles · won praise 150 · views 30000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_44571270/article/details/104444960
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com