Docker02: Docker core technology exploration (3) Network namespace and network isolation

In Docker, a virtual network environment that is isolated from the original host system and virtual systems in other containers can be created for Docker containers.

Docker's network is divided into the following modes:

(1) bridge mode. This will configure a virtual network system, and the virtual network card in the container communicates with the real network card of the host system through NAT.

docker run -it  --net=bridge --name=centos --hostname=centos  centos  /bin/bash

Execute the following command in the container, where yum provides is used to find the package where the specified command is located.

1  yum provides ifconfig
2 
3 yum install net-tools
4 
5 yum provides ip
6 
7 yum install iproute

Check the network configuration in the container:

 1 [root@centos /]# ip link list
 2 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
 3     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 4 15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT 
 5     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
 6 [root@centos /]# ip addr  
 7 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 8     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 9     inet 127.0.0.1/8 scope host lo
10        valid_lft forever preferred_lft forever
11 15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
12     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
13     inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
14        valid_lft forever preferred_lft forever
15 [root@centos /]# ifconfig
16 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
17         inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
18         ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
19         RX packets 8324  bytes 27792451 (26.5 MiB)
20         RX errors 0  dropped 0  overruns 0  frame 0
21         TX packets 6506  bytes 356889 (348.5 KiB)
22         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
23 
24 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
25         inet 127.0.0.1  netmask 255.0.0.0
26         loop  txqueuelen 1  (Local Loopback)
27         RX packets 0  bytes 0 (0.0 B)
28         RX errors 0  dropped 0  overruns 0  frame 0
29         TX packets 0  bytes 0 (0.0 B)
30         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

(2) container mode. This will make the container's virtual NIC use the same IP address as the specified other container's virtual NIC.

In order to understand this mode, you need to create a container first, and the network mode is bridge mode.

docker run -it  --net=bridge --name=centos --hostname=centos  centos  /bin/bash

Then view the network configuration in bridge mode:

 1 [root@centos /]# ifconfig
 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 3         inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
 4         ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
 5         RX packets 1552  bytes 14029219 (13.3 MiB)
 6         RX errors 0  dropped 0  overruns 0  frame 0
 7         TX packets 1519  bytes 85477 (83.4 KiB)
 8         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 9 
10 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
11         inet 127.0.0.1  netmask 255.0.0.0
12         loop  txqueuelen 1  (Local Loopback)
13         RX packets 0  bytes 0 (0.0 B)
14         RX errors 0  dropped 0  overruns 0  frame 0
15         TX packets 0  bytes 0 (0.0 B)
16         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

 

Then create a container with the network in container mode.

docker run -it --net=container:centos --name=centos2  centos /bin/bash

At this time, the centos2 container and the centos container have the same network configuration, including the same IP address, MAC address, and hostname, which is why the --hostname=XXXX parameter cannot be specified in container mode.

 1 [root@centos /]# ifconfig
 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 3         inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
 4         ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
 5         RX packets 4092  bytes 28111521 (26.8 MiB)
 6         RX errors 0  dropped 0  overruns 0  frame 0
 7         TX packets 3956  bytes 220458 (215.2 KiB)
 8         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 9 
10 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
11         inet 127.0.0.1  netmask 255.0.0.0
12         loop  txqueuelen 1  (Local Loopback)
13         RX packets 0  bytes 0 (0.0 B)
14         RX errors 0  dropped 0  overruns 0  frame 0
15         TX packets 0  bytes 0 (0.0 B)
16         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

 

(3) host mode. This will make the virtual network card of the container use the same network environment as the real network card of the host system, that is, directly use the physical network card of the host system.

docker run -it --rm --net=host --name=centos2 --hostname=centos  centos  /bin/bash

Check the network card of the container:

 1 [root@centos /]# ifconfig
 2 docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
 3         inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
 4         inet6 fe80::42:ffff:fed9:4b28  prefixlen 64  scopeid 0x20<link>
 5         ether 02:42:ff:d9:4b:28  txqueuelen 0  (Ethernet)
 6         RX packets 6506  bytes 265805 (259.5 KiB)
 7         RX errors 0  dropped 0  overruns 0  frame 0
 8         TX packets 8324  bytes 27792451 (26.5 MiB)
 9         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
10 
11 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
12         inet 11.1.1.11  netmask 255.255.255.0  broadcast 11.1.1.255
13         inet6 fe80::20c:29ff:fe66:d822  prefixlen 64  scopeid 0x20<link>
14         ether 00:0c:29:66:d8:22  txqueuelen 1000  (Ethernet)
15         RX packets 12671  bytes 1064839 (1.0 MiB)
16         RX errors 0  dropped 0  overruns 0  frame 0
17         TX packets 8803  bytes 3356079 (3.2 MiB)
18         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
19 
20 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
21         inet 11.2.1.11  netmask 255.255.255.0  broadcast 11.2.1.255
22         inet6 fe80::20c:29ff:fe66:d82c  prefixlen 64  scopeid 0x20<link>
23         ether 00:0c:29:66:d8:2c  txqueuelen 1000  (Ethernet)
24         RX packets 29604  bytes 42907671 (40.9 MiB)
25         RX errors 0  dropped 0  overruns 0  frame 0
26         TX packets 9761  bytes 597994 (583.9 KiB)
27         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
28 
29 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
30         inet 127.0.0.1  netmask 255.0.0.0
31         inet6 ::1  prefixlen 128  scopeid 0x10<host>
32         loop  txqueuelen 1  (Local Loopback)
33         RX packets 3765  bytes 2003876 (1.9 MiB)
34         RX errors 0  dropped 0  overruns 0  frame 0
35         TX packets 3765  bytes 2003876 (1.9 MiB)
36         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

(4) none mode. This will temporarily disable network card related functions in the container.

In this mode, because there is no network card, operations involving the network, including the yum install command, cannot be performed.

 docker run -it --net=none --name=centos3 --hostname=centos centos /bin/bash

 

This blog will simulate the bridge mode virtual network used by Docker. Docker's bridge mode virtual network