Getting Started with Docker Container Networking

Others 2023-06-04 20:29:20 views: null

1. View the default network mode

First of all, it is assumed that docker has been installed. If you don’t know how to install it, you can read my other articles. It is very simple. After docker is installed, it provides three network modes (bridge, host, none) by default. You can use the command docker network ls to view the network status

[root@localhost ~]# docker network ls
NETWORK ID     NAME              DRIVER    SCOPE
93a00b5c27f9   bridge            bridge    local
a0e7ced640ef   docker_gwbridge   bridge    local
9df73a6f4d7a   host              host      local
fy142rn10t1f   ingress           overlay   swarm
fa0cdda1cb13   none              null      local

The underlying layer of Docker is implemented using LXC. LCX is a lightweight virtualization that sandboxes the linux process. The namespace technology in Linux is used for resource isolation. The pid namespace isolates the process, the mount namespace isolates the file system, and the network namespace isolates the network. In terms of network, a docker container bridge is virtualized in the host machine. When docker starts a container, it will assign an ip address to the container according to the network segment of the docker bridge, called container-ip. This virtual docker bridge is also assigned to each container. The default gateway, because the containers in the same host are connected to the same virtual bridge, so that the containers can communicate with each other through container-ip.

2. The network mode of docker

host : Equivalent to playing virtual machines, the network is in bridge mode, that is, it is in the same network as the host machine, and there is no independent ip. That is, the container and the host share the network namespace, and the network namespace directly uses the host's ip and port.
none : The container has an independent network namespace, but there are no network settings, such as bridge connection, ip configuration, etc.
bridge : This is also the default network mode of docker.

container specifies that the new container shares a network namespace with other existing containers, not with the host.

2.1 About bridge mode

Equivalent to the NAT mode in the virtual machine, the container has an independent namespace. After the docker process starts, a virtual network bridge named docker0 will be created on the host, and then the docker container started on the host will be connected to this virtual bridge. The working mode of the virtual bridge is similar to that of a physical switch, so that all containers on the host are connected to a layer-2 network through this switch, and the containers can communicate with each other.

Assign an ip to the container in the docker0 subnet, set the ip address of docker0 as the default gateway of the container, create a bunch of virtual network card pairing devices vteh pair on the host, one end is in the newly created container, named eth0, and the other end is on the host , named after a similar name to veth, put this network device in the docker0 bridge, and can view it through ip ad (different mirrors may have different viewing methods).

 

The host ifconfig screenshot is as follows:

 The ip addr inside the container is as follows:

进入容器内部:
[root@localhost ~]# docker exec -it 397c95548b0d bash

root@397c95548b0d:/data# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
30: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

If bash: ip: command not found appears above,

1、查看系统版本命令:cat /etc/os-release
2、apt-get update 或apt-get install yum 
3、Debian版系列命令:apt install -y iproute2  Centos版命令: yum install -y iproute2
4、root@397c95548b0d:/data# ip addr

The docker0 bridge mentioned above is virtualized by the host machine, not a real network device. The external network cannot address and access, that is to say, there is no way to directly access the container through the continer-ip, so what to do is to change the port of the container to Mapped to the host, enabled by the -p parameter when docker run creates the container, exposing the container service to the outside, so that the container application can be accessed through the host ip: container port

 View bridge network details by command

 2.2 About the host mode

The host mode means that the container will not have an independent network namespace, and will directly share a network namespace with the host, and will not virtualize its own network card, configure ip, etc. However, the processes and file systems in the container are still isolated from the host.

Directly use the IP address of the host to communicate with the outside world. The internal port of the container can use the host port without NAT. The advantage is that the network performance is good, but the network isolation is not good, and the port used by the container can no longer be used.

 2.3 About none mode

In this mode, the container has its own network namespace, but the container does not have any network settings. The docker container has no information such as network card, ip, routing, etc., and needs to add network configuration by itself. In this mode, only lo can change the network, which can be created When adding the parameter —network none specified, this mode cannot be connected to the Internet, and the advantage is that it can ensure the security of the container.

3. Custom network

We can create a custom network mynet by command docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet.

  • --driver bridge specifies the type of network to use, you can choose any of none, host, bridge;
  • --subnet 192.168.0.0/16 specifies the range of the subnet;
  • --gateway 192.168.0.1 specifies the address of the gateway;
[root@localhost ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
2187dde6db43b73e48dd2466d4c811cef9560938cc943d7b6b8d0f5ca7346bfd

Then we docker network lscan view the network to see the custom network we just created.

docker network inspect mynetView the details of a custom network  by :

 Start the container to specify the network

[root@localhost ~]# docker run --net mynet --name some-redis_mynet -d redis
c07cc300f8f80274cf32701922864f640b8212b2e5beb9edef05a1236f5852d4

 Join previously started containers to the new network

[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS      NAMES
c07cc300f8f8   redis     "docker-entrypoint.s…"   5 seconds ago   Up 3 seconds   6379/tcp   some-redis_mynet
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE             COMMAND                  CREATED             STATUS                        PORTS      NAMES
c07cc300f8f8   redis             "docker-entrypoint.s…"   43 seconds ago      Up 42 seconds                 6379/tcp   some-redis_mynet
397c95548b0d   redis             "docker-entrypoint.s…"   32 minutes ago      Exited (0) 9 minutes ago                 some-redis
e50477739e85   tomcat            "catalina.sh run"        About an hour ago   Exited (143) 42 minutes ago              romantic_noyce
9dcb77aae8cb   tomcat            "catalina.sh run"        About an hour ago   Created                                  laughing_rhodes
424301c888ec   tomcat            "catalina.sh run"        About an hour ago   Created                                  silly_jennings
44a58ac2df2f   tomcat            "catalina.sh run"        About an hour ago   Exited (143) 42 minutes ago              wonderful_babbage
97d68600c558   jenkins/jenkins   "/usr/bin/tini -- /u…"   7 weeks ago         Exited (143) 7 weeks ago                 jenkins
5d6a65567304   mysql:5.7         "docker-entrypoint.s…"   8 weeks ago         Exited (0) 9 minutes ago                 first-mysql
[root@localhost ~]# docker start 397c95548b0d
397c95548b0d

docker network inspect mynetView the details of a custom network   by :

docker network inspect mynetView the details of a custom network   by :

We will find that the some-redis container originally under another network segment has also been added to the mynet custom network. At this point, the tsome-redis container will have two IP addresses at the same time.

To be continued~

Introduction to docker container network https://baijiahao.baidu.com/s?id=1746188280713186837&wfr=spider&for=pc Docker network interconnection principle and use of custom network - short book 1. Default network Docker will automatically install it by default Create three networks, we can use docker network ls to see the following three network information. none, means there is no network, if the container starts... https://www.jianshu.com/p/d4bb218ec465

Guess you like

Origin blog.csdn.net/juanxiaseng0838/article/details/128304192
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com