OSI seven layer model
- Introduction and Examples of the Seven-Layer Model
To transfer human-readable information over a network from one device to another, the data must travel down the seven-layer structure of the OSI model at the sending device, and then down the seven-layer structure at the receiving end. The structure transmits data upwards.
How data flows in the OSI model
Mr. Cooper wanted to send Ms. Palme an e-mail. Mr Cooper composes the message in his laptop's email application and hits "send". An email application passes email to the application layer, which picks up the protocol (SMTP) and passes the data to the presentation layer. Next, the presentation layer compresses the data, and then passes the data to the session layer, which initiates the communication session.
The data then arrives at the sender's transport layer, where it is segmented, and those segments are broken down into packets at the network layer, which are further broken down into frames at the data link layer. The data link layer then transfers these frames to the physical layer, which converts the data into a bit stream of 1s and 0s, and finally sends the data over a physical medium such as a cable.
After Ms. Palme's computer receives the bitstream through a physical medium, such as her WiFi, the data flows along the same series of layers on her device, but in reverse order. First, the physical layer converts the bit stream from 1s and 0s into frames, which are passed to the data link layer. The data link layer then reassembles the frames into packets for use by the network layer. Next, the network layer reassembles the data packets into data segments for use by the transport layer, and the transport layer reassembles the data segments into data segments.
The data then flows into the recipient's session layer, which passes the data to the presentation layer and ends the communication session. The presentation layer decompresses the data and passes the raw data to the application layer. The application layer passes the human-readable data to Ms. Palme's email software so she can read Mr. Cooper's emails on her laptop screen.
1 Virtual machine NAT
If your network ip resources are scarce, but you want your virtual machine to be able to connect to the Internet, then NAT mode is the best choice. The NAT mode uses virtual NAT devices and virtual DHCP servers to enable virtual machines to network.
Among them, virbr0 is a virtual network interface generated when the host virtual machine support module is installed, and is also a switch and bridge, responsible for distributing content to each virtual machine.
It can be seen from the figure that there is no connection relationship between the virtual interface and the physical interface, so the virtual machine can only access the external world through the virtual network, and cannot locate and access the virtual host from the network .
virbr0 is a bridge that receives all traffic to the network 192.168.122.*.
The NAT method does not use a physical network card.
2 Bridge mode
The Bridge method is the network connection method of the virtual network bridge, and the client computer and the machines in the subnet can communicate with each other. It is possible to make the virtual machine a host with an independent IP in the network .
As shown in the figure above, the basic principle of the bridge is to create a bridging interface br0 to transfer data between the physical network card and the virtual network interface.
3 Principles of virtual machine communication
The virtual machine connects the network card in the virtual machine to br0 through tun/tap or other similar virtual network devices, so as to achieve the same effect as a real switch. The data packets sent by the virtual machine first arrive at br0, and then are handed over by br0. When sending to eth0, the data packets do not need to go through the protocol stack of the host machine, which is highly efficient.
docker communication principle
Since the container runs in its own separate network namespace, it has its own separate protocol stack. The situation is similar to the above virtual machine, but it uses another way to communicate with the outside world:
The gateway is configured in the container as .9.1, and the outgoing data packets arrive at br0 first, and then are handed over to the protocol stack of the host machine. Since the destination IP is the external network IP, and the host machine has enabled the IP forward function, the data packets will be sent through eth0 Going out, because .9.1 is the internal network IP, so generally NAT conversion will be done before sending out (both NAT conversion and IP forward functions need to be configured by yourself). Since the protocol stack of the host machine needs to be passed, and NAT conversion is required, the performance is not as good as the above virtual machine solution. The advantage is that the container is in the intranet, and the security is relatively higher. (Since the data packets are uniformly forwarded from eth0 by the IP layer, there is no problem with the mac address, and it works well in a wireless network environment)