Article directory
docker network type
Four types of network modes
| Docker network mode | Configuration | illustrate |
|---|---|---|
| host mode | –net=host | The container and the host share the Network namespace. |
| container mode | –net=container:NAME_or_ID | The container shares the Network namespace with another container. A pod in kubernetes is a Network namespace shared by multiple containers. |
| none mode | –net=none | The container has an independent Network namespace, but no network settings are made for it, such as assigning veth pairs and bridge connections, configuring IP, etc. |
| bridge mode | –net=bridge | (default to this mode) |
Same host desk container communication
bridged network mode
When the Docker process starts, a virtual bridge named docker0 will be created on the host, and the Docker container started on this host will connect to this virtual bridge. Assign an IP from the docker0 subnet to the container, and set the IP address of docker0 as the default gateway of the container. Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container and names it eth0 (the container's network card), and the other end in the host with a similar name like vethxxx. Name and add this network device to the docker0 bridge
docker0–>equivalent to the router’s LAN port + DHCP server
Container network card –> equivalent to the ens33 network card in the virtual machine
Host network card –> In the virtual machine, it is equivalent to the vmnet8 network card simulated in the real machine, used to communicate with the virtual machine
host network mode
If you use the host mode when starting a container, the container will not get an independent Network Namespace, but will share a Network Namespace with the host . The container will not virtualize its own network card, configure its own IP, etc., but use the host's IP and port. However, other aspects of the container, such as the file system, process list, etc., are still isolated from the host.
Containers using host mode can directly use the host's IP address to communicate with the outside world. The service port inside the container can also use the host's port without NAT. The biggest advantage of host is that the network performance is better, but the docker host has The used port can no longer be used, and the isolation of the network is not good .
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-4ak57Uu6-1685439552198) (D:\sanchuang_note\docker\icon\docker host network.png)]
container network mode
This mode specifies that the newly created container shares a Network Namespace with an existing container , rather than sharing it with the host. The newly created container will not create its own network card and configure its own IP, but will share the IP, port range, etc. with a specified container. Similarly, apart from the network, the two containers are also isolated in other aspects such as file systems, process lists, etc. The processes of the two containers can communicate through the lo network card device.
null network mode
Using null mode, the Docker container has its own Network Namespace , but no network configuration is performed for the Docker container. In other words, this Docker container does not have network card, IP, routing and other information. We need to add network cards, configure IP, etc. to the Docker container ourselves.
In this network mode, the container only has the lo loopback network and no other network cards. The none mode can be specified via --network=none when the container is created. This type of network cannot be connected to the Internet. A closed network can ensure the security of the container .
Communication between containers on different hosts
overlay
Overlay Network has actually launched the most mainstream container cross-node data transmission and routing solution.
Overlay is used for communication between containers on different hosts and supports message encryption.
Installing docker's container orchestration tool swarm will have an overlay network mode.
Load balancing, how do containers know each other's nginx server, and VXLAN communication to obtain information about each other's containers?
VXLAN
VXLAN is a tunneling technology that encapsulates data frames in a virtual network into packets in the actual physical network for transmission . Specific implementation method: After adding the VXLAN header to the data frame of the virtual network, encapsulate it in the UDP message in the physical network , and then transmit it to the UDP message using the traditional network communication method. After reaching the destination host, remove the physical network message The header information and VXLAN header are delivered to the destination terminal. The destination terminal will not perceive the existence of the physical network during the entire communication process.
VTEP (VXLAN Tunnel Endpoints) is the edge device of the VXLAN network and the starting point and end point of the VXLAN tunnel. The original data frame sent by the source server is encapsulated into a VXLAN format message on the VTEP and transmitted in the IP network Passed to another VTEP, the original data frame is restored after decapsulation and forwarding, and finally forwarded to the destination server.
Listen on port 4789
Packaging format
Case: Create a new bridge network and join the container
1. Create a new bridge network and name it mybridge
[root@docker ~]# docker network create -d bridge mybridge
-d specifies driver, network type
2. View details
[root@docker ~]# docker inspect mybridge
[root@docker ~]# docker network ls
3. Create a new container and join the bridge network
[root@docker ~]# docker run -d --name mynginx-2 -p8802:80 --network mybridge nginx
–network specifies the network type
4. Check the container information again
[root@docker ~]# docker inspect mybridge
5. Enter the container and check whether you can access the Internet
[root@docker ~]# docker exec -it mynginx-2 bash
root@a15767ff5119:/# curl www.baidu.com