System Environment
manager node: CentOS Linux release 7.4.1708 (Core)
workr node: CentOS Linux release 7.5.1804 (Core)
Docker Version Information
manager node: Docker version 18.09.4, build d14af54266
worker node: Docker version 19.03.1, build 74b1e89
Docker Swarm system environment
manager node: 192.168.246.194
worker node: 192.168.246.195
Create a network of former docker swarm cluster
manager node:
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
e01d59fe00e5 bridge bridge local
15426f623c37 host host local
dd5d570ac60e none null localworker node:
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
70ed15a24acd bridge bridge local
e2da5d928935 host host local
a7dbda3b96e8 none null localCreate a docker swarm cluster
Initialization docker swarm cluster
manager node执行: docker swarm init
worker node执行: docker swarm join --token SWMTKN-1-0p3g6ijmphmw5xrikh9e3asg5n3yzan0eomnsx1xuvkovvgfsp-enrmg2lj1dejg5igmnpoaywr1 192.168.246.194:2377
Description ⚠️:
If you forget the command docker swarm join, you can use the following command to find:
(1) The worker node:docker swarm join-token worker
(2) The manager node:docker swarm join-token manager
View cluster node information
manager node:
# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
hplz9lawfpjx6fpz0j1bevocp MyTest03 Ready Active 19.03.1
q5af6b67bmho8z0d7**m2yy5j * mysql-nginx Ready Active Leader 18.09.4Viewing Cluster Network Information
manager node:
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
e01d59fe00e5 bridge bridge local
7c90d1bf0f62 docker_gwbridge bridge local
15426f623c37 host host local
8lyfiluksqu0 ingress overlay swarm
dd5d570ac60e none null localworker node:
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
70ed15a24acd bridge bridge local
985367037d3b docker_gwbridge bridge local
e2da5d928935 host host local
8lyfiluksqu0 ingress overlay swarm
a7dbda3b96e8 none null localDescription ⚠️:
At the beginning of creation docker swarm cluster, docker will each host to create two networks in addition to docker0, sub-type is a bridge ( docker_gwbridge网桥) and overlay type ( ingress) networks, as well as a namespace transition ingress_sbox, we can use the following command manager self overlay network node, the following results:
docker network create -d overlay uber-svc
View manager and worker two hosts docker swarm cluster network again:
manager node:
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
e01d59fe00e5 bridge bridge local
7c90d1bf0f62 docker_gwbridge bridge local
15426f623c37 host host local
8lyfiluksqu0 ingress overlay swarm
dd5d570ac60e none null local
kzxwwwtunpqe uber-svc overlay swarm ===> 这个 network 就是我们刚新建的 uber-svcworker node:
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
70ed15a24acd bridge bridge local
985367037d3b docker_gwbridge bridge local
e2da5d928935 host host local
8lyfiluksqu0 ingress overlay swarm
a7dbda3b96e8 none null localDescription ⚠️:
We will find on the worker node does not uber-svc network. This is because only when the operation of the container to the overlay network, the network only becomes available. The delay entry into force strategy by reducing network combing, improved network scalability.
View network namespace information
manager node:
# ip netns
1-8lyfiluksq (id: 0)
ingress_sbox (id: 1)worker node:
# ip netns
1-8lyfiluksq (id: 0)
ingress_sbox (id: 1)Description ⚠️:
(1) Since the container and overlay network network namespace file is no longer operating system default / var / run / netns, see only manually by means of a flexible connection. ln -s /var/run/docker/netns /var/run/netns.
(2) sometimes network namespace name is preceded network will bring 1-, 2- etc. serial number, sometimes without. But it does not affect operation of the network and communications.
View Network IPAM (IP Address Management) information
(1) ingress network IPAM (IP Address Management) distributed as follows:
manager node 和 worker node 是相同的:
# docker network inspect ingress
[
{
"Name": "ingress",
"Id": "8lyfiluksqu09jfdjndhj68hl",
"Created": "2019-09-09T17:59:06.326723762+08:00",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.255.0.0/16", ===> ingress子网
"Gateway": "10.255.0.1" ===> ingress网关
}(2) uber-svc self-built overlay will be automatically assigned using IPAM docker:
# docker network inspect uber-svc
[
{
"Name": "uber-svc",
"Id": "kzxwwwtunpqeucnrhmirg6rhm",
"Created": "2019-09-09T10:14:06.606521342Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.0.0/24", ===> uber-svc子网
"Gateway": "10.0.0.1" ===> uber-svc网关
}Docker swarm of LB divided into two cases
(1)Ingress Load Balancing
(2)Internal Load Balancing
Description ⚠️: This section highlights we talk about the second case LB, namely Internal Load Balancing ~
Custom shell script
Before you begin the following practice, let's edit the following two scripts. For the script, I will give specific examples -
The first scriptdocker_netns.sh:
#!/bin/bash
NAMESPACE=$1
if [[ -z $NAMESPACE ]];then
ls -1 /var/run/docker/netns/
exit 0
fi
NAMESPACE_FILE=/var/run/docker/netns/${NAMESPACE}
if [[ ! -f $NAMESPACE_FILE ]];then
NAMESPACE_FILE=$(docker inspect -f "{{.NetworkSettings.SandboxKey}}" $NAMESPACE 2>/dev/null)
fi
if [[ ! -f $NAMESPACE_FILE ]];then
echo "Cannot open network namespace '$NAMESPACE': No such file or directory"
exit 1
fi
shift
if [[ $# -lt 1 ]]; then
echo "No command specified"
exit 1
fi
nsenter --net=${NAMESPACE_FILE} $@Description ⚠️:
(1) The script by specifying the container id, network name or namespace namespace quick access to the container shell and executes the corresponding command.
(2) If no parameter is specified, then all Docker containers include relevant network namespaces.
Script execution results are as follows:
# sh docker_netns.sh ==> 列出所有的网络命名空间
1-ycqv46f5tl
8402c558c13c
ingress_sbox# sh docker_netns.sh deploy_nginx_nginx_1 ip r ==> 进入查看名为deploy_nginx_nginx_1容器ip信息
default via 172.18.0.1 dev eth0
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.0.2 # sh docker_netns.sh 8402c558c13c ip r ==> 进入和查看网络命名空间为8402c558c13c容器ip信息
default via 172.18.0.1 dev eth0
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.0.2 The second scriptfind_links.sh:
#!/bin/bash
DOCKER_NETNS_SCRIPT=./docker_netns.sh
IFINDEX=$1
if [[ -z $IFINDEX ]];then
for namespace in $($DOCKER_NETNS_SCRIPT);do
printf "\e[1;31m%s:\e[0m" $namespace
$DOCKER_NETNS_SCRIPT $namespace ip -c -o link
printf " "
done
else
for namespace in $($DOCKER_NETNS_SCRIPT);do
if $DOCKER_NETNS_SCRIPT $namespace ip -c -o link | grep -Pq "^$IFINDEX: ";then
printf "\e[1;31m%s:\e[0m" $namespace
$DOCKER_NETNS_SCRIPT $namespace ip -c -o link | grep -P "^$IFINDEX: ";
printf " "
fi
done
fiThe script finds namespace virtual network device is located according to ifindex, script execution results under different circumstances as follows:
# sh find_links.sh ==> 不指定ifindex,则列出所有namespaces的link设备。
# sh find_links.sh
1-3gt8phomoc:1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1\ link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1\ link/ipip 0.0.0.0 brd 0.0.0.0
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default \ link/ether e6:c5:04:ad:7b:31 brd ff:ff:ff:ff:ff:ff
74: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default \ link/ether e6:c5:04:ad:7b:31 brd ff:ff:ff:ff:ff:ff link-netnsid 0
76: veth0@if75: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP mode DEFAULT group default \ link/ether e6:fa:db:53:40:fd brd ff:ff:ff:ff:ff:ff link-netnsid 1
ingress_sbox:1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1\ link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1\ link/ipip 0.0.0.0 brd 0.0.0.0
75: eth0@if76: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default \ link/ether 02:42:0a:ff:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
78: eth1@if79: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default \ link/ether 02:42:ac:14:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 1# sh find_links.sh 76 ==> 指定ifindex=76
1-3gt8phomoc:76: veth0@if75: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP mode DEFAULT group default \ link/ether e6:fa:db:53:40:fd brd ff:ff:ff:ff:ff:ff link-netnsid 1Combat - Internal Load Balancing
Deploy a service using uber-svc create our own network
docker service create --name uber-svc --network uber-svc -p 80:80 --replicas 2 nigelpoulton/tu-demo:v1
The two containers are in the deployment manager and worker nodes:
# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
pfnme5ytk59w uber-svc replicated 2/2 nigelpoulton/tu-demo:v1 *:80->80/tcp# docker service ps uber-svc
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
kh8zs9a2umwf uber-svc.1 nigelpoulton/tu-demo:v1 mysql-nginx Running Running 57 seconds ago
31p0rgg1f59w uber-svc.2 nigelpoulton/tu-demo:v1 MyTest03 Running Running 49 seconds agoDescription ⚠️:
-pOf course you can use --publishin place of -p, the intention here is to expose the interior of container services to the host, so that we can access the services.
Under normal circumstances we deploy the service after the container network using only one card is docker0 network in the swarm, when we publish the service out, swarm will do the following:
(1) adding to a container and three card eth0 eth1, eth2, eth0 overlay type connector for a communication network called ingress, eth1 bridge type of network connection between different host name docker_gwbridge, so that the container can be used to access the Internet. mynet eth2 connected to the network of our own creation, the same effect is also used to access between the container ( 区别于eth2网络存在dns解析即服务发现功能).
(2) swarm nodes will use the ingress overlay network load balancing service to publish outside the cluster.
View Card case uber-svc.1 container and uber-svc network namespace
(1) first check uber-svc.1 container
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2a763734e42 nigelpoulton/tu-demo:v1 "python app.py" About a minute ago Up About a minute 80/tcp uber-svc.1.kh8zs9a2umwf9cix381zr9x38(2) See uber-svc.1 vessel card case
# sh docker_netns.sh uber-svc.1.kh8zs9a2umwf9cix381zr9x38 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
54: eth0@if55: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:0a:ff:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.255.0.5/16 brd 10.255.255.255 scope global eth0
valid_lft forever preferred_lft forever
56: eth2@if57: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet 172.19.0.3/16 brd 172.19.255.255 scope global eth2
valid_lft forever preferred_lft forever
58: eth1@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:0a:00:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 10.0.0.3/24 brd 10.0.0.255 scope global eth1
valid_lft forever preferred_lft foreverOf course, you can also directly use the following command to see:
docker exec uber-svc.1.kh8zs9a2umwf9cix381zr9x38 ip addr
(3) View uber-svc card network namespace
# ip netns ==> 查看 manager 网络命名空间
d2feb68e3183 (id: 3)
1-kzxwwwtunp (id: 2)
lb_kzxwwwtun
1-8lyfiluksq (id: 0)
ingress_sbox (id: 1)# docker network ls ==> 查看 manager 集群网络
NETWOrk ID NAME DRIVER SCOPE
e01d59fe00e5 bridge bridge local
7c90d1bf0f62 docker_gwbridge bridge local
15426f623c37 host host local
8lyfiluksqu0 ingress overlay swarm
dd5d570ac60e none null local
kzxwwwtunpqe uber-svc overlay swarmsh docker_netns.sh 1-kzxwwwtunp ip addr ==> 查看 uber-svc 网络命名空间的网卡
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 3e:cb:12:d3:a3:cb brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
valid_lft forever preferred_lft forever
51: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UNKNOWN group default
link/ether e2:8e:35:4c:a3:7b brd ff:ff:ff:ff:ff:ff link-netnsid 0
53: veth0@if52: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP group default
link/ether 3e:cb:12:d3:a3:cb brd ff:ff:ff:ff:ff:ff link-netnsid 1
59: veth1@if58: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP group default
link/ether 9e:b4:8c:72:4e:74 brd ff:ff:ff:ff:ff:ff link-netnsid 2Of course, you can also use the following command:
ip netns exec 1-kzxwwwtunp ip addr
# ip netns exec 1-kzxwwwtunp brctl show ==> 查看 uber-svc 网络命名空间的接口情况
bridge name bridge id STP enabled interfaces
br0 8000.3ecb12d3a3cb no veth0
veth1
vxlan0Description ⚠️:
<1> docker exec uber-svc.1.kh8zs9a2umwf9cix381zr9x38 ip addrThis command can see the network manager node on the container has four cards, namely: lo, eth0, eth1, and eth2.
Wherein, eth1 veth pair corresponding to uber-svc network veth1, eth2 veth pair corresponding to vethef74971 the host.
<2> ip netns exec 1-kzxwwwtunp brctl showSee uber-svc on Network bridge mount case can be seen to hang on veth1 br0 bridge.
(4) View uber-svc network vxlan-id
ip netns exec 1-kzxwwwtunp ip -o -c -d link show vxlan0
***** vxlan id 4097 *****uber-svc-Fi network naming space diagram between the container and the service
Gets ingress namespace information
The main steps are as follows:
(1) obtain information network ingress of
# docker network ls
NETWOrk ID NAME DRIVER SCOPE
8lyfiluksqu0 ingress overlay swarm(2) Get the namespace information taken ingress
# ip netns
1-8lyfiluksq (id: 0)(3) Gets the namespace ingress of ip information
# sh docker_netns.sh 1-8lyfiluksq ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 6e:5c:bd:c0:95:ea brd ff:ff:ff:ff:ff:ff
inet 10.255.0.1/16 brd 10.255.255.255 scope global br0
valid_lft forever preferred_lft forever
45: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UNKNOWN group default
link/ether e6:f3:7a:00:85:e1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
47: veth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP group default
link/ether fa:98:37:aa:83:2a brd ff:ff:ff:ff:ff:ff link-netnsid 1
55: veth1@if54: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP group default
link/ether 6e:5c:bd:c0:95:ea brd ff:ff:ff:ff:ff:ff link-netnsid 2(4) ID information acquired ingress of namespace vxlan0
# sh docker_netns.sh 1-8lyfiluksq ip -d link show vxlan0
***** vxlan id 4096 *****(5) Get the namespace of the corresponding ingress veth pair information
# sh find_links.sh 46
ingress_sbox:46: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default \ link/ether 02:42:0a:ff:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0between the network ingress namespace service network connected to the container of FIG.
Get ingress_sbox network namespace information
The main steps are as follows:
(1) ip access of information ingress_sbox
# sh docker_netns.sh ingress_sbox ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
46: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 02:42:0a:ff:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.255.0.2/16 brd 10.255.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.255.0.4/32 brd 10.255.0.4 scope global eth0
valid_lft forever preferred_lft forever
49: eth1@if50: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 172.19.0.2/16 brd 172.19.255.255 scope global eth1
valid_lft forever preferred_lft forever(2) Get veth pair of interface information ingress_sbox
# sh find_links.sh 47
1-8lyfiluksq:47: veth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master br0 state UP mode DEFAULT group default \ link/ether fa:98:37:aa:83:2a brd ff:ff:ff:ff:ff:ff link-netnsid 1veth pair interface information (3) obtaining a host manager
# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:25:8b:ac brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:cf:31:ee:03 brd ff:ff:ff:ff:ff:ff
14: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
48: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:9c:aa:15:e6 brd ff:ff:ff:ff:ff:ff
50: vetheaa661b@if49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default
link/ether 8a:3e:01:ab:db:75 brd ff:ff:ff:ff:ff:ff link-netnsid 1
57: vethef74971@if56: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default
link/ether 82:5c:65:e1:9c:e8 brd ff:ff:ff:ff:ff:ff link-netnsid 3between the network ingress network namespace namespace ingree_sbox FIG network connection
Description: the case of the swarm worker nodes and the same basic idea manager ~
FIG overall network connection Swarm
Description ⚠️:
(1) can be seen here ingress_sbox container and create a common ingress ns cyberspace.
(2) by using docker exec [container ID/name] ip rwill be more intuitive to see the network flow, as follows:
# docker exec uber-svc.1.kh8zs9a2umwf9cix381zr9x38 ip r
default via 172.19.0.1 dev eth2
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.3
10.255.0.0/16 dev eth0 proto kernel scope link src 10.255.0.5
172.19.0.0/16 dev eth2 proto kernel scope link src 172.19.0.3It can be seen container default gateway 172.19.0.1, that is to say the container through eth2 out ~
At last
About Docker Swarm underlying network problems, there are many points need to explore knowledge, this section of the recently learned docker network made a summary basis, any errors or deficiencies, please correct me big brother, thanks!
Another: Reference document if infringement, please contact me, standing delete ~.
Finally, thanks to open source, open source hug!
Reference Documents
(1) Docker of the Swarm LB and service discovery Detailed
(2) Wan word text: talk realization of the principle of several mainstream Docker network
(3) Docker across the host network --overlay