docker入门之容器网络

Windows Windows 2个月前 (08-15) 6次浏览 未收录 0个评论 扫描二维码

docker入门之容器网络

首发:arppinging.com

一、网络命名空间1)IP命令2)实例二、网络模型三、容器中常见的网络操作1)指定网络模式2)指定容器的dns地址和hosts解析四、网桥配置

一、网络命名空间

1)IP命令

查看ip命令所属软件包是否已经安装

[root@node2~]#rpm-qaiproute

iproute-3.10.0-87.el7.x86_64

[root@node2~]#

1.ip netns命令

ip netns,查看ip netns命令的帮助。

[root@node2~]#ipnetnshelp

Usage:ipnetnslist

ipnetnsaddNAME

ipnetnssetNAMENETNSID

ip[-all]netnsdelete[NAME]

ipnetnsidentify[PID]

ipnetnspidsNAME

ip[-all]netnsexec[NAME]cmd…

ipnetnsmonitor

ipnetnslist-id

[root@node2~]#

ip netns list:查看命名空间

ip netns add Name:添加命名空间

ip netns set Name Netnsid:设置命名空间

ip netns exec Name command:在命名空间中执行命令

2.ip link命令

ip link 命令可以用来创建虚拟的网卡对,一个命名空间如果没有网卡,那么就只有一个lo接口存在。

[root@node2~]#iplinkhelp

Usage:iplinkadd[linkDEV][name]NAME

[txqueuelenPACKETS]

[addressLLADDR]

[broadcastLLADDR]

[mtuMTU]

[numtxqueuesQUEUE_COUNT]

[numrxqueuesQUEUE_COUNT]

typeTYPE[ARGS]

iplinkdelete{DEVICE|devDEVICE|groupDEVGROUP}typeTYPE[ARGS]

iplinkset{DEVICE|devDEVICE|groupDEVGROUP}

[{up|down}]

[typeTYPEARGS]

[arp{on|off}]

[dynamic{on|off}]

[multicast{on|off}]

[allmulticast{on|off}]

[promisc{on|off}]

[trailers{on|off}]

[txqueuelenPACKETS]

[nameNEWNAME]

[addressLLADDR]

[broadcastLLADDR]

[mtuMTU]

[netns{PID|NAME}]

[link-netnsidID]

[aliasNAME]

[vfNUM[macLLADDR]

[vlanVLANID[qosVLAN-QOS]]

[rateTXRATE]

[max_tx_rateTXRATE]

[min_tx_rateTXRATE]

[spoofchk{on|off}]

[query_rss{on|off}]

[state{auto|enable|disable}]]

[trust{on|off}]]

[masterDEVICE]

[nomaster]

[addrgenmode{eui64|none}]

[protodown{on|off}]

iplinkshow[DEVICE|groupGROUP][up][masterDEV][typeTYPE]

iplinkhelp[TYPE]

TYPE:={vlan|veth|vcan|dummy|ifb|macvlan|macvtap|

bridge|bond|ipoib|ip6tnl|ipip|sit|vxlan|

gre|gretap|ip6gre|ip6gretap|vti|nlmon|

bond_slave|geneve|bridge_slave|macsec}

[root@node2~]#

ip link show:查看所有的链路

ip link add:创建虚拟网卡对

ip link set:设置链路

2)实例

1.创建两个命名空间r1和r2:

[root@node2~]#ipnetnsaddr1

[root@node2~]#ipnetnsaddr2

[root@node2~]#ipnetnslist

r2

r1

[root@node2~]#

2.查看命名空间r1的ip地址

[root@node2~]#ipnetnsexecr1ifconfig

[root@node2~]#ipnetnsexecr1ifconfig-a

lo:flags=8mtu65536

looptxqueuelen1(LocalLoopback)

RXpackets0bytes0(0.0B)

RXerrors0dropped0overruns0frame0

TXpackets0bytes0(0.0B)

TXerrors0dropped0overruns0carrier0collisions0

[root@node2~]#

3.创建一个网卡对veth1.1和veth1.2

[root@node2~]#iplinkaddnameveth1.1typevethpeernameveth1.2

[root@node2~]#iplinkshow|grepveth

5:veth1.2@veth1.1:mtu1500qdiscnoopstateDOWNmodeDEFAULTqlen1000

6:veth1.1@veth1.2:mtu1500qdiscnoopstateDOWNmodeDEFAULTqlen1000

[root@node2~]#

4.将veth1.1加入网络命名空间r1

[root@node2~]#iplinksetdevveth1.1netnsr1

[root@node2~]#ipnetnsexecr1ifconfig-a

lo:flags=8mtu65536

looptxqueuelen1(LocalLoopback)

RXpackets0bytes0(0.0B)

RXerrors0dropped0overruns0frame0

TXpackets0bytes0(0.0B)

TXerrors0dropped0overruns0carrier0collisions0

veth1.1:flags=4098mtu1500

etherc6:06:a4:0f:ba:91txqueuelen1000(Ethernet)

RXpackets0bytes0(0.0B)

RXerrors0dropped0overruns0frame0

TXpackets0bytes0(0.0B)

TXerrors0dropped0overruns0carrier0collisions0

[root@node2~]#

5.重命名r1中的veth1.1为eth0

[root@node2~]#ipnetnsexecr1iplinksetdevveth1.1nameeth0

[root@node2~]#ipnetnsexecr1ifconfig-a

eth0:flags=4098mtu1500

etherc6:06:a4:0f:ba:91txqueuelen1000(Ethernet)

RXpackets0bytes0(0.0B)

RXerrors0dropped0overruns0frame0

TXpackets0bytes0(0.0B)

TXerrors0dropped0overruns0carrier0collisions0

lo:flags=8mtu65536

looptxqueuelen1(LocalLoopback)

RXpackets0bytes0(0.0B)

RXerrors0dropped0overruns0frame0

TXpackets0bytes0(0.0B)

TXerrors0dropped0overruns0carrier0collisions0

[root@node2~]#

6.为命名空间r1中的eth0设置ip地址,并激活

[root@node2~]#ipnetnsexecr1ifconfigeth0192.168.0.1/24up

[root@node2~]#ipnetnsexecr1ifconfig

eth0:flags=4099mtu1500

inet192.168.0.1netmask255.255.255.0broadcast192.168.0.255

etherc6:06:a4:0f:ba:91txqueuelen1000(Ethernet)

RXpackets0bytes0(0.0B)

RXerrors0dropped0overruns0frame0

TXpackets0bytes0(0.0B)

TXerrors0dropped0overruns0carrier0collisions0

[root@node2~]#

7.为veth1.1的对端veth1.2配置ip地址并激活

[root@node2~]#iplinkshow|grepveth

5:veth1.2@if6:mtu1500qdiscnoopstateDOWNmodeDEFAULTqlen1000

[root@node2~]#ifconfigveth1.2192.168.0.2/24up

[root@node2~]#ifconfigveth1.2

veth1.2:flags=4163mtu1500

inet192.168.0.2netmask255.255.255.0broadcast192.168.0.255

inet6fe80::c873:1fff:fe9e:90f6prefixlen64scopeid0x20

etherca:73:1f:9e:90:f6txqueuelen1000(Ethernet)

RXpackets8bytes648(648.0B)

RXerrors0dropped0overruns0frame0

TXpackets26bytes3856(3.7KiB)

TXerrors0dropped0overruns0carrier0collisions0

[root@node2~]#

8.在命名空间r1中,测试是否能ping宿主机的地址

[root@node2~]#ipnetnsexecr1ping192.168.0.2

PING192.168.0.2(192.168.0.2)56(84)bytesofdata.

64bytesfrom192.168.0.2:icmp_seq=1ttl=64time=0.051ms

64bytesfrom192.168.0.2:icmp_seq=2ttl=64time=0.032ms

64bytesfrom192.168.0.2:icmp_seq=3ttl=64time=0.039ms

^C

—192.168.0.2pingstatistics—

3packetstransmitted,3received,0%packetloss,time1999ms

rttmin/avg/max/mdev=0.032/0.040/0.051/0.010ms

[root@node2~]#

二、网络模型

1.封闭式容器 — 只有lo接口

2.桥接式容器 — 默认模式 有lo接口,有eth0接口,可以对外通信

3.联盟式容器 — 两个名称空间共享net ipc

联盟式网络创建:

[root@localhost~]#dockerrun–nameb1-it–rmbusybox

/#

[root@localhost~]#dockerrun–nameb2–networkcontainer:b1-it–rmbusybox

/#

查看b1和b2时,会发现ip是一样的

三、容器中常见的网络操作

1)指定网络模式

–network

[root@localhost~]#dockernetworkhelp

Usage:dockernetworkCOMMAND

Managenetworks

Commands:

connectConnectacontainertoanetwork

createCreateanetwork

disconnectDisconnectacontainerfromanetwork

inspectDisplaydetailedinformationononeormorenetworks

lsListnetworks

pruneRemoveallunusednetworks

rmRemoveoneormorenetworks

Run’dockernetworkCOMMAND–help’formoreinformationonacommand.

[root@localhost~]#

指定容器t1的网络模式为桥接模式

[root@localhost~]#dockerrun–namet1-it–networkbridge–rmbusybox

/#ipadd

1:lo:mtu65536qdiscnoqueueqlen1

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

27:eth0@if28:mtu1500qdiscnoqueue

link/ether02:42:c0:a8:01:02brdff:ff:ff:ff:ff:ff

inet192.168.1.2/24brd192.168.1.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

/#

2)指定容器的dns地址和hosts解析

查看容器t1的hosts文件

/#cat/etc/hosts

127.0.0.1localhost

::1localhostip6-localhostip6-loopback

fe00::0ip6-localnet

ff00::0ip6-mcastprefix

ff02::1ip6-allnodes

ff02::2ip6-allrouters

192.168.1.2f2fb5f32bdb2

/#

查看容器t1的dns服务器地址

/#cat/etc/resolv.conf

nameserver8.8.8.8

/#

在创建容器时指定hostname和dns地址以及hosts解析地址

[root@localhost~]#dockerrun–namet1–hostnamet1–add-hostwww.arppinging.com:1.1.1.1–dns114.114.114.114-it–networkbridge–rmbusybox

/#cat/etc/resolv.conf

nameserver114.114.114.114

/#cat/etc/hosts

127.0.0.1localhost

::1localhostip6-localhostip6-loopback

fe00::0ip6-localnet

ff00::0ip6-mcastprefix

ff02::1ip6-allnodes

ff02::2ip6-allrouters

1.1.1.1www.arppinging.com

192.168.1.2t1

/#

3)端口映射

如果容器中的应用需要被访问,那么可以使用通过以下方式实现:

1.network模式使用host

2.端口映射

指定network模式使用host

[root@localhost~]#dockerrun–namet1-it-d–networkhost–rmnginx

524349e018aabe9702c3f033cdd28f92c8970d41632a90820356474dcf843e13

[root@localhost~]#

使用node2访问容器服务

[root@node2~]#curl-o–p192.168.100.75

Welcometonginx!

Ifyouseethispage,thenginxwebserverissuccessfullyinstalledand

working.Furtherconfigurationisrequired.

Foronlinedocumentationandsupportpleasereferto

nginx.org.

Commercialsupportisavailableat

nginx.com.

Thankyouforusingnginx.

[root@node2~]#

端口映射

-p选项:

-p将指定的容器端口映射至主机所有地址的一个动态端口

[root@localhost~]#dockerrun–namet1–hostnamet1-it–rm-d-p80nginx

a9ed176632769450e1a652ae45461680a3e48d9af6b91da2c2dfd20dfdb6f727

查看映射

[root@localhost~]#dockerportt1

80/tcp->0.0.0.0:32768

[root@localhost~]#

使用node2查看网页

[root@node2~]#curl-o–p192.168.100.75:32768

Welcometonginx!

Ifyouseethispage,thenginxwebserverissuccessfullyinstalledand working.Furtherconfigurationisrequired.

Foronlinedocumentationandsupportpleasereferto

Thankyouforusingnginx.

[root@node2~]#

-p:将容器端口映射至指定的主机端口

[root@localhost~]#dockerrun–namet1–hostnamet1-it–rm-d-p80:80nginx

9083bc33157f01b3b2e0d4d3acd2da7fc2eba2d976f0d3cf2b99a987fef8a6df

[root@localhost~]#dockerportt1

80/tcp->0.0.0.0:80

[root@localhost~]#

-p::将指定的容器的端口映射至主机指定的动态端口

[root@localhost~]#dockerrun–namet1–hostnamet1-it–rm-d-p192.168.100.75::80nginx

1fefd9bde32a157e24eb7838bd349d196f860f6017ba1154125e3a1b8893afce

[root@localhost~]#dockerportt1

80/tcp->192.168.100.75:32768

[root@localhost~]#

-p::将指定的容器端口映射至主机指定的端口

[root@localhost~]#dockerrun–namet1–hostnamet1-it–rm-d-p192.168.100.75:80:80nginx

fbedd72124302f2b95de33d3799cf44a236e2c5e475358e868b114c8a0faa2e6

[root@localhost~]#dockerportt1

80/tcp->192.168.100.75:80

[root@localhost~]#

四、网桥配置

修改网桥的ip等信息

停止docker服务

[root@localhost~]#systemctlstopdocker

[root@localhost~]#

编辑docker文件

/etc/docker/daemon.json

{

“bip”:”192.168.1.1/24″,#桥的ip

“fixed-cidr”:”10.20.0.0/16″,

“fixed-cidr-v6″:”2001:db8::/64”,

“mtu”:1500,

“default-gateway”:”10.20.1.1″,

“default-gateway-v6″:”2001:db8:abcd::89”,

“dns”:[“10.20.1.2″,”10.20.1.3”]

}

核心选项为bip,即bridge ip之意,用于指定docker0桥自身的IP地址;其他选项可通过此地址计算得出。

启动服务

[root@localhost~]#systemctlstartdocker

[root@localhost~]#

创建网桥

[root@localhost~]#dockernetworkcreate-dbridge–subnet”10.1.1.0/24″–gateway”10.1.1.1″mybr0

75e5401680b9790d5fa91e688271a4f7722ed7e7cb5a0d6ef91a475d25dd0329

[root@localhost~]#dockernetworkls

NETWORKIDNAMEDRIVERSCOPE

8247c91941d0bridgebridgelocal

6b108679bb90hosthostlocal

75e5401680b9mybr0bridgelocal

fbeb24fe71fbnonenulllocal

[root@localhost~]#ipadd

1:lo:mtu65536qdiscnoqueuestateUNKNOWNqlen1

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

inet6::1/128scopehost

valid_lftforeverpreferred_lftforever

2:eth0:mtu1500qdiscpfifo_faststateUPqlen1000

link/ether00:1a:4a:16:01:69brdff:ff:ff:ff:ff:ff

inet192.168.100.75/24brd192.168.100.255scopeglobaldynamiceth0

valid_lft80748secpreferred_lft80748sec

inet6fe80::46bb:80cd:da25:717/64scopelink

valid_lftforeverpreferred_lftforever

3:virbr0:mtu1500qdiscnoqueuestateDOWNqlen1000

link/ether52:54:00:06:89:69brdff:ff:ff:ff:ff:ff

inet192.168.122.1/24brd192.168.122.255scopeglobalvirbr0

valid_lftforeverpreferred_lftforever

4:virbr0-nic:mtu1500qdiscpfifo_fastmastervirbr0stateDOWNqlen1000

link/ether52:54:00:06:89:69brdff:ff:ff:ff:ff:ff

5:docker0:mtu1500qdiscnoqueuestateDOWN

link/ether02:42:33:82:61:44brdff:ff:ff:ff:ff:ff

inet192.168.1.1/24brd192.168.1.255scopeglobaldocker0

valid_lftforeverpreferred_lftforever

inet6fe80::42:33ff:fe82:6144/64scopelink

valid_lftforeverpreferred_lftforever

22:br-75e5401680b9:mtu1500qdiscnoqueuestateDOWN

link/ether02:42:8f:cd:19:40brdff:ff:ff:ff:ff:ff

inet10.1.1.1/24brd10.1.1.255scopeglobalbr-75e5401680b9

valid_lftforeverpreferred_lftforever

[root@localhost~]#

创建容器t1,指定网络使用mybr0

[root@localhost~]#dockerrun–namet1-it–networkmybr0–rmbusybox

/#ipadd

1:lo:mtu65536qdiscnoqueueqlen1

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

23:eth0@if24:mtu1500qdiscnoqueue

link/ether02:42:0a:01:01:02brdff:ff:ff:ff:ff:ff

inet10.1.1.2/24brd10.1.1.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

/#

创建容器t2,使用默认网络

[root@localhost~]#dockerrun–namet2-it–rmbusybox

/#ipadd

1:lo:mtu65536qdiscnoqueueqlen1

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

57:eth0@if58:mtu1500qdiscnoqueue

link/ether02:42:c0:a8:01:02brdff:ff:ff:ff:ff:ff

inet192.168.1.2/24brd192.168.1.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

/#

两个桥上的容器是否能通信?

开启核心转发

[root@localhost~]#cat/proc/sys/net/ipv4/ip_forward

1

[root@localhost~]#

测试

/#ipadd

1:lo:mtu65536qdiscnoqueueqlen1

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

57:eth0@if58:mtu1500qdiscnoqueue

link/ether02:42:c0:a8:01:02brdff:ff:ff:ff:ff:ff

inet192.168.1.2/24brd192.168.1.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

/#ping10.1.1.2

PING10.1.1.2(10.1.1.2):56databytes

64bytesfrom10.1.1.2:seq=0ttl=63time=0.228ms

64bytesfrom10.1.1.2:seq=1ttl=63time=0.185ms

^C

—10.1.1.2pingstatistics—

2packetstransmitted,2packetsreceived,0%packetloss

round-tripmin/avg/max=0.185/0.206/0.228ms

/#

如果不通,请查看防火墙等信息。

喜欢 (0)
[]
分享 (0)
关于作者:
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址