Shulou(Shulou.com)05/31 Report--

This article mainly introduces several network ways in docker, which can be used for reference. I hope you can learn a lot after reading this article. Let's take a look at it.

Bridge mode (default)

The Host IP is 186.100.8.117, and the container network is 172.17.0.

Let's take a look at the four networks provided by docker:

Create container: (because it is the default setting, there is no network specified here-- net= "bridge". In addition, you can see that an eth0 has been created in the container)

[root@localhost ~] # docker run-I-t mysql:latest / bin/bashroot@e2187aa35875:/usr/local/mysql# ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0012 scope host valid_lft forever preferred_lft forever75: eth0: mtu 1500 Qdisc pfifo_fast state UP qlen 1000 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:2/64 scope link valid_lft forever preferred_lft forever

The container is connected to the Host network:

Root@e2187aa35875:/usr/local/mysql# ping 186.100.8.117PING 186.100.8.117 (186.100.8.117): 48 data bytes56 bytes from 186.100.8.117: icmp_seq=0 ttl=64 time=0.124 ms

The eth0 is actually one end of the veth pair, and the other end (vethb689485) is connected to the docker0 bridge:

[root@localhost ~] # ethtool-S vethb689485NIC statistics: peer_ifindex: 75 [root@localhost ~] # brctl showbridge name bridge id STP enabled interfacesdocker0 8000.56847afe9799 no vethb689485

Access the external network inside the container through Iptables:

[root@localhost] # iptables-save | grep 172.17.0.After POSTROUTING-s 172.17.0.0 ACCEPT 16!-o docker0-j MASQUERADE-A FORWARD-d 172.17.0.2 ACCEPT 32!-I docker0-o docker0-p tcp-m tcp-- dport 5000-j ACCEPT

None mode

Specify method:-- net= "none"

As you can see, the container created in this way has no network at all:

[root@localhost ~] # docker run-I-t-- net= "none" mysql:latest / bin/bashroot@061364719a22:/usr/local/mysql# ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0000VlV 0000VlV 0000RV 0000brd 0000VlV 0000VlV 0000GUBE inet 127.0.0.1gam8 scope host lo valid_lft forever preferred_lft forever inet6:: 1Accord128 scope host valid_lft forever preferred_lft Foreverroot@061364719a22:/usr/local/mysql# ping 186.100.8.117PING 186.100.8.117 (186.100.8.117): 48 data bytesping: sending packet: Network is unreachable

So what is the use of this way?

In fact, nova-docker uses this approach, which leaves the responsibility for the creation of the network entirely to the user.

More flexible and complex networks can be realized.

In addition, this container can communicate through the link container. (more on later)

Host mode

Specify method:-- net= "host"

This created container can see all the network devices on the host.

In the container, you have full access to these devices, such as DUBS. So docker reminds us that this approach is not safe.

It is not a problem if you use this approach in a well-isolated environment, such as in a tenant's virtual machine.

Container multiplexing mode

Specify method:-- net= "container:name or id"

As can be seen from the following example, the two networks are exactly the same.

[root@localhost ~] # docker run-I-t mysql:latest / bin/bashroot@02aac28b9234:/usr/local/mysql# ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0012 scope host valid_lft forever preferred_lft forever77: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3 qdisc pfifo_fast state UP qlen 16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:3/64 scope link valid_lft forever preferred_lft forever [root@localhost] # docker run-I-t-- net= "container:02aac28b9234" mysql:latest / bin/bashroot@02aac28b9234: / usr/local/mysql# ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6:: 1/128 scope host valid_lft forever preferred_lft forever77: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 02:42:ac:11:00:03 Brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:3/64 scope link valid_lft forever preferred_lft forever

Example (network implementation in openstack nova-docker)

The nova-docker plug-in for openstack manages containers in the same way as virtual machines.

How to create a container network: first create a container for net= "none", and then use the following procedure to configure the container network. (take OVS as an example, you can also use linux bridge)

# create a veth device ip link add name veth00 type veth peer name veth01# to connect one end of the veth device to the ovs-vsctl in the ovs bridge br-int-if-exists del-port veth00-- add-port br-int veth00-- set Interface veth00 external-ids:iface-id=iface_id external-ids:iface-status=active external-ids:attached-mac=00:ff:00:aa:bb:cc external-ids:vm-uuid=instance_id# starts the new port ip link set veth00 up # configuration of the ovs The network of the container namespacemkdir-p / var/run/netnsln-sf / proc/container_pid/ns/net / var/run/netns/container_id# adds the other end of the veth to the container namespaceip link set veth01 netns container_id# to configure the mac of the network device on the container Ip,gatewayip netns exec container_id ip link set veth01 address mac_addressip netns exec container_id ifconfig veth01 ip ip netns exec container_id ip route replace default via gateway dev veth01

At this point, the container is connected to the virtual network on the host. After that, br-int connects with br-ex/br-tun, and finally realizes the connection with the business network.

Thank you for reading this article carefully. I hope the article "several Network ways in docker" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.