Shulou(Shulou.com)05/31 Report--

This article mainly introduces what the network ways of Docker are, the article is very detailed, has a certain reference value, interested friends must read it!

Bridge mode (default)

The Host IP is 186.100.8.117, and the container network is 172.17.0.

Let's take a look at the four networks provided by docker:

Create container: (because it is the default setting, there is no network specified here-- net= "bridge". In addition, you can see that an eth0 has been created in the container)

[root@localhost ~] # docker run-I-t mysql:latest / bin/bash root@e2187aa35875:/usr/local/mysql# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0000 scope host valid_lft forever preferred_lft forever 0000 eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 Link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:2/64 scope link valid_lft forever preferred_lft forever

The container is connected to the Host network:

Root@e2187aa35875:/usr/local/mysql# ping 186.100.8.117 PING 186.100.8.117 (186.100.8.117): 48 data bytes 56 bytes from 186.100.8.117: icmp_seq=0 ttl=64 time=0.124 ms

The eth0 is actually one end of the veth pair, and the other end (vethb689485) is connected to the docker0 bridge:

[root@localhost ~] # ethtool-S vethb689485 NIC statistics: peer_ifindex: 75 [root@localhost ~] # brctl show bridge name bridge id STP enabled interfaces docker0 8000.56847afe9799 no vethb689485

Access the external network inside the container through Iptables:

[root@localhost] # iptables-save | grep 172.17.0.0.*-A POSTROUTING-s 172.17.0.0dport 16!-o docker0-j MASQUERADE-A FORWARD-d 172.17.0.2 ACCEPTnone 32!-I docker0-o docker0-p tcp-m tcp-- dport 5000-j ACCEPTnone mode

Specify method:-- net= "none"

As you can see, the container created in this way has no network at all:

[root@localhost] # docker run-I-t-- net= "none" mysql:latest / bin/bash root@061364719a22:/usr/local/mysql# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0000VlV 0000VlV 0000 brd 0000VlV 0000VlG0000 inet 127.0.0.1Mag 8 scope host lo valid_lft forever preferred_lft forever inet6:: 1Comp128 scope host valid_lft forever preferred_lft forever root@061364719a22:/usr/local / mysql# ping 186.100.8.117 PING 186.100.8.117 (186.100.8.117): 48 data bytes ping: sending packet: Network is unreachable

So what is the use of this way?

In fact, nova-docker uses this approach, which leaves the responsibility for the creation of the network entirely to the user.

More flexible and complex networks can be realized.

In addition, this container can communicate through the link container. (more on later)

Host mode

Specify method:-- net= "host"

This created container can see all the network devices on the host.

In the container, you have full access to these devices, such as DUBS. So docker reminds us that this approach is not safe.

It is not a problem if you use this approach in a well-isolated environment, such as in a tenant's virtual machine.

Container multiplexing mode

Specify method:-- net= "container:name or id"

As can be seen from the following example, the two networks are exactly the same.

[root@localhost ~] # docker run-I-t mysql:latest / bin/bash root@02aac28b9234:/usr/local/mysql# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0000 scope host valid_lft forever preferred_lft forever 00 scope host valid_lft forever preferred_lft forever: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 Link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3 link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:3/64 scope link valid_lft forever preferred_lft forever [root@localhost ~] # docker run-I-t-- net= "container:02aac28b9234" mysql:latest / bin/bash root@02aac28b9234:/usr/local/mysql# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6:: 1/128 scope host valid_lft forever preferred_lft forever 77: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 scope global eth0 valid_lft Forever preferred_lft forever inet6 fe80::42:acff:fe11:3/64 scope link valid_lft forever preferred_lft forever example (network implementation in openstack nova-docker)

The nova-docker plug-in for openstack manages containers in the same way as virtual machines.

How to create a container network: first create a container for net= "none", and then use the following procedure to configure the container network. (take OVS as an example, you can also use linux bridge)

# create veth device ip link add name veth00 type veth peer name veth01 # connect one end of veth device to ovs-vsctl in ovs bridge br-int-if-exists del-port veth00-- add-port br-int veth00-- set Interface veth00 external-ids:iface-id=iface_id external-ids:iface-status=active external-ids:attached-mac=00:ff:00:aa:bb:cc external-ids:vm-uuid=instance_id # launch the new port ip link set veth00 up # configuration of ovs Container network namespace mkdir-p / var/run/netns ln-sf / proc/container_pid/ns/net / var/run/netns/container_id # add the other end of veth to the container namespace ip link set veth01 netns container_id # configure the mac of the network device on the container Ip,gateway ip netns exec container_id ip link set veth01 address mac_address ip netns exec container_id ifconfig veth01 ip ip netns exec container_id ip route replace default via gateway dev veth01

At this point, the container is connected to the virtual network on the host. After that, br-int connects with br-ex/br-tun, and finally realizes the connection with the business network.

The above is all the contents of the article "what are the Network ways of Docker?" Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.