Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the four network modes of Docker". In daily operation, I believe many people have doubts about what the four network modes of Docker are. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "what are the four network modes of Docker?" Next, please follow the editor to study!

Four Network modes of Docker

Docker has four network modes: bridge, none, host and container, which provide various supports such as network isolation, port mapping and interworking between containers. These four network modes are introduced directly below.

These four network modes can be specified when the container is started, and the number of commands or parameters is as follows:

The network mode parameters describe the host mode-the net=host container and the host share the Network namespace. Container mode-the net= {id} container shares Network namespace with another container. Pod in kubernetes means that multiple containers share a Network namespace. None mode-the net=none container has a separate Network namespace but does not have any network settings for it, such as assigning veth pair and bridge connections, configuring IP, and so on. Bridge mode-net= bridge defaults to this mode and specifies the port mapping through-p.

These four modes can be understood as how Docker virtualizes the container's network, isolation and sharing.

Bridge mode

The format of the command to create a container for bridge mode using Docker is as follows:

Docker run-itd-p 8080 nginx:latest

Bridge mode is called bridge mode. First, Docker creates a virtual bridge called docker0 on the host. This virtual network is at the data link layer of the seven-layer network model. Whenever a new container is created, the container is connected to the host through docker0. Docker0 is the equivalent of a bridge.

Containers newly created using bridge mode have a virtual network card inside, called eth0, and the containers can access each other through 172.17.x.x.

In general, the default IP range of the bridge is 172.17.x.x. You can execute the ifpconfig command on the host to view all the NICs, which will contain the virtual ENI of the Docker container, and you can view the ip of a container. In the container, you can also use the ifconfig command to view your own container ip:

Root@cda6958393cb:/var#. / ifconfig eth0: flags=4163 mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) RX packets 347 bytes 9507996 (9.5 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 278 bytes 22384 (22.3KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

As you can see, the ip for this container is 172.17.0.2.

Using containers created by bride, the network is isolated from hosts and other containers, and Ethernet interfaces, ports, routing tables, and DNS configurations are independent. Each container seems to be a separate host, which is what bridge (bridge) is for. But because of docker0, for containers, other containers can be accessed through ip.

Container 1 can access Container 2 through 172.17.0.3. Similarly, hosts can use this ip to access services in Container 2.

[Error] prompt

Bridge mode is the default mode, and even if you start the container with the docker run-itd nginx:latest command, a virtual IP is created.

None mode

In this network mode, the container only has the lo loopback network, and there are no other network cards. This type of network has no way to connect to the network, and the outside world cannot access it. The closed network can ensure the security of the container.

Create a container for the none network:

Docker run-itd-- net=none nginx:latestroot@5a67da130f62:/var#. / ifconfig lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Host mode

Host mode allows the container to share the network with the host. In this case, the mapped port may produce conflicts, but the rest of the container (file system, process, etc.) is still isolated, and the container shares the network with the host.

Container mode

The container mode allows multiple containers to communicate with each other, that is, the containers share the network.

First, start a container A, which is usually a bridge network, and then B uses-- net= {id} to connect to An and use A's virtual network card. At this time, An and B share the network, and you can then join containers such as B, C, D, etc.

At this point, the study of "what are the four network modes of Docker" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.