Shulou(Shulou.com)06/01 Report--

This article mainly shows you "Docker network management example analysis", the content is simple and easy to understand, organized clearly, I hope to help you solve doubts, let Xiaobian lead you to study and learn "Docker network management example analysis" this article bar.

I: Introduction

1. CNM(Container Network Model): defines a model for building container virtualization networks, while also providing standardized interfaces and components that can be used to develop a variety of network drivers. CNM mainly has three components: sandbox, endpoint and network.

2. Docker daemon completes network creation and management by calling APIs provided by libnetwork. Libnetwork uses CNM to provide network functions.

II: CNM Core Components

1. Sandbox: A sandbox contains information about a container network stack. Sandboxes can manage container interfaces, routing and DNS settings. A sandbox can have multiple endpoints and multiple networks.

2. Endpoints: An endpoint can join both a sandbox and a network; an endpoint can belong to only one network and only one sandbox.

3. Network: A network is a group of endpoints that can communicate directly with each other.

Three: libnetwork built-in driver

1. Bridge driver: This driver is Docker's default setting. When using this driver, libnetwork connects the Docker container created to the Docker bridge. As the most common pattern, bridge pattern can already satisfy the most basic use of Docker containers. However, NAT (Network Address Translation) is used for communication with the outside world, which increases the complexity of communication and has many restrictions when used in complex scenarios.

2. host driver: When using this driver, libnetwork will not create a network protocol stack for Docker (referring to the sum of all layers of protocols in the network, and its image reflects the process of file transmission in a network: from the upper protocol to the lower protocol, and then from the lower protocol to the upper protocol). The processes in Docker container are in the network environment of host, which is equivalent to Docker container and host sharing the same network namespace, using the host's network card, IP and port information. However, other aspects of the container, such as file systems, process lists, etc., remain isolated from the host. Host mode solves the problem of address translation between container and external communication well, and can directly use the IP of host machine for communication without extra performance burden brought by virtualization network. But host drivers also reduce the network-level isolation between containers and between containers and hosts, causing competition and conflict for network resources. Therefore, the host driver can be considered suitable for scenarios where the container cluster size is small.

3. overlay driver:

This driver adopts the IETF standard VXLAN mode, and is generally considered to be the SDN controller mode most suitable for large-scale cloud computing virtualization environments in VXLAN. An additional configuration storage service, such as Consul,etcd, or ZooKeeper, is required during use. An additional parameter needs to be added when starting the Docker daemon to specify the configuration storage service address to be used.

4. Remote Drive:

In fact, this driver does not really implement the network service, but calls the network driver plug-in implemented by the user himself, so that libnetwork realizes the plug-in of the driver and better meets the various needs of the user. Users only need to implement the required interfaces according to the protocol standards provided by libnetwork and register with Docker daemon.

5. null driver: With this driver, Docker containers have their own network namespace, but no network configuration is done for Docker containers. In other words, this Docker container has no other network card, IP, routing and other information except for the loopback network card that comes with the network namespace. Users need to add network cards to Docker containers, configure IP, etc. This pattern is not usable without specific configuration, but it has obvious advantages, as it gives users maximum freedom to customize the container's network environment.

IV: Examples

In the example, Docker's default bridge driver is used to demonstrate an application that forms a network topology.

1. It has two networks, the backend network is the backend network, the frontend network is the frontend network, and the two networks are not connected.

Container1 and container3 each have an endpoint and are joined to the backend network and the frontend network, respectively. Container2 has two endpoints.

In addition to backend and frontend, there are three networks created by Docker daemon by default, which cannot be deleted using docker network rm.

docker run -it --name container1 --net backend centos

docker run -it --name container2 --net backend centos

docker run -it --name container3 --net frontend centos

docker network connect frontend container2

The Docker network connect command creates a new NIC in the connected container to complete its connection to the specified network.

Fifth: bridge drive implementation mechanism analysis

1. Docker0 Bridge: After Linux installs Docker, there is an additional NIC named docker0 on the host. Each container will have two network cards l0 and eth0. L0 is the loopback NIC of the container;eth0 is the NIC used by the container to communicate with the outside world. It is on the same network segment as the bridge docker0 on the host.

1. iptables rules: After Docker is installed, some iptables rules will be added to the host system by default for communication between Docker containers and containers and with the outside world.

2. DNS and hostname of Docker container: The same Docker image can start multiple Docker containers with different hostnames. In fact,/etc/hostname,/etc/hosts,/etc/resolv.conf in the container will be overwritten by virtual files.

The above is "Docker network management example analysis" all the content of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.