Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to connect the docker container to the public network". Many people will encounter this dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

By default, the container can establish a connection to the external network, but the external network cannot connect to the container. Docker allows the provision of network services through external access to containers or the interconnection of containers.

External access container: some network applications can be run in the container, and to make these applications accessible externally, you can specify the port mapping through the-P or-p parameter.

To achieve network communication, machines need at least one network interface (physical interface or virtual interface) to send and receive packets; in addition, routing mechanisms are needed if communication is to take place between different subnets.

Network interfaces in Docker are virtual interfaces by default. One of the advantages of virtual interface is its high forwarding efficiency. Linux implements data forwarding between virtual interfaces by copying data in the kernel, and the packets in the sending cache of the sending interface are copied directly to the receiving cache of the receiving interface. For the local system and the in-container system, it looks like a normal Ethernet card, but it does not really need to communicate with external network devices, and the speed is much faster.

The Docker container network takes advantage of this technology. It creates a virtual interface within the local host and the container and connects them to each other (such a pair of interfaces are called veth pair).

Create network parameters

When Docker creates a container, it does the following:

Create a pair of virtual interfaces and put them in the local host and the new container

The local host is bridged to the default docker0 or designated bridge and has a unique name, such as veth75f9

Put one end of the container into the new container and change the name to eth0. This API is only visible in the namespace of the container.

Get the eth0 of a free address assigned to the container from the available address segment of the bridge and configure a default route to the bridging network card veth75f9.

Once this is done, the container can use the eth0 virtual network card to connect other containers and other networks.

You can use the-net parameter to specify the network configuration of the container during docker run. There are 4 optional values:

-net=bridge this is the default value, which connects to the default bridge.

-net=host tells Docker not to put the container network in an isolated namespace, that is, not to containerize the network in the container. At this point, the container uses the network of the local host, which has full access to the local host interface. Like other root processes on the host, container processes can open low-range ports, access local network services such as D-bus, and let the container do things that affect the entire server system, such as restarting.

-net=container:NAME_or_ID asks Docker to put the process of the new container on the network stack of an existing container. The new container process has its own file system, process list and resource restrictions, but shares network resources such as IP address and port with the existing container. The two processes can communicate directly through the lo loopback interface.

-net=none asks Docker to put the new container on an isolated network stack without network configuration. After that, the user can configure it himself.

That's all for "how docker containers connect to the public network". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.