Shulou(Shulou.com)06/02 Report--

What is the network mode and cross-host communication of Docker? I believe many inexperienced people don't know what to do about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Four Network modes of Docker

Bridge mode

When the Docker process starts, a virtual bridge named docker0 is created on the host, and the Docker container launched on this host is connected to the virtual bridge. A virtual bridge works like a physical switch so that all containers on the host are connected to a layer 2 network through the switch.

Assign an IP from the docker0 subnet to the container and set the IP address of the docker0 as the default gateway of the container. Create a pair of virtual network card veth pair devices on the host. Docker will place one end of the veth pair device in the newly created container and name it eth0 (the container's network card), and the other end in the host, named with a similar name such as vethxxx, and add the network device to the docker0 bridge. You can view it through the brctl show command.

Bridge mode is the default network mode of docker. If you don't write the-- net parameter, it is bridge mode. When using docker run-p, docker actually makes DNAT rules in iptables to achieve port forwarding function. You can view it using iptables-t nat-vnL.

The bridge mode is shown in the following figure:

Demo:

Docker run-tid-net=bridge-name docker_bri1

Ubuntu-base:v3

Docker run-tid-net=bridge-name docker_bri2

Ubuntu-base:v3

Brctl show

Docker exec-ti docker_bri1 / bin/bash

Docker exec-ti docker_bri1 / bin/bash

Ifconfig-a

Route-nHost mode

If you start the container in host mode, the container will not get a separate Network Namespace, but will share a Network Namespace with the host. The container will not virtualize its own network card or configure its own IP, but will use the IP and port of the host. However, other aspects of the container, such as file systems, process lists, and so on, are isolated from the host.

The Host mode is shown in the following figure:

Demo:

Docker run-tid-net=host-name docker_host1 ubuntu-base:v3

Docker run-tid-net=host-name docker_host2 ubuntu-base:v3

Docker exec-ti docker_host1 / bin/bash

Docker exec-ti docker_host1 / bin/bash

Ifconfig-a

Route-n

Container mode

This mode specifies that the newly created container and an existing container share a Network Namespace rather than with the host. Instead of creating its own Nic and configuring its own IP, the newly created container shares IP, port range, and so on with a specified container. Similarly, apart from the network, the two containers are isolated, such as file systems, process lists, and so on. The processes of the two containers can communicate through the lo network card device.

Schematic diagram of Container mode:

Demo:

Docker run-tid-- net=container:docker_bri1

-- name docker_con1 ubuntu-base:v3

Docker exec-ti docker_con1 / bin/bash

Docker exec-ti docker_bri1 / bin/bash

Ifconfig-a

Route-nNone mode

Using none mode, the Docker container has its own Network Namespace, but there is no network configuration for the Docker container. In other words, the Docker container does not have network card, IP, routing and other information. We need to add network cards, configure IP, etc., for the Docker container.

Schematic diagram of Node mode:

Demo:

Docker run-tid-net=none-name

Docker_non1 ubuntu-base:v3

Docker exec-ti docker_non1 / bin/bash

Ifconfig-a

Route-n

Cross-host communication

Under the default network environment of Docker, Docker containers on a single host can communicate directly through docker0 bridges, while Docker containers on different hosts can only communicate through port mapping on the host. This kind of port mapping is very inconvenient for many cluster applications. If you can let Docker containers directly use their own IP address to communicate, it will solve a lot of problems. According to the implementation principle, it can be directly routed, bridged (such as pipework), Overlay tunneling (such as flannel, ovs+gre) and so on.

Direct routing

Cross-host communication is achieved by adding static routes to the Docker host:

Pipework

Pipework is an easy-to-use Docker container network configuration tool. Implemented by more than 200 lines of shell scripts. Configure custom bridges, network cards, routes, and so on for the Docker container by using ip, brctl, ovs-vsctl, and other commands.

Use the new bri0 bridge instead of the default docker0 bridge

The difference between the bri0 bridge and the default docker0 bridge: between the bri0 and the host eth0 is the veth pair

Flannel (Flannel + UDP or Flannel + VxLAN)

The cross-host communication of the container implemented by Flannel is achieved by the following process:

Install and run etcd and flannel on each host

Plan and configure the docker0 subnet range for all hosts in etcd

The flanneld on each host assigns subnets to the docker0 of the host according to the configuration in etcd, ensures that the docker0 network segments on all hosts do not repeat, and stores the results (that is, the corresponding relationship between the docker0 subnet information on the host and the IP of the host) in the etcd database, so that the corresponding relationship between the docker subnet information on all hosts and the host IP is stored in the etcd library.

When you need to communicate with a container on another host, look for the etcd database and find the outip corresponding to the subnet of the destination container (the IP of the destination host)

The original packet is encapsulated in a VXLAN or UDP packet, and the IP layer is encapsulated with outip as the destination IP

Since the destination IP is the host IP, the route is reachable

The VXLAN or UDP packet arrives at the destination host to decapsulate, unpack the original packet, and finally reach the destination container.

After reading the above, have you mastered the network model of Docker and the method of cross-host communication? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.