Shulou(Shulou.com)06/02 Report--

Docker provides several native networks, which can be divided into container networks on a single host and networks across multiple host in terms of coverage.

Doker automatically creates three networks on host when it is installed, using the following command to view

Docker network ls

None network

Therefore, the name Siyi, none network is nothing of the network. The container hanging under this network does not have any network card except lo. When the container is created, you can specify the use of the none network with-- network=none.

This network is generally applied to some applications that require high security and do not need to be connected to the Internet. For example, the only purpose of a container is to generate random passwords, which can be put into the none network to prevent passwords from being stolen.

Host network

Containers connected to the host network share the network stack of Docker host, and the network configuration of the container is exactly the same as host. You can specify the use of host networks with-- network=host.

You can see all the network cards of host in the container, and even hostname is host. The usage scenarios of host network are as follows:

The biggest advantage of using Docker host network directly is performance. If the container has higher requirements for network transmission efficiency, you can choose host network. Of course, the inconvenience is to sacrifice some flexibility, for example, to consider port conflicts, ports that are already in use on Docker host can no longer be used.

Another use of Docker host is to allow containers to configure host networks directly. For example, some cross-host network solutions, which themselves run as containers, require network configuration, such as managing iptables.

Brige network operation

Brige network is the most widely used network type.

When Docker is installed, a linux bridge named docker0 is created. If you do not specify-- network, the containers created will be hung on the docker0 by default.

Brctl show

There are currently no other network devices on the docker0

Create a Bridge network called net1

Docker network create net1

Check out the net bridge, subnet has been automatically configured to

Docker network inspect net1

Create a bridge bridge named net2 and specify subnet=172.10.10.0/24

Docker network create-- driver bridage-- subnet 172.10.10.10 net2 24-- gateway 172.10.10.1

Start the container named centos1 and join the net1 network

Docker run-name centos1-dit-network=net1 centos

Start the container named centos2 and join the net2 network

Start the container named centos3, join the net2 network, and specify the container IP=172.10.10.10

Docker run-name centos3-dit-network=net2-ip 172.10.10.10 centos

View the IP address information of each of the three centos containers. Where cnetos2 and centos3 are on the same network segment, and centos1 and the former two are on different network segments.

Docker inspect centos1

Docker inspect centos2

Docker inspect centos3

Use the following diagram to understand the bridge network

The container is mainly connected to the brigde network through veth pair. It is a pair of special network devices, which can be simply understood as a pile of network cards connected by a virtual network cable. One end of the network card (such as eth@if34) is in the container, and the other end (such as veth38c57df) is hung on the bridge docker0.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.