Shulou(Shulou.com)06/03 Report--

one。 Network mode

-- net=bridge default

2.--net=host

Docker run-it busybox runs by default to generate an independent network command space

Docker run-it-- net=host busybox-- net=host uses the network command space with the host, other quarantines

Using the port in the container is equivalent to occupying the port of the host.

3.--net=none

Docker run-it-- net=none network independent, but each configured with any address

4.--net=container:namedocker exec-it bs sh runs a generic container

Netstat-nltp

Docker run-itd-name nginx05-net=container:bs nginx

Netstat-nltp

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

Tcp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0 80 0. 0. 0. 0. 0. 0. 0 of the latter * LISTEN-

With the same network information, except for containers, all others are isolated.

5. Custom network

Same as the default bridge principle, but the custom network has internal DNS discovery and can communicate with each other through the container name or hostname container

Docker network create bs-test creates a network bs-test

Docker run-it-name bs4-net bs-test busybox

Docker run-it-name bs3-net bs-test busybox

Then mutual ping can communicate; hostname can also communicate; link communication

two。 Principle of container network access

Snat and dnat of iptables for communication between Docker host and container

The data from the container to the host is configured iptable snat to the host network card through the docker0 bridge.

From the host network card to the container data, the iptables Dnat is configured to the container network card through the docker0 bridge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.