Shulou(Shulou.com)05/31 Report--

This article mainly introduces "the introduction of the network mode of Docker". In the daily operation, I believe that many people have doubts about the introduction of the network mode of Docker. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts of "introduction to the network mode of Docker"! Next, please follow the editor to study!

1. Four network modes of Docker

(1) the four network modes of docker are as follows:

Bridge contauner bridging network mode

Host (open) container Open Network Model

Container (join) container joint mount network mode is an extension of host network mode.

None (Close) container closed Network Model

(2) you can view it through the docker network command.

[root@along ~] # docker network lsNETWORK ID NAME DRIVER SCOPEf23b4899add1 bridge bridge local65520497f693 host host locala0c5f18e0f04 none null local

(3) the docker run-- network command can specify the use of network mode

2. Introduction of Bridge Network Mode 2.1

When the Docker process starts, a virtual bridge named docker0 is created on the host, and the Docker container launched on this host is connected to the virtual bridge, so there is a default address of 172.17.0.0max 16. A virtual bridge works like a physical switch so that all containers on the host are connected to a layer 2 network through the switch.

Assign an IP from the docker0 subnet to the container and set the IP address of the docker0 as the default gateway of the container. Create a pair of virtual network card veth pair devices on the host. Docker will place one end of the veth pair device in the newly created container and name it eth0 (the container's network card), and the other end in the host, named with a similar name such as vethxxx, and add the network device to the docker0 bridge. You can view it through the brctl show command.

[root@along ~] # brctl showbridge name bridge id STP enabled interfacesdocker0 8000.024241c45d6e no

Bridge mode is the default network mode of docker. If you don't write the-- net parameter, it is bridge mode. When using docker run-p, docker actually makes DNAT rules in iptables to achieve port forwarding function. You can view it using iptables-t nat-vnL.

[root@along] # iptables-t nat-vnLChain POSTROUTING (policy ACCEPT 20 packets, 1238 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all-*! docker0 172.17.0 docker0 schematic diagram of the bridge model

2.3 Demo

Bridge network mode;-- network is not specified, and the default is bridge mode

[root@along] # docker run-- name b1-it-- network bridge-- rm busybox:latest / # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1016 (1016.0 B) TX bytes:508 (508.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: 1hand 128 Scope : Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0B) TX bytes:0 (0.0B) / # route-nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0 .0.0 172.17.0.1 0.0.0.0 UG 000 eth0172.17.0.0 0.0.0.0 255.255.0.0 U 000 eth0/ # ping 10.11.55.5 normal access host PING 10.11.55.5 (10.11.55.5): 56 data bytes64 bytes From 10.11.55.5: seq=0 ttl=64 time=0.292 ms/ # exit3 、 Introduction to Host Network Mode 3.1

If you start the container in host mode, the container will not get a separate Network Namespace, but will share a Network Namespace with the host. The container will not virtualize its own network card or configure its own IP, but will use the IP and port of the host. However, other aspects of the container, such as file systems, process lists, and so on, are isolated from the host.

3.2 schematic diagram of Host mode

3.3.Demo [root@along ~] # docker run-- name b2-it-- network host-- rm busybox:latest/ # ifconfig-an is the same as the host docker0 Link encap:Ethernet HWaddr 02:42:41:C4:5D:6E inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:41ff:fec4:5d6e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:90 errors:0 dropped:0 overruns:0 frame:0 TX packets:26 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5903 (5.7KiB) TX bytes:2381 (2.3KiB) eth0 Link encap:Ethernet HWaddr 00:0C:29:AB:D2:DA inet addr:10.11.55.5 Bcast:10.11.55.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feab:d2da/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3913 errors:0 dropped:0 overruns:0 frame:0 TX packets:3327 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:354314 (346.0 KiB) TX bytes:919096 (897.5 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: 1Accord 128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen 1 RX bytes:0 (0.0B) TX bytes:0 (0.0B) 4, Introduction to Container Network Mode 4.1

This mode specifies that the newly created container and an existing container share a Network Namespace rather than with the host. Instead of creating its own Nic and configuring its own IP, the newly created container shares IP, port range, and so on with a specified container. Similarly, apart from the network, the two containers are isolated, such as file systems, process lists, and so on. The processes of the two containers can communicate through the lo network card device.

4.2 schematic diagram of Container mode

4.3 Demo

(1) in a terminal, start container b1 using bridge network mode

[root@along ~] # docker run-- name b1-it-- rm busybox:latest / # ifconfig b1 ip is 172.17.0.2eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:508 (508.0 B) TX bytes:508 (508.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: :: 116128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0B) TX bytes:0 (0.0B) / # echo "hello world b1" > / tmp/index.html/ # httpd-h / tmp/ starts the httpd service on b1 / # netstat-nutlActive Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0: 80:: * LISTEN

(2) create container b2 using Container network mode in another terminal

[root@along] # docker run-- name b2-it-- network container:b1-- rm busybox:latest/ # ifconfig-a b2 ip is the same as b1 eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:648 (648.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 Inet6 addr: 1 httpd service started by inet6 addr 128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0B) TX bytes:0 (0.0B) / # wget-O-- Q 127.0.0.1 b1 Directly access hello world b1 / # ls / tmp/ on b2, but the file system is not shared, only shared network 5, None network mode 5.1 introduction

Using none mode, the Docker container has its own Network Namespace, but there is no network configuration for the Docker container. In other words, this Docker container has no network card, IP, routing and other information, only lo network interface. We need to add network cards, configure IP, etc., for the Docker container.

Do not participate in network communication, processes running in such containers can only access the local loopback interface; it is only suitable for scenarios where processes do not need network communication, such as backup, process diagnosis and various offline tasks.

5.2 schematic diagram of Node mode

5.3Demo [root@along ~] # docker run-- name b1-it-- network none-- rm busybox:latest / # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: 1Accord 128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0B) TX bytes:0 (0.0B) / # route-nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface/ # exit so far The study on "introduction to the Network Model of Docker" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.