Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to understand the difference of Docker driving principle". In daily operation, I believe many people have doubts about how to understand the difference of Docker driving principle. Xiaobian consulted various materials and sorted out simple and easy operation methods. I hope to help you answer the doubts of "how to understand the difference of Docker driving principle"! Next, please follow the small series to learn together!

Container network concept

First of all, understand the concept of network composition under Linux.

Namespaces: Linux introduces network namespaces into the network stack, isolating independent network protocol stacks into different command spaces that cannot communicate with each other;Docker uses this feature to achieve network isolation between containers.

Veth Device Pair: Communicating with Different Namespaces

Iptables/Netfilter: Iptables/Netfilter： Netfilter is responsible for executing various rules (filtering, modification, discarding, etc.) attached in the kernel, running in kernel mode;Iptables mode is a process running in user mode, responsible for assisting in maintaining various rule tables of Netfilter in the kernel; through the cooperation of the two, flexible packet processing mechanism in the entire Linux network protocol stack is realized.

Bridge: A bridge is a Layer 2 network device that connects different ports supported by Linux and enables many-to-many communication like a switch.

Routing:Linux systems include a complete routing function, and when the IP layer handles data transmission or forwarding, it uses routing tables to determine where to send it.

Docker containers are run using bridge networks by default. Docker also includes other network models. The container network model mainly includes three concepts.

network: network model

Single-host network mode (none, host, bridge, joined container)

Multi-host network mode (overlay, macvlan, flannel)

Sandbox: Sandbox, which defines the virtual network card, DNS and routing table in the container. It is an implementation of the network namespace and is the internal network stack of the container.

endpoint: endpoint, used to connect sandbox and network

Here are some of Docker's most common network models:

The Host container will not virtualize its own network card, configure its own IP, etc., but use the host's IP and port. Bridge This pattern assigns, sets IP, etc. to each container and connects the container to a docker0 virtual bridge that communicates with the host via the docker0 bridge and Iptables nat table configuration. none This mode turns off the network function of the container. The container created with ipContainer does not create its own network card and configure its own IP. Instead, it shares IP and port range with a specified container. overlay container uses overlay network mode to communicate between two hosts luxurong@hb13520 ~ % docker network lsNETWORK ID NAME DRIVER SCOPE5a9f0bc5a93a bridge bridge local5239b7670d4f composetest_default bridge local0487feea0278 host host localddfec4c499d9 none null local62e4405853d2 testcompose_default bridge local

How to create and use custom network drivers?

#ocker network create --driver bridge my-net#my-net network docker run --network=my-net...

Network creation is very simple, so we have learned about several common network models.

Detailed Docker drive principle differences

Host ip:

Host Network

This pattern is on the same network as the host, but does not have a separate IP address. A Network Namespace provides an independent network environment, including network cards, routing, IPtable rules, etc., isolated from other Network Namespaces. A Docker container is generally assigned a separate Network Namespace. However, if the container is started using host mode, the container will not get a separate Network Namespace, but will share a Network Namespace with the host. The container will not virtualize its own network card, configure its own IP, etc., but use the host's IP and port.

Container Network

After understanding the host pattern, this pattern is easy to understand. This pattern specifies that a newly created container shares a Network Namespace with an existing container, rather than with the host. The newly created container does not create its own network card, configure its own IP, but shares IP, port range, etc. with a specified container. Similarly, the two containers are isolated except for the network aspect, such as file system, process list, etc. The processes of the two containers can communicate through the lo network card device. Kubernetes pod is the model used.

5. overlay network

Host can also be used to achieve cross-host communication, direct use of this physical ip address can be used for communication. Overlay it will virtualize a network such as 10.0.9.3 this ip address, in this overlay network model, there is an address similar to the service gateway, and then forward this packet to the physical server this address, and finally through routing and switching, to another server ip address. Docker implementation will have a service discovery consul, will define an ip address pool, such as 10.0.9.0/24, there will be containers above, the ip address of the container will be obtained from above, after obtaining, will communicate through eth2, thief this implementation of cross-host things.

At this point, the study of "how to understand the difference of Docker driving principle" is over, hoping to solve everyone's doubts. Theory and practice can better match to help you learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.