Docker02:Docker核心技術探索(3)網絡命名空間和網絡隔離
阿新 • • 發佈:2018-04-17
net running all pack 網卡 roo span 命名空間 collision
在Docker中可以為Docker容器創建與原始宿主系統以及其它容器中的虛擬系統之間相互隔離的虛擬網絡環境。
Docker的網絡分為以下幾種模式:
(1)bridge模式。這將配置一個虛擬網絡系統,容器中的虛擬網卡通過NAT與宿主系統的真實網卡通訊。
docker run -it --net=bridge --name=centos --hostname=centos centos /bin/bash
在容器中執行以下命令,其中yum provides用於查找指定的命令所在的包。
1 yum provides ifconfig 2 3 yum install net-tools 45 yum provides ip 6 7 yum install iproute
檢查容器中的網絡配置:
1 [root@centos /]# ip link list 2 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 3 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 4 15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP modeDEFAULT 5 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 6 [root@centos /]# ip addr 7 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 8 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 9 inet 127.0.0.1/8 scope host lo 10 valid_lft forever preferred_lft forever11 15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 12 link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 13 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 14 valid_lft forever preferred_lft forever 15 [root@centos /]# ifconfig 16 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 17 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 18 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) 19 RX packets 8324 bytes 27792451 (26.5 MiB) 20 RX errors 0 dropped 0 overruns 0 frame 0 21 TX packets 6506 bytes 356889 (348.5 KiB) 22 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 23 24 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 25 inet 127.0.0.1 netmask 255.0.0.0 26 loop txqueuelen 1 (Local Loopback) 27 RX packets 0 bytes 0 (0.0 B) 28 RX errors 0 dropped 0 overruns 0 frame 0 29 TX packets 0 bytes 0 (0.0 B) 30 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(2)container模式。這將使得容器的虛擬網卡使用與指定的其它容器的虛擬網卡相同的IP地址。
為了理解這種模式,需要先創建一個容器,網絡模式為bridge模式。
docker run -it --net=bridge --name=centos --hostname=centos centos /bin/bash
然後查看bridge模式下的網絡配置:
1 [root@centos /]# ifconfig 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 3 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 4 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) 5 RX packets 1552 bytes 14029219 (13.3 MiB) 6 RX errors 0 dropped 0 overruns 0 frame 0 7 TX packets 1519 bytes 85477 (83.4 KiB) 8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 9 10 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 11 inet 127.0.0.1 netmask 255.0.0.0 12 loop txqueuelen 1 (Local Loopback) 13 RX packets 0 bytes 0 (0.0 B) 14 RX errors 0 dropped 0 overruns 0 frame 0 15 TX packets 0 bytes 0 (0.0 B) 16 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
再創建網絡為container模式的容器。
docker run -it --net=container:centos --name=centos2 centos /bin/bash
此時centos2容器和centos容器具備相同的網絡配置,包括IP地址,MAC地址以及hostname等信息都相同,這也是container模式下不能指定--hostname=XXXX的參數的原因。
1 [root@centos /]# ifconfig 2 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 3 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 4 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) 5 RX packets 4092 bytes 28111521 (26.8 MiB) 6 RX errors 0 dropped 0 overruns 0 frame 0 7 TX packets 3956 bytes 220458 (215.2 KiB) 8 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 9 10 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 11 inet 127.0.0.1 netmask 255.0.0.0 12 loop txqueuelen 1 (Local Loopback) 13 RX packets 0 bytes 0 (0.0 B) 14 RX errors 0 dropped 0 overruns 0 frame 0 15 TX packets 0 bytes 0 (0.0 B) 16 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(3)host模式。這將使得容器的虛擬網卡使用和宿主系統的真實網卡相同的網絡環境,即直接使用宿主系統的物理網卡。
docker run -it --rm --net=host --name=centos2 --hostname=centos centos /bin/bash
查看容器的網卡情況:
1 [root@centos /]# ifconfig 2 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 3 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 4 inet6 fe80::42:ffff:fed9:4b28 prefixlen 64 scopeid 0x20<link> 5 ether 02:42:ff:d9:4b:28 txqueuelen 0 (Ethernet) 6 RX packets 6506 bytes 265805 (259.5 KiB) 7 RX errors 0 dropped 0 overruns 0 frame 0 8 TX packets 8324 bytes 27792451 (26.5 MiB) 9 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 10 11 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 12 inet 11.1.1.11 netmask 255.255.255.0 broadcast 11.1.1.255 13 inet6 fe80::20c:29ff:fe66:d822 prefixlen 64 scopeid 0x20<link> 14 ether 00:0c:29:66:d8:22 txqueuelen 1000 (Ethernet) 15 RX packets 12671 bytes 1064839 (1.0 MiB) 16 RX errors 0 dropped 0 overruns 0 frame 0 17 TX packets 8803 bytes 3356079 (3.2 MiB) 18 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 19 20 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 21 inet 11.2.1.11 netmask 255.255.255.0 broadcast 11.2.1.255 22 inet6 fe80::20c:29ff:fe66:d82c prefixlen 64 scopeid 0x20<link> 23 ether 00:0c:29:66:d8:2c txqueuelen 1000 (Ethernet) 24 RX packets 29604 bytes 42907671 (40.9 MiB) 25 RX errors 0 dropped 0 overruns 0 frame 0 26 TX packets 9761 bytes 597994 (583.9 KiB) 27 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 28 29 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 30 inet 127.0.0.1 netmask 255.0.0.0 31 inet6 ::1 prefixlen 128 scopeid 0x10<host> 32 loop txqueuelen 1 (Local Loopback) 33 RX packets 3765 bytes 2003876 (1.9 MiB) 34 RX errors 0 dropped 0 overruns 0 frame 0 35 TX packets 3765 bytes 2003876 (1.9 MiB) 36 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(4)none模式。這將使得容器中暫時不具備網卡相關功能。
這種模式下,由於沒有網卡,無法進行涉及到網絡的操作,包括yum install命令。
docker run -it --net=none --name=centos3 --hostname=centos centos /bin/bash
本博客將對Docker使用的bridge模式的虛擬網絡進行模擬。Docker的bridge模式的虛擬網絡
Docker02:Docker核心技術探索(3)網絡命名空間和網絡隔離