docker學習(四)—— 容器虛擬化網路基礎
阿新 • • 發佈:2019-01-01
6種名稱空間:
- UTS
- User
- Mount
- IPC
- Pid
- Net
Linux核心原生支援二層虛擬網橋裝置。用軟體來構建一個交換機
OVS:OpenVSwitch 開源的虛擬交換機
SDN:軟體定義網路 software define network
每一個虛擬機器網絡卡是成對出現的,可模擬網線的兩頭。
linux的核心轉發
跨物理機做虛擬機器,兩者都橋接
物理橋橋接:把物理網絡卡當交換機使用
Overlay Network
有點像gre(自我感覺),
檢視docker網路:
[[email protected] ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 1f1d3b3c2f74 bridge bridge local 76bea4912e96 host host local a33261fb3dc7 none null local
[[email protected] ~]# ifconfig docker0 docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:2bff:feb1:12fc prefixlen 64 scopeid 0x20<link> ether 02:42:2b:b1:12:fc txqueuelen 0 (Ethernet) RX packets 32 bytes 4545 (4.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 46 bytes 3446 (3.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
brctl命令
需要安裝bridge-utils
[[email protected] ~]# yum install bridge-utils.x86_64 -y
檢視所有的虛擬網橋介面:
[[email protected] ~]# brctl --help
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
hairpin <bridge> <port> {on|off} turn hairpin on/off
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
show [ <bridge> ] show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
[[email protected] ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02422bb112fc no veth3ee9411
veth65e1b9d
vethacd15f5
vethd82610f
檢視所有裝置資訊:
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:ab:c9:4b brd ff:ff:ff:ff:ff:ff
3: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:ab:c9:55 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:2b:b1:12:fc brd ff:ff:ff:ff:ff:ff
10: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 86:ca:bd:d9:42:4e brd ff:ff:ff:ff:ff:ff link-netnsid 0
12: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether c2:78:88:29:69:49 brd ff:ff:ff:ff:ff:ff link-netnsid 1
14: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether f6:93:f0:32:65:72 brd ff:ff:ff:ff:ff:ff link-netnsid 2
18: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 0e:43:5a:d1:b0:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 3
檢視iptables規則:
[[email protected] ~]#
[[email protected] ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 795 packets, 81934 bytes)
pkts bytes target prot opt in out source destination
905 95013 PREROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
905 95013 PREROUTING_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
905 95013 PREROUTING_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
15 1102 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 9 packets, 660 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 798 packets, 64159 bytes)
pkts bytes target prot opt in out source destination
1009 80632 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 798 packets, 64159 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
............
docker的四種網路模型
- Close container(與外界隔離,就一個lo介面)
- Bridged container (橋接在docker0橋上)橋接式網路
- joined container 聯盟式網路(兩個容器一部分名稱空間隔離,但UTS,Net,IPC是公用的,使用同一個網絡卡,同一個lo)
- Open container (直接共享物理機的網路名稱空間)開放式網路
預設是橋接式網路
在建立容器時可以指定網路型別
[[email protected] ~]# docker container run --help
--network string Connect a container to a network (default "default")
--network-alias list Add network-scoped alias for the container
檢視docker網路:
[[email protected] ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
[[email protected] ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
1f1d3b3c2f74 bridge bridge local
76bea4912e96 host host local
a33261fb3dc7 none null local
檢視bridge網路詳細資訊:
[[email protected] ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "1f1d3b3c2f747d52d2738da75538d319673a1ccd78a823ea110060697bb16ba8",
"Created": "2018-12-30T13:32:28.316588489+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"8ab7e978debcf1406596981e79e88087c3d0430e782cb21f31cff26103d8541a": {
"Name": "b2",
"EndpointID": "d2e4ef96c4dc97a2cc8968ceae33a5e8b8e2be4c04324fd38ed69d612954afde",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"aa7f935730ed5404a1ac81709ccf02d99bdbab8314a27e48884012ce23627ae3": {
"Name": "web1",
"EndpointID": "489e0b674f3f898e4b07319ebef26d66a07c8befa3ed46486c5b21900dbe5290",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"b2a481f1fde0e1ec517ed01684fdd2b1fa7d51d8738aee46342b0ea2ced8c54e": {
"Name": "kvstor1",
"EndpointID": "a34350d92b6c3b18dc342308988b15c9baaf2397370f9639d0233c8b7732bf31",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"b4c9c77e60c0b06b9cb55805d768adb8151b1361e87ed89af3368a30d0d3c950": {
"Name": "t2",
"EndpointID": "60d0dadee75e8badf25802694a99d665b700ffaf7c2c427af28c7305c5695f3c",
"MacAddress": "02:42:ac:11:00:05",
"IPv4Address": "172.17.0.5/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]