docker network

虚拟出来一个网卡(docker0)关联到物理网卡上，并且将物理网卡的MAC地址剥夺过来，给这个虚拟网卡用。然后每一个虚拟机到都连到虚拟网卡上(类似于交换机)。虚拟的网卡网络叫桥。桥有四种类型，这里就不详细描述。

4种容器网络类型(从左至右)：

1 close contanier（封闭式容器）。容器就是运行进程，而这个进程只是管理本机上的操作，没必要有网络。2 bridge container(lsoate,host-only,phy bridge,NAT)3 joined container(联盟式容器)。让两个容器共享同一个网络名称空间。只有当两个容器需要本地回环接口进行通信时，可使用此种方式。     联盟式容器彼此间存在端口冲突的可能性，因此，通常只会在多个容器上的程序需要程序loopback接口互相通信、或对某容器的网络属性进行监控时才使用此种械的网络模型```shell     docker run --name b2 --net container:b1 busybox```4 open container(开放式容器)。使用宿主机的网络。直接把容器暴露在外部网络，并且可以直接修改宿主机网络。很危险。

多主机间容器间通信，使用ovarlay网络模型，tunnel。四层协议封装二层。会用专门的一张来写。

[root@centos7 ~]# docker network listNETWORK ID          NAME                DRIVER              SCOPE5b3fcd0d69de        bridge              bridge              local7d9885b990ad        busybox-net          bridge              localbba79ff8e13a        host                host                local8070af41481e        none                null                local不连接网络的容器，就只有回环网络接口**[root@centos7 ~]# docker run --name b1 --rm --net none busybox ifconfig****lo**        Link encap:Local Loopback            inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host          UP LOOPBACK RUNNING  MTU:65536  Metric:1          RX packets:0 errors:0 dropped:0 overruns:0 frame:0          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)[root@centos7 ~]#用host网络的容器，可以看到就是用的宿主机的网络。非常危险，不建议使用。**[root@centos7 ~]# docker run --name b1 --rm --net host  busybox ifconfig**           br-7d9885b990ad Link encap:Ethernet  HWaddr 02:42:26:02:11:61            inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0          inet6 addr: fe80::42:26ff:fe02:1161/64 Scope:Link          UP BROADCAST MULTICAST  MTU:1500  Metric:1          RX packets:26 errors:0 dropped:0 overruns:0 frame:0          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:1580 (1.5 KiB)  TX bytes:1358 (1.3 KiB)**docker0**   Link encap:Ethernet  HWaddr 02:42:BC:DF:66:EF            inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0          inet6 addr: fe80::42:bcff:fedf:66ef/64 Scope:Link          UP BROADCAST MULTICAST  MTU:1500  Metric:1          RX packets:54 errors:0 dropped:0 overruns:0 frame:0          TX packets:25 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:3186 (3.1 KiB)  TX bytes:2454 (2.3 KiB)**ens32**     Link encap:Ethernet  HWaddr 00:0C:29:AB:72:FE            inet addr:192.168.1.156  Bcast:192.168.1.255  Mask:255.255.255.0          inet6 addr: fe80::20c:29ff:feab:72fe/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:152571 errors:0 dropped:0 overruns:0 frame:0          TX packets:22789 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:42509065 (40.5 MiB)  TX bytes:2356330 (2.2 MiB)lo        Link encap:Local Loopback            inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host          UP LOOPBACK RUNNING  MTU:65536  Metric:1          RX packets:135953 errors:0 dropped:0 overruns:0 frame:0          TX packets:135953 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:30633797 (29.2 MiB)  TX bytes:30633797 (29.2 MiB)[root@centos7 ~]#使用bridge的容器，默认使用bridge,分配了一个ip地址**[root@localhost ~]# docker run --name b1 docker.io/busybox ifconfig**eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02            inet addr:**172.17.0.2**  Bcast:0.0.0.0  Mask:255.255.0.0          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:5 errors:0 dropped:0 overruns:0 frame:0          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:438 (438.0 B)  TX bytes:180 (180.0 B)lo        Link encap:Local Loopback            inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host          UP LOOPBACK RUNNING  MTU:65536  Metric:1          RX packets:0 errors:0 dropped:0 overruns:0 frame:0          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)[root@localhost ~]#

docker network command

docker network create

Usage

docker network create [OPTIONS] NETWORK

Name,shorhand	Default	Description
--config-from		The network from which copying the configuration
--driver,-d	bridge	Driver to manage the Network
--gateway		IPv4 or IPv6 Gateway for the master subnet
--ip-range		Allocate container ip from a sub-range
--subnet		Subnet in CIDR format that represents a network segment

~]# docker network create \--driver=bridge \--subnet=10.10.0.0/16 \--ip-range=10.10.1.0/24 \--gateway=10.10.1.254 \test[root@localhost ~]# docker network listNETWORK ID          NAME                DRIVER              SCOPEc372b82defdc        bridge              bridge              localed02d84e3c87        host                host                localff97b1c27347        none                null                local**a6f25cd5494f        test                bridge              local**网络已经创建出来了，接下来将容器添加至此虚拟网络上**[root@localhost ~]# docker run --name b1 -it **--net=test** docker.io/busybox / # ip a1: lo: 
    
      mtu 65536 qdisc noqueue qlen 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever11: eth0@if12: 
     
       mtu 1500 qdisc noqueue     link/ether 02:42:0a:0a:01:00 brd ff:ff:ff:ff:ff:ff    inet **10.10.1.0/16** scope global eth0       valid_lft forever preferred_lft forever    inet6 fe80::42:aff:fe0a:100/64 scope link tentative        valid_lft forever preferred_lft forever/ # **查看创建网络的详细信息[root@localhost ~]# docker network inspect test[    {        **"Name": "test",**        "Id": "a6f25cd5494f5428de680126d18b628a0122bc93641d895a0bb6f25f8b7b6a57",        "Created": "2018-03-19T06:28:38.565181889-04:00",        "Scope": "local",        **"Driver": "bridge",**        "EnableIPv6": false,        "IPAM": {            "Driver": "default",            "Options": {},            "Config": [                {**                    "Subnet": "10.10.0.0/16",                     "IPRange": "10.10.1.0/24",                    "Gateway": "10.10.1.254"**                }...

docker network connect

Usage

docker network connect [OPTIONS] NETWORK CONTAINER

Name,shorthand	Default	Description
--alias		Add network-scoped alias for the container
--ip		IPv4 address (e.g., 172.30.100.104)
--ip6		IPv6 address (e.g., 2001:db8::33)
--link		Add link to another container

[root@localhost ~]# docker run --name b4 -it docker.io/busybox / # ip a1: lo: 
    
      mtu 65536 qdisc noqueue qlen 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever19: eth0@if20: 
     
       mtu 1500 qdisc noqueue     link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff    inet 172.17.0.3/16 scope global eth0       valid_lft forever preferred_lft forever    inet6 fe80::42:acff:fe11:3/64 scope link tentative        valid_lft forever preferred_lft forever重新打开一个终端，输入命令指定你想分配到这个容器接口的ip地址[root@localhost ~]# docker network connect --ip=10.10.1.253 test b4/ # ip a1: lo: 
      
        mtu 65536 qdisc noqueue qlen 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever19: eth0@if20: 
       
         mtu 1500 qdisc noqueue     link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff    inet 172.17.0.3/16 scope global eth0       valid_lft forever preferred_lft forever    inet6 fe80::42:acff:fe11:3/64 scope link        valid_lft forever preferred_lft forever21: eth1@if22: 
        
          mtu 1500 qdisc noqueue     link/ether 02:42:0a:0a:01:fd brd ff:ff:ff:ff:ff:ff    inet **10.10.1.253/16** scope global eth1       valid_lft forever preferred_lft forever    inet6 fe80::42:aff:fe0a:1fd/64 scope link        valid_lft forever preferred_lft forever/ # 可以看到已经添加进来了

要验证这个容器是否已连接到网络，使用docker network inspect命令。使用docker network disconnect来从网络删除容器。

[root@localhost ~]# **docker network disconnect test b4**[root@localhost ~]# **docker exec b4 ip a**1: lo: 
    
      mtu 65536 qdisc noqueue qlen 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever19: eth0@if20: 
     
       mtu 1500 qdisc noqueue     link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff    inet 172.17.0.3/16 scope global eth0       valid_lft forever preferred_lft forever    inet6 fe80::42:acff:fe11:3/64 scope link        valid_lft forever preferred_lft forever已经删除了

docker network rm
删除网络,只有在此网络名称空间不用时，才可删除

大部容器的运行就是要让本容器的服务能够对外提供访问的。所以为了实现这种就必须把port expose出去。其实也就做NAT规则。

暴露端口命令：

docker run -p 宿主机ip:宿主机端口:容器端口 --name b1 docker.io/busybox:latest

如果此处-p参数后不指定宿主机的某个ip地址和端口，那么就会出现容器的端口会映射到宿主机的所有ip地址，并且宿主机上的端口是随机的。

~]# docker run --name b1 -p 192.168.1.157:80:80 -d --rm docker.io/xiaoniaoo/dm:v1.0 httpd -f -h /app/htmle0eb2edc180b8908393078b7ee9e881bcabcbbe6ed4657239bde4d4b7cac177a~]# docker port b180/tcp -> 192.168.1.157:80~]# curl 192.168.1.157Hello dai\!
~]# docker run --name b2 --rm -d -p :80 docker.io/xiaoniaoo/dm:v1.0 httpd -f -h /app/html/ab56763063a2497b517c9fabf2aa131a77101b536428b6710a60bfbc9668640f~]# docker port b280/tcp -> 0.0.0.0:32768本次没有指定，就会使用宿主机的所有ip地址，并且随机端口~]# curl 127.0.0.1:32768Hello dai\!
~]# curl 127.0.0.1:32768/login.htmlHello ming\!

转载于:https://www.cnblogs.com/dance-walter/p/8603539.html

你可能感兴趣的文章

python 中的 try/except/else/finally语句

查看>>

你真的理解devDependencies和dependencies区别吗?

查看>>

const与指针的运用

查看>>

[BZOJ2730][HNOI2012]矿场搭建点双割点

查看>>

深夜的讨论——关于团队分工，以及我想到了一些关于国企的事情

查看>>