Docker网络

Docker网络

理解Docker0

ip addr 查看本机网络信息
Docker网络

docker如何处理容器间的网络访问?

举例说明

#开启一个tomcat01容器,命令如下:
docker run -d -P --name tomcat01 tomcat:9.0
#使用交互模式查看启动的tomcat01容器的ip地址,发现docker容器启动的时候会得到一个"eth0@if81"的ip地址,这个ip地址就是docker0给他分配的
[root@localhost ~]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
80: eth0@if81: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
#查看linux主机是否可以ping同容器内,若可以则证明他们之间的网络的互通的
[root@localhost ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.460 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.142 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.123 ms
#由上说明linux可以ping同tomcat01容器内部
#我们在查看linux虚拟机网络信息,发现多了一个网卡信息为“81: vethb9cb69f@if80” 而这个正是我们的tomcat01的地址信息
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:2c:95:c5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.17.110/24 brd 192.168.17.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::752a:93de:94f6:def0/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:d5:5c:ab:ab brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:d5ff:fe5c:abab/64 scope link 
       valid_lft forever preferred_lft forever
81: vethb9cb69f@if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 3e:15:41:f2:c6:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::3c15:41ff:fef2:c6b1/64 scope link 
       valid_lft forever preferred_lft forever


网络原理解析

从上面可以看出来docker0的IP地址为:172.17.0.1 这个相当于路由器
容器tomcat01的ip地址为:172.17.0.2 容器地址相当于由路由器分配

  1. 我们每安装了一个容器,docker就会给每个容器分配一个ip,我们只要安装了docker那么linux宿主机就会有一个docker0的网卡,它采用的是桥接模式,使用的是evth-pair技术.。
    我们查看主机信息可以查看如下:
    Docker网络
  2. 如果我在启动一个tomcat02,再去分别查看主机网络信息及02容器ip信息,发现又多了一对网卡83: veth262069a@if82
[root@localhost ~]# docker run -d -P --name tomcat02 tomcat:9.0
4c359707ed6b4e8e900cf5f1b6708316a327c5858f97504f8c6842d772b5348f
[root@localhost ~]# docker exec -it tomcat02 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
82: eth0@if83: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
   link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
   inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
      valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
   link/ether 00:50:56:2c:95:c5 brd ff:ff:ff:ff:ff:ff
   inet 192.168.17.110/24 brd 192.168.17.255 scope global noprefixroute ens33
      valid_lft forever preferred_lft forever
   inet6 fe80::752a:93de:94f6:def0/64 scope link noprefixroute 
      valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
   link/ether 02:42:d5:5c:ab:ab brd ff:ff:ff:ff:ff:ff
   inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
      valid_lft forever preferred_lft forever
   inet6 fe80::42:d5ff:fe5c:abab/64 scope link 
      valid_lft forever preferred_lft forever
81: vethb9cb69f@if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
   link/ether 3e:15:41:f2:c6:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
   inet6 fe80::3c15:41ff:fef2:c6b1/64 scope link 
      valid_lft forever preferred_lft forever
83: veth262069a@if82: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
   link/ether 0e:57:6c:5f:01:7a brd ff:ff:ff:ff:ff:ff link-netnsid 1
   inet6 fe80::c57:6cff:fe5f:17a/64 scope link 
      valid_lft forever preferred_lft forever
  1. 我们测试一下tomcat01和02是否能够进行容器内部ping通
#使用02ping01,但是只能使用ip来进行ping通,但是实际docker下面存在重启容器IP地址就会变化,那么我们该如何处理这种情况,我们可以使用,自定义网络或者--link方式
[root@localhost ~]# docker exec -it tomcat02 ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.063 ms

evth-pair技术是什么

evth-pair就是一对虚拟设备接口,他们是成对出现的,一端连着协议,一边进行通信,正因为有这个特性,所以经常使用evth-pair技术充当桥梁,专门用来连接各种虚拟网络设备。其中Openstack,Docker容器之间的连接,OVS的连接,都是使用的此技术。

docker网络桥接原理图
Docker网络
结论: tomcat01和tomcat02 是公用一个路由器,docker0 所有的容器在不指定网络的情况下,都是docker0分配的,docker会给我们分配一个默认的ip,docker中所有的网络接口都是虚拟的,虚拟的转发效率变焦高,就相当于内网传输,只要容器删除对应的主机网卡中的网桥就会删除

docker使用的linux的桥接模式:
Docker网络

–Link学习

--link的作用就是改变容器的host的文件,将容器名映射到对应的容器IP地址

#使用 --link来通过容器名来进行网络通讯,在创建tomcat03服务的时候就直接进行link另一个容器即可,这样03就可以直接ping通01,但是不可逆
[root@localhost ~]# docker run -d -P --name tomcat03 --link tomcat01 tomcat:9.0
048081e338242f537289c7f6c76d667c8029075bdc735bd8d3576bc9e2f44378
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE        COMMAND             CREATED          STATUS          PORTS                     NAMES
048081e33824   tomcat:9.0   "catalina.sh run"   4 seconds ago    Up 3 seconds    0.0.0.0:49158->8080/tcp   tomcat03
4c359707ed6b   tomcat:9.0   "catalina.sh run"   27 minutes ago   Up 27 minutes   0.0.0.0:49157->8080/tcp   tomcat02
bb41e417982d   tomcat:9.0   "catalina.sh run"   48 minutes ago   Up 48 minutes   0.0.0.0:49156->8080/tcp   tomcat01
[root@localhost ~]# docker exec -it tomcat03 ping tomcat01
PING tomcat01 (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat01 (172.17.0.2): icmp_seq=1 ttl=64 time=0.135 ms
64 bytes from tomcat01 (172.17.0.2): icmp_seq=2 ttl=64 time=0.077 ms
#我们可以查看tomcat03网络配置host文件,我们在host文件中增加了tomcat01的映射
[root@localhost ~]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2	tomcat01 bb41e417982d
172.17.0.4	048081e33824

docker network 命令学习

#通过docker network ls 查看当前docker容器网络配置
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
0d022035e3eb   bridge    bridge    local
221fa24372c0   host      host      local
4f887466cdec   none      null      local
#移除network命令
`docker network rm 网络名称或者ID`
#通过docker network inspect docker0 网络ID 查看当前docker容器网络详情元数据
[root@localhost ~]# docker network inspect 0d022035e3eb
[
    {
        "Name": "bridge",
        "Id": "0d022035e3eb55eddbd373ff81d7276b42957271ecf80e5eb6448f139189e949",
        "Created": "2021-01-27T11:19:51.128040455+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "048081e338242f537289c7f6c76d667c8029075bdc735bd8d3576bc9e2f44378": {
                "Name": "tomcat03",
                "EndpointID": "7afc49b9c270a281b86679d3017a488f4098d00368b94d4dbfb9c2c8b11f44f3",
                "MacAddress": "02:42:ac:11:00:04",
                "IPv4Address": "172.17.0.4/16",
                "IPv6Address": ""
            },
            "4c359707ed6b4e8e900cf5f1b6708316a327c5858f97504f8c6842d772b5348f": {
                "Name": "tomcat02",
                "EndpointID": "ac1411756a405434c0949126f09e37c397ff78ce9e971e32011738c90890f0e8",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "bb41e417982d8e48e4875557e359b2ee094fc0b379ea57860b896fd1388990ec": {
                "Name": "tomcat01",
                "EndpointID": "e3c7a1478a081e9d0eb35193f3626e223f867bd748b7c07a3e1d70f9a8cce749",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

自定义docker网络

查看所有的网络
Docker网络
网络模式:桥接 bridge ,none 不配置网络, host 和宿主机网络,container:容器联通网络,用的少,局限大

创建mynet网络

#我们在默认创建容器的时候,网络连接已经默认使用`--net bridge `了,而这个birdge就是我们的docker0网络,所以我们可以自定义我们自己的网络
[root@localhost ~]# docker run  -d -P --name tomcat04 --net bridge  tomcat:9.0 
462bcd1f64bfe8a69a430103efffde9df24a74ca5fd9f3099dfc199b66136087
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE        COMMAND             CREATED             STATUS             PORTS                     NAMES
462bcd1f64bf   tomcat:9.0   "catalina.sh run"   7 seconds ago       Up 6 seconds       0.0.0.0:49159->8080/tcp   tomcat04
048081e33824   tomcat:9.0   "catalina.sh run"   19 minutes ago      Up 19 minutes      0.0.0.0:49158->8080/tcp   tomcat03
4c359707ed6b   tomcat:9.0   "catalina.sh run"   46 minutes ago      Up 46 minutes      0.0.0.0:49157->8080/tcp   tomcat02
bb41e417982d   tomcat:9.0   "catalina.sh run"   About an hour ago   Up About an hour   0.0.0.0:49156->8080/tcp   tomcat01
[root@localhost ~]# 

创建网络

[root@localhost ~]# docker network create --driver bridge --subnet 192.168.0.1/16 --gateway 192.168.0.1 mynet
aff6f661639b31e09f2f92e3e1302fbb8a5737477a76a3287181ec95ed2991b2
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
0d022035e3eb   bridge    bridge    local
221fa24372c0   host      host      local
aff6f661639b   mynet     bridge    local
4f887466cdec   none      null      local
#这样我们就看见了我们自定义的mynet网络,其中默认驱动为桥接,子网掩码:192.168.0.1/16,网关为,192.168.0.1
#我们查看自己的网络信息
[root@localhost ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "aff6f661639b31e09f2f92e3e1302fbb8a5737477a76a3287181ec95ed2991b2",
        "Created": "2021-01-29T18:47:06.34377289+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.1/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]
#然后后面的服务器就可以放在我们自己网络里面船舰容器
[root@localhost ~]# docker run -d -P --name t01 --net mynet tomcat:9.0
a29685b1ff4504620ca18be575c258aebc4e9ed436967eb8987aeb34509a336a
[root@localhost ~]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
0d022035e3eb   bridge    bridge    local
221fa24372c0   host      host      local
aff6f661639b   mynet     bridge    local
4f887466cdec   none      null      local
[root@localhost ~]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "aff6f661639b31e09f2f92e3e1302fbb8a5737477a76a3287181ec95ed2991b2",
        "Created": "2021-01-29T18:47:06.34377289+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.1/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "a29685b1ff4504620ca18be575c258aebc4e9ed436967eb8987aeb34509a336a": {
                "Name": "t01",
                "EndpointID": "427fbf70c8cb6a99bf68c57d8bd8cb46abdbfaf0d99922cfca550b74da97d312",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

总结: 我们自定义的网络就帮我们维护好了对应关系,直接就可以使用容器明进行连通。

网络连通的操作

所谓网络连通就是,同一种集群使用自已的自定义网络,这样可以保证集群的安全和健壮性,那么不同的集群使用不同的自定义网络,那如果要使他们进行通讯,就要进行网络连通操作,如,mysql集群和redis集群。

上一篇:Java 多线程 —— 生产者消费者问题,阿里hr和技术同时面


下一篇:Selenium——元素等待