目录
一、理解Docker网络
1.1 运行tomcat容器
1.2 查看容器内部网络地址
1.3 测试连通性
二、原理
2.1 查看网卡信息
2.2 再启动一个容器测试网卡
2.3 测试tomcat01 和tomcat02是否可以ping通
2.4 只要删除容器,对应网桥一对就没了
2.5 结论
三、--link
3.1 两个容器直接通过名字ping,发现ping不通
3.2 解决方法
3.2.1 新建一个tomcat容器使用--link参数
3.2.2 进行tomcat03和tomcat02通信
3.3.3 查看docker网络信息
3.3.4 探究
3.4.5 结论
四、自定义网络
4.1 测试
4.2 创建两个容器,再次查看自定义的网络信息
4.3 两个容器互相通信
五、网络连通
5.1 打通tomcat01 - mynet
5.2 测试连通性
一、理解Docker网络
在 Docker 中,网络是连接容器实例的关键组件,它允许不同的容器之间进行通信,并与外部世界进行交互。Docker 提供了多种网络模式和驱动程序,以满足不同场景下的网络需求。
合理配置和使用 Docker 的网络功能,可以实现容器间的通信和数据共享,同时也能保障容器的安全和隔离性
查看本机网卡
1.1 运行tomcat容器
[root@localhost ~]# docker run -d -p 8085:80 --name tomcat01 tomcat
Unable to find image 'tomcat:latest' locally
latest: Pulling from library/tomcat
0e29546d541c: Pull complete
9b829c73b52b: Pull complete
cb5b7ae36172: Pull complete
6494e4811622: Pull complete
668f6fcc5fa5: Pull complete
dc120c3e0290: Pull complete
8f7c0eebb7b1: Pull complete
77b694f83996: Pull complete
0f611256ec3a: Pull complete
4f25def12f23: Pull complete
Digest: sha256:9dee185c3b161cdfede1f5e35e8b56ebc9de88ed3a79526939701f3537a52324
Status: Downloaded newer image for tomcat:latest
bd6a51c579d1dd64812f60e009c61f2ffe91a2434d088fe6749a07ed6b16e1aa
1.2 查看容器内部网络地址
发现容器启动的时候就会得到一个ip地址,docker分配的
# 如果容器内没有 ip addr 命令执行以下内容进行安装
[root@localhost ~]# docker exec -it tomcat01 apt-get update && apt-get install -y iproute2
# 查看容器的内部网络地址
[root@localhost ~]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
1.3 测试连通性
尝试Linux与容器的网络连通性,发现是可以ping通的
[root@localhost ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.051 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.051/0.070/0.096/0.019 ms
二、原理
2.1 查看网卡信息
每安装启动一个docker容器,docker就会给docker容器分配一个ip,只要安装了docker,就会有一个网卡docker0,桥接模式,使用的技术是evth-pair技术
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:d9:41:26 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.10/24 brd 192.168.200.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::fa5a:6b8e:55db:6378/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:01:be:a1:60 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:1ff:febe:a160/64 scope link
valid_lft forever preferred_lft forever
5: veth4a3fbdb@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 6e:5e:99:86:6b:25 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::6c5e:99ff:fe86:6b25/64 scope link
valid_lft forever preferred_lft forever
2.2 再启动一个容器测试网卡
发现又多了一对网卡
#创建tomcat02容器
[root@localhost ~]# docker run -d -P --name tomcat02 tomcat
d55f7582c96b12181485f5c31448c6a0d682ee9b39129652c4cfd9c3b03968a5
# 再次查看
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:d9:41:26 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.10/24 brd 192.168.200.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::fa5a:6b8e:55db:6378/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:01:be:a1:60 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:1ff:febe: