1.Docker0
# Docker如何处理容器访问?
[root@VM-0-14-centos /]# docker run -d -P tomcat01 tomcat
# 容器启动时,docker会分配eth0,该分配的地址能ping通
[root@VM-0-14-centos /]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# linux可以ping通容器内部
[root@VM-0-14-centos /]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.060 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.033 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.059 ms
原理
每启动一个docker容器,docker就会自动给容器分配一个ip,安装docker的时候,会产生一个docker0网卡,使用桥接模式,采用evth-pair技术
evth-pair:虚拟设备接口,成对出现,一段连接协议,一段彼此相连,因此容器之间也可以互相ping通
网络模型:
图片来源:狂神说Java
结论:容器之间在没有指定网络的情况下,都是通过docker0来进行路由通信,它会给每一个容器分配一个ip
2.--link
# 容器之间无法ping通
[root@VM-0-14-centos ~]# docker exec -it tomcat01 ping tomcat02
ping: tomcat02: Name or service not known
# 通过--link可以解决容器间网络连通的问题
[root@VM-0-14-centos ~]# docker run -d -P --name tomcat03 --link tomcat02 tomcat
bffb39894b46d3a3ace237eac4d5eb0163b4233458c306f8e6172856516a1617
[root@VM-0-14-centos ~]# docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.108 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.065 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=3 ttl=64 time=0.066 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=4 ttl=64 time=0.069 ms
原理探究
# 查看tomcat03的hosts配置文件
[root@VM-0-14-centos ~]# docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat02 d207c5f1abfe # 通过--link命令直接绑定了tomcat02的地址
172.17.0.4 bffb39894b46
注:现阶段的docker不再推荐使用--link
3.自定义网络
# 查看docker网络
[root@VM-0-14-centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
897e6dc978cd bridge bridge local
a7455f4daeeb host host local
3600da2c2a04 none null local
网络模式:
- bridge:桥接(docker默认)
- none:不配置网络
- host:和宿主机共享网络
- container:容器网络连通(不推荐)
# 之前的启动命令默认包含了 --net bridge 命令(也就是docker0)
run -d -P --name tomcat01 --net bridge tomcat# 自定义一个mynet
# --driver bridge
# --subnet 192.168.0.0/16 192.168.0.2~192.168.255.255
# --gateway 192.168.0.1
[root@VM-0-14-centos ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
c0e45563fdc70e8bd9ed21405be5b13e9552f6c08347ea51f1fb16d82d40fb5c
[root@VM-0-14-centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
897e6dc978cd bridge bridge local
a7455f4daeeb host host local
c0e45563fdc7 mynet bridge local
3600da2c2a04 none null local
自定义 mynet 测试
# 启动两个tomcat容器,并指定好我们自定义的mynet
[root@VM-0-14-centos ~]# docker run -d -P --name tomcat-net-01 --net mynet tomcat
3703838b344e6390caa1a519365be204db614bf6049a08ef20c6f2b9a312fabf
[root@VM-0-14-centos ~]# docker run -d -P --name tomcat-net-02 --net mynet tomcat
7750aa78a0cba0901e7ab7f0ab424900a397a9e0b1be184bf7859a6cbc2d7938
查看网络信息:
Ping测试:
# 直接ping容器名或者ip,都可以ping通
[root@VM-0-14-centos ~]# docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.097 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.067 ms
^C
--- tomcat-net-02 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.066/0.076/0.097/0.017 ms
[root@VM-0-14-centos ~]# docker exec -it tomcat-net-01 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.066 ms
64 bytes from 192.168.0.3: icmp_seq=4 ttl=64 time=0.075 ms
^C
--- 192.168.0.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.066/0.072/0.076/0.004 ms
[root@VM-0-14-centos ~]#
docker帮用户自动维护好了自定义网络之间的对应关系,而默认的docker0却没有,所以推荐使用自定义网络,使不同的集群使用不同的网络,以保证集群的安全和健康
4.网络连通
使用 docker network connect [OPTIONS] NETWORK CONTAINER命令
测试打通docker0下的 tomcat01 到 mynet
# 执行connect命令,并查看mynet的信息
[root@VM-0-14-centos ~]# docker network connect mynet tomcat01
[root@VM-0-14-centos ~]# docker network inspect mynet
# tomcat01 ping mynet下的tomcat-net-01 测试
[root@VM-0-14-centos ~]# docker exec -it tomcat01 ping tomcat-net-01
PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.064 ms
^C
--- tomcat-net-01 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.064/0.066/0.069/0.002 ms
[root@VM-0-14-centos ~]# docker exec -it tomcat01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.066 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.069 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=4 ttl=64 time=0.068 ms
^C
--- tomcat-net-02 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.066/0.067/0.069/0.008 ms
评论 (0)