[root@iZuf620p8rsr3faul3zsx6Z ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
[root@iZuf620p8rsr3faul3zsx6Z ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
ff70f775df00 bridge bridge local
9529ee2845c2 host host local
70c20ccd24dc none null local
- docker 默认提供三种网络模型bridge、host、null
docker inspect --help
Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Return low-level information on Docker objects
Options:
-f, --format string Format the output using the given Go template
-s, --size Display total file sizes if the type is container
--type string Return JSON for specified type
使用inspect命令,我们可以看到 docker默认使用bridge网络
docker inspect 6b76a31eba0c
[
{
"Id": "6b76a31eba0c2978cea35bbcc1d578f41ebcee03f1caf5bd2793085c9445687d",
"Created": "2022-03-04T12:34:53.786069361Z",
"Path": "dotnet",
"Args": [
"WebCoreDemo.dll"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 14622,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-03-04T12:34:54.298616065Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:e72a3fb0b57e0fe7648e5322f8e62969122379e2b2608e00c5ce7b1347916d66",
"ResolvConfPath": "/var/lib/docker/containers/6b76a31eba0c2978cea35bbcc1d578f41ebcee03f1caf5bd2793085c9445687d/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/6b76a31eba0c2978cea35bbcc1d578f41ebcee03f1caf5bd2793085c9445687d/hostname",
"HostsPath": "/var/lib/docker/containers/6b76a31eba0c2978cea35bbcc1d578f41ebcee03f1caf5bd2793085c9445687d/hosts",
"LogPath": "/var/lib/docker/containers/6b76a31eba0c2978cea35bbcc1d578f41ebcee03f1caf5bd2793085c9445687d/6b76a31eba0c2978cea35bbcc1d578f41ebcee03f1caf5bd2793085c9445687d-json.log",
"Name": "/sharp_heisenberg",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "8082"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/4335dc16ad88067ecdcef6fe787c83d876f4a8edb7bc01c8e7fff26f69ef617e-init/diff:/var/lib/docker/overlay2/f2dec8a57c102d34ffcbf7858e8b769338a2c2c2f47f8646016938483a84868a/diff:/var/lib/docker/overlay2/29c3322ef6f895180a0e4694e37c33804ce74b658220af483615a5978891bc5d/diff:/var/lib/docker/overlay2/f2c1358968129ee673f5d4fa8bdbe19af951264a58fa252fa11910c39306874b/diff:/var/lib/docker/overlay2/7c25fe3c30447b5496c7b9bfddebba0007e6421cb35c0b15f31b4e509cee9b27/diff:/var/lib/docker/overlay2/4ed652f0cf77c495b8cf77552337454564aca653dc06e05d859bc4da88c907de/diff:/var/lib/docker/overlay2/79713cbb96702266ba1c2c6c652c251a02313c0e58de33d80a106e0a3017614a/diff:/var/lib/docker/overlay2/1b6a4c9d2e0324c41094ae6d86968b1ee3712fb13850941d1ea8d1799cbd1546/diff",
"MergedDir": "/var/lib/docker/overlay2/4335dc16ad88067ecdcef6fe787c83d876f4a8edb7bc01c8e7fff26f69ef617e/merged",
"UpperDir": "/var/lib/docker/overlay2/4335dc16ad88067ecdcef6fe787c83d876f4a8edb7bc01c8e7fff26f69ef617e/diff",
"WorkDir": "/var/lib/docker/overlay2/4335dc16ad88067ecdcef6fe787c83d876f4a8edb7bc01c8e7fff26f69ef617e/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "6b76a31eba0c",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"ASPNETCORE_URLS=http://+:80",
"DOTNET_RUNNING_IN_CONTAINER=true",
"DOTNET_VERSION=5.0.14",
"ASPNET_VERSION=5.0.14"
],
"Cmd": null,
"Image": "net5v20220304",
"Volumes": null,
"WorkingDir": "/app",
"Entrypoint": [
"dotnet",
"WebCoreDemo.dll"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "d7a998f1e890d4bfd347f99792ca742bd9d9b18534e6beddc9553cc6aa116aa2",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8082"
}
]
},
"SandboxKey": "/var/run/docker/netns/d7a998f1e890",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "d8bfbd51718550893d86129db8e6eb3f45f7d3fdb808d396763391d904caabf0",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "ff70f775df0079acba3b733f6eb4f48f53df55f53e7031f4ebad175dfda9a02f",
"EndpointID": "d8bfbd51718550893d86129db8e6eb3f45f7d3fdb808d396763391d904caabf0",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
使用ip addr命令查看网络初始状态
- lo 全称是LOOPBACK,又称回环接口,往往会被分配到 127.0.0.1 这个地址
这个地址用于本机通信,经过内核处理后直接返回,不会在任何网络中出现 - eth0 虚拟网卡
- docker0 Docker启动的时候会在主机上自动创建一个docker0网桥,实际上是一个Linux网桥,所有容器的启动如果在docker run的时候没有指定网络模式的情况下都会挂载到docker0网桥上
- 我们每启动一个docker容器,docker就会给docker容器分配一个ip,会有一个网卡docker0桥接模式,使用veth-pair技术
- 容器得到的网卡,都是一对一对的
- veth-pair 就是一对的虚拟设备接口,他们都是成对出现的,一段连着协议,一段彼此相连
- 正因为有这个特性,veth-pair 充当一个桥梁,连接各种虚拟网络设备的
- Docker中的所有的网络接口都是虚拟的
- 只要容器删除,对应网桥一对就没了
[root@iZuf620p8rsr3faul3zsx6Z test1]# ip addr
1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:16:3e:2a:9b:53 brd ff:ff:ff:ff:ff:ff
inet 172.22.75.232/20 brd 172.22.79.255 scope global dynamic noprefixroute eth0
valid_lft 313903468sec preferred_lft 313903468sec
inet6 fe80::de5d:bfe9:2541:b5e8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:19:32:d1:40 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
</broadcast,multicast,up,lower_up></broadcast,multicast,up,lower_up></loopback,up,lower_up>
在容器中一些命令是无法直接访问的需要安装一些包,下面是可能用到的命令
apt-get update
ifconfig
apt-get install -y net-tools
ping
apt-get install -y iputils-ping
ip
apt-get install -y iproute2
本文参考文档
- https://blog.csdn.net/qq_44713502/article/details/117106763
- https://www.cnblogs.com/jokerjason/p/10695189.html
- https://blog.csdn.net/chj_1224365967/article/details/109206131
- https://www.cnblogs.com/Kit-L/p/13246782.html
- https://blog.csdn.net/qq_16481211/article/details/81114286
- https://www.zhihu.com/question/320582989
- https://blog.csdn.net/everysigleday/article/details/105743534
Original: https://www.cnblogs.com/Dewumu/p/16032932.html
Author: 德乌姆列特
Title: docker网络模型
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/606550/
转载文章受原作者版权保护。转载请注明原作者出处!