docker-bridge network
根据下面这图示,可以了解两个container之间是如何通信的
通过ip link 和 ip a可以看到本地有个docker0 link。
[root@localhost ~]# ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN mode DEFAULT qlen
link/loopback ::::: brd :::::
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP mode DEFAULT qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip a
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN qlen
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
valid_lft forever preferred_lft forever
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
inet 10.173.236.35/ brd 10.173.236.255 scope global dynamic ens33
valid_lft 676660sec preferred_lft 676660sec
inet6 fe80:::ec13:6b54:b6ea/ scope link
valid_lft forever preferred_lft forever
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/ brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/ brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80:::e8ff:fe50:c76c/ scope link
valid_lft forever preferred_lft forever
[root@localhost ~]#
通过docker network inspect bridge可以查看bridge网络
[root@localhost ~]# docker network inspect
bridge host none
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4e8172ef8e0169e74285225030d0b5f271494df46c4f7bc3ba38e9ca87a1c6f9",
"Created": "2019-07-17T06:50:29.144315528-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": ""
},
"Labels": {}
}
]
[root@localhost ~]#
上面bridge里"Containers": {}, 原因是目前没有正在运行的container,下面我添加两个container在后台运行:
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker run --name test1 -d busybox /bin/sh -c "while true;do sleep 3600;done" #-d 放后台运行
cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4e8172ef8e0169e74285225030d0b5f271494df46c4f7bc3ba38e9ca87a1c6f9",
"Created": "2019-07-17T06:50:29.144315528-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a": {
"Name": "test1",
"EndpointID": "00bcbb182eaf78e390c842e5edc5af27b2df2db2c3905e76f816828d7a9eadc3",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": ""
},
"Labels": {}
}
]
[root@localhost ~]#
本地 ip link 多了一个19 link
[root@localhost ~]# ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN mode DEFAULT qlen
link/loopback ::::: brd :::::
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP mode DEFAULT qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue state UP mode DEFAULT
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
: vethfdefc77@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue master docker0 state UP mode DEFAULT
link/ether d2:1a:0d:9c:: brd ff:ff:ff:ff:ff:ff link-netnsid
查看container test1 的link “eth0@if19“ 是和本地的“vethfdefc77@if18“ 构成一对的。
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cba625871070 busybox "/bin/sh -c 'while t…" minutes ago Up minutes test1
[root@localhost ~]# docker exec test1 ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue qlen
link/loopback ::::: brd :::::
: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu qdisc noqueue
link/ether ::ac::: brd ff:ff:ff:ff:ff:ff
[root@localhost ~]#
本地新增的link “vethfdefc77“ 是和docker0相连的,可以通过brctl show 查看
[root@localhost ~]# yum install bridge-utils
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.njupt.edu.cn
* extras: mirrors.tuna.tsinghua.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Package bridge-utils-1.5-.el7.x86_64 already installed and latest version
Nothing to do
[root@localhost ~]# brctl
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
hairpin <bridge> <port> {on|off} turn hairpin on/off
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
show [ <bridge> ] show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 .0242e850c76c no vethfdefc77
virbr0 .525400105abe yes virbr0-nic
[root@localhost ~]#
接下来再运行一个container
[root@localhost ~]# docker run --name test2 -d busybox /bin/sh -c "while true;do sleep 3600;done"
f81ab807503c0506d3e6a0375e2179eb0ddc0203162faf60117fc393187c59ac
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f81ab807503c busybox "/bin/sh -c 'while t…" seconds ago Up seconds test2
cba625871070 busybox "/bin/sh -c 'while t…" minutes ago Up minutes test1
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4e8172ef8e0169e74285225030d0b5f271494df46c4f7bc3ba38e9ca87a1c6f9",
"Created": "2019-07-17T06:50:29.144315528-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a": {
"Name": "test1",
"EndpointID": "00bcbb182eaf78e390c842e5edc5af27b2df2db2c3905e76f816828d7a9eadc3",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"f81ab807503c0506d3e6a0375e2179eb0ddc0203162faf60117fc393187c59ac": {
"Name": "test2",
"EndpointID": "d80d942aad5ea4e0322be344756317d61ad850ad45ad1d3e086b6d2e43879ead",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": ""
},
"Labels": {}
}
]
[root@localhost ~]#
查看新增ip link,可以看到新增的link也是连接到docker0上
[root@localhost ~]# ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN mode DEFAULT qlen
link/loopback ::::: brd :::::
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP mode DEFAULT qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue state UP mode DEFAULT
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
: vethfdefc77@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue master docker0 state UP mode DEFAULT
link/ether d2:1a:0d:9c:: brd ff:ff:ff:ff:ff:ff link-netnsid
: veth39873ad@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue master docker0 state UP mode DEFAULT
link/ether e6:e5:::: brd ff:ff:ff:ff:ff:ff link-netnsid
[root@localhost ~]# docker exec test2 ip a
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue qlen
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
valid_lft forever preferred_lft forever
: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu qdisc noqueue
link/ether ::ac::: brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/ brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# br
brctl break bridge brltty brltty-config brltty-ctb brltty-install brltty-trtxt brltty-ttb
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 .0242e850c76c no veth39873ad
vethfdefc77
virbr0 .525400105abe yes virbr0-nic
[root@localhost ~]#
docker0 和网卡之间做了nat,如果网卡能连外网,则container也能连外网
docker-bridge network的更多相关文章
- 【Network】Calico, Flannel, Weave and Docker Overlay Network 各种网络模型之间的区别
From the previous posts, I have analysed 4 different Docker multi-host network solutions - Calico, F ...
- Docker bridge探索
作者:ellen.sun链接:http://blog.daocloud.io/docker-bridge/著作权归作者所有.商业转载请联系作者获得授权,非商业转载请注明出处. 早期的二层网络中,bri ...
- [头脑风暴] 解读Docker Bridge网络模型
背景 这几天在研究Kubernetes, 遇到一个有意思的nodejs镜像:luksa/kubia # 不带端口映射启动容器docker run -it -d luksa/kubia# 连接到默认的B ...
- (转)Docker - 创建 Docker overlay network (containers 通信)
原文链接: http://www.cnblogs.com/AlanWalkOn/p/6101875.html --- 创建基于Key-Value的Docker overlay network. 这样运 ...
- [Docker] Driver Bridge network for linking containers
In previous postwe have seen how to link two container together by using `--link`: # docker run -d - ...
- Docker container network configuration
http://xmodulo.com/networking-between-docker-containers.html How to set up networking between Docker ...
- docker - 关于network的一些理解
docker 提供给我们多种(4种)网络模式,我们可以根据自己的需求来使用.例如我们在一台主机(host)或者同一个docker engine上面运行continer的时候,我们就可以选择bridge ...
- Docker bridge、host、container other、overlay 网络模式
docker run创建Docker容器时,可以用--net 选项指定容器的网络模式,Docker有以下5种网络模式: bridge模式:使用–net =bridge指定,默认设置: host模式:使 ...
- Docker bridge br0 pipework
Docker Centos7 下建立 Docker 桥接网络 - weifengCorp - 博客园https://www.cnblogs.com/weifeng1463/p/7468497.html ...
- docker 解决network has active endpoints
解决方式 使用 docker network disconnect -f {network} {endpoint-name},其中的 {endpoint-name} 可以使用命令 docker net ...
随机推荐
- ed-tue-robotics
https://github.com/tue-robotics/ed ubuntu16.04 安装libsdformat4-dev ,libsdformat4 1./usr/include/sdfor ...
- spring中引入多个quertz 注意事项
每一个独立的调取任务 需起不同的名字,否则只有最后一个调度起作用其他不起作用
- ThinkPHP import 类库导入 include PHP文件
ThinkPHP 模拟了 Java 的类库导入机制,统一采用 import 方法进行类文件的加载.import 方法是 ThinkPHP 内建的类库和文件导入方法,提供了方便和灵活的文件导入机制,完全 ...
- boost compressedPair
boost::compressed_pair behaves like std::pair. However, if one or both template parameters are empty ...
- 【Dart学习】--之Iterable相关方法总结
一,概述 按顺序访问的值或元素的集合, List集合也是继承于Iterable List和Set也是Iterable,dart:collection库中同样有很多 部分Iterable集合可以被修改 ...
- VC++ 创建及调用Dll
一._stdcall 被这个关键字修饰的函数,其参数都是从右向左通过堆栈传递的(__fastcall 的前面部分由ecx,edx传), 函数调用在返回前要由被调用者清理堆栈. 这个关键字主要见于Mic ...
- python 简单抓取网页并写入excel实例
# -*- coding: UTF-8 -*- import requests from bs4 import BeautifulSoup import xlwt import time #获取第一页 ...
- SaltStack(自动化运维工具)
SaltStack管理工具允许管理员对多个操作系统创建一个一致的管理系统,包括VMware vSphere环境.SaltStack作用于仆从和主拓扑.SaltStack与特定的命令结合使用可以在一个或 ...
- Key Set
http://acm.hdu.edu.cn/contests/contest_showproblem.php?pid=1011&cid=594 Key Set Time Limit: 2000 ...
- BUUCTF | 摩丝
将得到的交上去居然不对: 然而大写却过了: flag{ILOVEYOU} 因为摩斯电码在设计的时候就没有区分大小写,而且从码表中可以看到,都是大写,所以在网站上解密出来的自己转成大写