docker-bridge network
根据下面这图示,可以了解两个container之间是如何通信的
通过ip link 和 ip a可以看到本地有个docker0 link。
[root@localhost ~]# ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN mode DEFAULT qlen
link/loopback ::::: brd :::::
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP mode DEFAULT qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip a
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN qlen
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
valid_lft forever preferred_lft forever
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
inet 10.173.236.35/ brd 10.173.236.255 scope global dynamic ens33
valid_lft 676660sec preferred_lft 676660sec
inet6 fe80:::ec13:6b54:b6ea/ scope link
valid_lft forever preferred_lft forever
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/ brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/ brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80:::e8ff:fe50:c76c/ scope link
valid_lft forever preferred_lft forever
[root@localhost ~]#
通过docker network inspect bridge可以查看bridge网络
[root@localhost ~]# docker network inspect
bridge host none
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4e8172ef8e0169e74285225030d0b5f271494df46c4f7bc3ba38e9ca87a1c6f9",
"Created": "2019-07-17T06:50:29.144315528-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": ""
},
"Labels": {}
}
]
[root@localhost ~]#
上面bridge里"Containers": {}, 原因是目前没有正在运行的container,下面我添加两个container在后台运行:
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker run --name test1 -d busybox /bin/sh -c "while true;do sleep 3600;done" #-d 放后台运行
cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4e8172ef8e0169e74285225030d0b5f271494df46c4f7bc3ba38e9ca87a1c6f9",
"Created": "2019-07-17T06:50:29.144315528-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a": {
"Name": "test1",
"EndpointID": "00bcbb182eaf78e390c842e5edc5af27b2df2db2c3905e76f816828d7a9eadc3",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": ""
},
"Labels": {}
}
]
[root@localhost ~]#
本地 ip link 多了一个19 link
[root@localhost ~]# ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN mode DEFAULT qlen
link/loopback ::::: brd :::::
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP mode DEFAULT qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue state UP mode DEFAULT
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
: vethfdefc77@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue master docker0 state UP mode DEFAULT
link/ether d2:1a:0d:9c:: brd ff:ff:ff:ff:ff:ff link-netnsid
查看container test1 的link “eth0@if19“ 是和本地的“vethfdefc77@if18“ 构成一对的。
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cba625871070 busybox "/bin/sh -c 'while t…" minutes ago Up minutes test1
[root@localhost ~]# docker exec test1 ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue qlen
link/loopback ::::: brd :::::
: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu qdisc noqueue
link/ether ::ac::: brd ff:ff:ff:ff:ff:ff
[root@localhost ~]#
本地新增的link “vethfdefc77“ 是和docker0相连的,可以通过brctl show 查看
[root@localhost ~]# yum install bridge-utils
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.njupt.edu.cn
* extras: mirrors.tuna.tsinghua.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Package bridge-utils-1.5-.el7.x86_64 already installed and latest version
Nothing to do
[root@localhost ~]# brctl
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
hairpin <bridge> <port> {on|off} turn hairpin on/off
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
show [ <bridge> ] show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 .0242e850c76c no vethfdefc77
virbr0 .525400105abe yes virbr0-nic
[root@localhost ~]#
接下来再运行一个container
[root@localhost ~]# docker run --name test2 -d busybox /bin/sh -c "while true;do sleep 3600;done"
f81ab807503c0506d3e6a0375e2179eb0ddc0203162faf60117fc393187c59ac
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f81ab807503c busybox "/bin/sh -c 'while t…" seconds ago Up seconds test2
cba625871070 busybox "/bin/sh -c 'while t…" minutes ago Up minutes test1
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4e8172ef8e0169e74285225030d0b5f271494df46c4f7bc3ba38e9ca87a1c6f9",
"Created": "2019-07-17T06:50:29.144315528-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"cba62587107007983d45a4383598dbec18a37d33e415f2325572e8f98f36a32a": {
"Name": "test1",
"EndpointID": "00bcbb182eaf78e390c842e5edc5af27b2df2db2c3905e76f816828d7a9eadc3",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"f81ab807503c0506d3e6a0375e2179eb0ddc0203162faf60117fc393187c59ac": {
"Name": "test2",
"EndpointID": "d80d942aad5ea4e0322be344756317d61ad850ad45ad1d3e086b6d2e43879ead",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": ""
},
"Labels": {}
}
]
[root@localhost ~]#
查看新增ip link,可以看到新增的link也是连接到docker0上
[root@localhost ~]# ip link
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN mode DEFAULT qlen
link/loopback ::::: brd :::::
: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc pfifo_fast state UP mode DEFAULT qlen
link/ether :0c:::e1:eb brd ff:ff:ff:ff:ff:ff
: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu qdisc noqueue state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: virbr0-nic: <BROADCAST,MULTICAST> mtu qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen
link/ether ::::5a:be brd ff:ff:ff:ff:ff:ff
: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue state UP mode DEFAULT
link/ether ::e8::c7:6c brd ff:ff:ff:ff:ff:ff
: vethfdefc77@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue master docker0 state UP mode DEFAULT
link/ether d2:1a:0d:9c:: brd ff:ff:ff:ff:ff:ff link-netnsid
: veth39873ad@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc noqueue master docker0 state UP mode DEFAULT
link/ether e6:e5:::: brd ff:ff:ff:ff:ff:ff link-netnsid
[root@localhost ~]# docker exec test2 ip a
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue qlen
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
valid_lft forever preferred_lft forever
: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu qdisc noqueue
link/ether ::ac::: brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/ brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# br
brctl break bridge brltty brltty-config brltty-ctb brltty-install brltty-trtxt brltty-ttb
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 .0242e850c76c no veth39873ad
vethfdefc77
virbr0 .525400105abe yes virbr0-nic
[root@localhost ~]#
docker0 和网卡之间做了nat,如果网卡能连外网,则container也能连外网
docker-bridge network的更多相关文章
- 【Network】Calico, Flannel, Weave and Docker Overlay Network 各种网络模型之间的区别
From the previous posts, I have analysed 4 different Docker multi-host network solutions - Calico, F ...
- Docker bridge探索
作者:ellen.sun链接:http://blog.daocloud.io/docker-bridge/著作权归作者所有.商业转载请联系作者获得授权,非商业转载请注明出处. 早期的二层网络中,bri ...
- [头脑风暴] 解读Docker Bridge网络模型
背景 这几天在研究Kubernetes, 遇到一个有意思的nodejs镜像:luksa/kubia # 不带端口映射启动容器docker run -it -d luksa/kubia# 连接到默认的B ...
- (转)Docker - 创建 Docker overlay network (containers 通信)
原文链接: http://www.cnblogs.com/AlanWalkOn/p/6101875.html --- 创建基于Key-Value的Docker overlay network. 这样运 ...
- [Docker] Driver Bridge network for linking containers
In previous postwe have seen how to link two container together by using `--link`: # docker run -d - ...
- Docker container network configuration
http://xmodulo.com/networking-between-docker-containers.html How to set up networking between Docker ...
- docker - 关于network的一些理解
docker 提供给我们多种(4种)网络模式,我们可以根据自己的需求来使用.例如我们在一台主机(host)或者同一个docker engine上面运行continer的时候,我们就可以选择bridge ...
- Docker bridge、host、container other、overlay 网络模式
docker run创建Docker容器时,可以用--net 选项指定容器的网络模式,Docker有以下5种网络模式: bridge模式:使用–net =bridge指定,默认设置: host模式:使 ...
- Docker bridge br0 pipework
Docker Centos7 下建立 Docker 桥接网络 - weifengCorp - 博客园https://www.cnblogs.com/weifeng1463/p/7468497.html ...
- docker 解决network has active endpoints
解决方式 使用 docker network disconnect -f {network} {endpoint-name},其中的 {endpoint-name} 可以使用命令 docker net ...
随机推荐
- 分析abex'crackme#2
文件地址:https://www.wocloud.com.cn/webclient/share/sindex.action?id=i9K_Br6TgE4gbyGIlYkffWKcRy5TUdZ8U6_ ...
- mitdump爬取当当网APP图书目录
因为mitmproxy没办法连接数据库所以,只能先把结果保存为txt文件,再读取到数据库中. 在滑动APP界面时,对代码进行分析 import requests import re import ur ...
- 创建工程时出现 A project with this name already exists 提示
https://segmentfault.com/a/1190000018513060 创建项目时没注意,后来发现放错了位置或其他问题,想要重新创建同名项目,只在文件夹处删除是不行的.会出现以下提示 ...
- 给公司个别安装好的系统环境处理-相当half系统初始化脚本shell
#!/bin/bash# Used for other system-environment update! echo -e '\n\033[35m~~请使用root权限运行此脚本~~\033[0m\ ...
- bzoj 1001 原图最小割转化为对偶图最短路
题目大意: 现在小朋友们最喜欢的"喜羊羊与灰太狼",话说灰太狼抓羊不到,但抓兔子还是比较在行的, 而且现在的兔子还比较笨,它们只有两个窝,现在你做为狼王,面对下面这样一个网格的地形 ...
- Es学习第七课, term、terms、match等基本查询语法
term.terms查询 term query会去倒排索引中寻找确切的term,它并不知道分词器的存在,这种查询适合keyword.numeric.date等明确值的 term:查询某个字段里含有某个 ...
- Java反射初识
反射Class类 Class类是反射的根源,很多很多的类,经过抽象,得出了一个Class类,包括类名,构造方法,属性方法等.得到Class类的对象的三种方式: Object类中的getClass()方 ...
- Android USB驱动源码分析(-)
Android USB驱动中,上层应用协议里最重要的一个文件是android/kernel/drivers/usb/gadget/android.c.这个文件实现USB的上层应用协议. 首先包含了一些 ...
- php基于SQLite实现的分页功能示例
php基于SQLite实现的分页功能. 这里操作数据库文件使用的是前面文章<PHP基于PDO实现的SQLite操作类>中的SQLite数据库操作类. 代码: <?php class ...
- [BZOJ3379] Turning in Homework
中文题目:提交作业 原文题目:Turning in Homework 传送门:http://www.lydsy.com/JudgeOnline/problem.php?id=3379 哎,今天竟然没有 ...