docker中bridge、host、container、none四种网络模式简介
目录
一.bridge模式
1.简介
2.演示
(1)运行两个容器,不指定网络模式情况下默认是bridge模式
(2)在主机中自动生成了两个veth设备
(3)查看两个容器的IP地址
(4)可以自定义网桥
二.host模式
1.简介
2.演示
运行一个容器,并且可以在容器内只看到和宿主机共用的IP
三.container模式
1.简介
2.演示
四.none模式
简介
一.bridge模式
1.简介
如图所示,docker完整安装后会自动创建一个docker0网桥,不指定网络模式的情况下,docker程序默认将程序与docker0虚拟网桥连接,通过docker0来与宿主机通信。每运行一个docker都会在主机中产生对应的虚拟veth网卡设备,运行的docker都是和docker0虚拟网桥位于同一网段,docker0的地址作为docker的网关地址
bridge模式下主机和docker,docker与docker之间可以互相通信
2.演示
(1)运行两个容器,不指定网络模式情况下默认是bridge模式
[root@localhost ~]# docker run -d -P --name web1 nginx:1.14-alpine
46dfb334cc76f59cfdb1cafcdea0bbc7b59626607f4f42441a4a579a256fa6fd
[root@localhost ~]# docker run -d -P --name web2 nginx:1.14-alpine
e98078ffd26a37861dc0eb3e66d87a75bbe6d070917fd0970282372245acf8e2
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e98078ffd26a nginx:1.14-alpine "nginx -g 'daemon of…" 10 seconds ago Up 10 seconds 0.0.0.0:32770->80/tcp, :::32770->80/tcp web2
46dfb334cc76 nginx:1.14-alpine "nginx -g 'daemon of…" 18 seconds ago Up 17 seconds 0.0.0.0:32769->80/tcp, :::32769->80/tcp web1
(2)在主机中自动生成了两个veth设备
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:b7:d0:79 brd ff:ff:ff:ff:ff:ffinet 192.168.2.190/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::c0a0:564:e1a7:2b9c/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:e5:5e:06:6a brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:e5ff:fe5e:66a/64 scope link valid_lft forever preferred_lft forever
15: veth57180bd@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 6a:f0:0e:99:2e:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::68f0:eff:fe99:2eb9/64 scope link valid_lft forever preferred_lft forever
17: veth8e2b70d@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 8e:72:5f:e8:b0:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 1inet6 fe80::8c72:5fff:fee8:b0c5/64 scope link valid_lft forever preferred_lft forever
(3)查看两个容器的IP地址
[root@localhost ~]# docker inspect web1 | grep -i ipaddress"SecondaryIPAddresses": null,"IPAddress": "172.17.0.2","IPAddress": "172.17.0.2",
[root@localhost ~]# docker inspect web2 | grep -i ipaddress"SecondaryIPAddresses": null,"IPAddress": "172.17.0.3","IPAddress": "172.17.0.3",
(4)可以自定义网桥
自定义网桥网段发生变化
[root@localhost ~]# docker network create -d bridge mybridge1
9a90056a032815f7a7016ca34e38456a3a494ec470d869bcaf55b54a04a11b3b
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
77e840367105 bridge bridge local
5e0d2b0cb5bd host host local
9a90056a0328 mybridge1 bridge local
b1f06c666e9b none null local
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:b7:d0:79 brd ff:ff:ff:ff:ff:ffinet 192.168.2.190/24 brd 192.168.2.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::c0a0:564:e1a7:2b9c/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:e5:5e:06:6a brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:e5ff:fe5e:66a/64 scope link valid_lft forever preferred_lft forever
15: veth57180bd@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 6a:f0:0e:99:2e:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0inet6 fe80::68f0:eff:fe99:2eb9/64 scope link valid_lft forever preferred_lft forever
17: veth8e2b70d@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 8e:72:5f:e8:b0:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 1inet6 fe80::8c72:5fff:fee8:b0c5/64 scope link valid_lft forever preferred_lft forever
18: br-9a90056a0328: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:73:2f:84:71 brd ff:ff:ff:ff:ff:ffinet 172.18.0.1/16 brd 172.18.255.255 scope global br-9a90056a0328valid_lft forever preferred_lft forever
二.host模式
1.简介
host模式下,容器没有地理的网络命名空间(不会新增网卡设备),和宿主机共用网络命名空间,使用宿主机的IP和端口
2.演示
运行一个容器,并且可以在容器内只看到和宿主机共用的IP
[root@localhost ~]# docker run -it -d -p 80:80 --name web1 --network host nginx:1.14-alpine
WARNING: Published ports are discarded when using host network mode
fde1b4af966fc7f774185cf5895be0876cd3d06c8576815f105b1e1d33512360
[root@localhost ~]# docker exec -it web1
"docker exec" requires at least 2 arguments.
See 'docker exec --help'.Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]Execute a command in a running container
[root@localhost ~]# docker exec -it web1 /bin/sh
/ # ls
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:b7:d0:79 brd ff:ff:ff:ff:ff:ffinet 192.168.2.190/24 brd 192.168.2.255 scope global ens33valid_lft forever preferred_lft foreverinet6 fe80::c0a0:564:e1a7:2b9c/64 scope link valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:e5:5e:06:6a brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft forever
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ls
50x.html index.html
/usr/share/nginx/html # echo hello > index.html
[root@localhost ~]# curl 192.168.2.190
hello
三.container模式
1.简介
指定这个模式下新运行的容器和已经存在的容器共享命名空间、IP、端口等,不和宿主机共享。可以理解为这两个容器之间在网络方面产生绑定关系,可以通过lo环回网卡设备通信。
2.演示
[root@localhost ~]# docker run --name nginx1 -it --network container:web1 nginx:1.14-alpine
#web1为被共享的docker四.none模式
简介
none模式下,docker容器拥有自己的网络命名空间,此时不为任何docker容器进行网络配置,需要自定义网卡和IP等等。此模式下docker不参与网络通信,仅能访问本地环回接口,适用于无需网络的环境中的离线任务。