Docker--容器互连

同主机之间的容器互连

1.创建一个bridge模式的网络

[root@server1 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
248e3fb44e70        bridge              bridge              local
e18dae168662        host                host                local
22e802716a9e        none                null                local

[root@server1 ~]# docker network create --driver bridge my_net1
51873884e8852746f1dce14560b41309f78c8f1d83dcc0dd9aa78602d58c252d

[root@server1 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
248e3fb44e70        bridge              bridge              local
e18dae168662        host                host                local
51873884e885        my_net1             bridge              local
22e802716a9e        none                null                local

[root@server1 ~]# ip addr
13: br-51873884e885:  mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:40:71:93:7f brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-51873884e885
       valid_lft forever preferred_lft forever

[root@server1 ~]# docker network inspect my_net1
{
                    "Subnet": "172.19.0.0/16",					##默认单调递增，19，20...
                    "Gateway": "172.19.0.1"
                }

2.再创建一个bridge的网络，自定义ip和网关

[root@server1 ~]# docker network create --driver bridge --subnet 172.21.0.0/24 --gateway 172.21.0.1 my_net2
ba9d47e77d8148ea557a0f2465d49e63fdc2322e36c009e09681c14d73a8207e

[root@server1 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
248e3fb44e70        bridge              bridge              local
e18dae168662        host                host                local
51873884e885        my_net1             bridge              local
ba9d47e77d81        my_net2             bridge              local
22e802716a9e        none                null                local

[root@server1 ~]# ip addr
13: br-51873884e885:  mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:40:71:93:7f brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-51873884e885
       valid_lft forever preferred_lft forever
14: br-ba9d47e77d81:  mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:8f:92:27:95 brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.1/24 brd 172.21.0.255 scope global br-ba9d47e77d81
       valid_lft forever preferred_lft forever

[root@server1 ~]# docker network inspect my_net2
{
                    "Subnet": "172.21.0.0/24",
                    "Gateway": "172.21.0.1"
                }

3.创建两个容器，都使用my_net1网络，可以互通

[root@server1 ~]# docker run -it --name vm1 --net my_net1 ubuntu
root@476ad6845211:/# ip addr
15: eth0@if16:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:13:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.2/16 brd 172.19.255.255 scope global eth0

[root@server1 ~]# docker run -it --name vm2 --net my_net1 ubuntu
root@ff2c189df400:/# ip addr
17: eth0@if18:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.3/16 brd 172.19.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@ff2c189df400:/# ping vm1
PING vm1 (172.19.0.2) 56(84) bytes of data.
64 bytes from vm1.my_net1 (172.19.0.2): icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from vm1.my_net1 (172.19.0.2): icmp_seq=2 ttl=64 time=0.040 ms
^C
--- vm1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.040/0.040/0.041/0.006 ms

4.创建一个容器，使用my_net2网络，并使这个容器和vm1 vm2不在同一个网络段中

[root@server1 ~]# docker run -it --name vm3 --network=my_net2 --ip=172.21.0.10 ubuntu
root@9948f905d962:/# ip addr
19: eth0@if20:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:15:00:0a brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.10/24 brd 172.21.0.255 scope global eth0
       valid_lft forever preferred_lft forever
root@9948f905d962:/# ping vm1
root@9948f905d962:/# ping 172.19.0.2				##都ping不通

5.建立容器之间的连接

[root@server1 ~]# docker network connect my_net1 vm3
root@9948f905d962:/# ip addr
19: eth0@if20:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:15:00:0a brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.10/24 brd 172.21.0.255 scope global eth0
       valid_lft forever preferred_lft forever
21: eth1@if22:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:13:00:04 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.4/16 brd 172.19.255.255 scope global eth1
       valid_lft forever preferred_lft forever
root@9948f905d962:/# ping vm1
PING vm1 (172.19.0.2) 56(84) bytes of data.
64 bytes from vm1.my_net1 (172.19.0.2): icmp_seq=1 ttl=64 time=0.058 ms
64 bytes from vm1.my_net1 (172.19.0.2): icmp_seq=2 ttl=64 time=0.053 ms
^C
--- vm1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.053/0.055/0.058/0.007 ms
root@9948f905d962:/# ping 172.19.0.2
PING 172.19.0.2 (172.19.0.2) 56(84) bytes of data.
64 bytes from 172.19.0.2: icmp_seq=1 ttl=64 time=0.068 ms
64 bytes from 172.19.0.2: icmp_seq=2 ttl=64 time=0.043 ms
^C
--- 172.19.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.043/0.055/0.068/0.014 ms

跨主机容器之间的互连

macvlan实现不同虚拟机之间的容器可以互通
macvlan是Linux kernel提供的一种网卡虚拟化技术
无需Linux bridge,直接使用物理接口，性能极好

1.在server1 server2上各添加一块新的网卡并启用

vim ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none

启用eth1

[root@server1 network-scripts]# ifup eth1
[root@server1 network-scripts]# ip addr show eth1
3: eth1:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:7a:d8:11 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:fe7a:d811/64 scope link 
       valid_lft forever preferred_lft forever

2.server1,server2都开启eth1的混杂模式

[root@server1 network-scripts]# ip link set eth1 promisc on
[root@server1 network-scripts]# ip addr show eth1

3.server1创建容器

[root@server1 network-scripts]# docker network create -d macvlan --subnet=172.22.0.0/24 --gateway=172.22.0.1 -o parent=eth1 macvlan1

[root@server1 network-scripts]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
95f741cc736f        bridge              bridge              local
e18dae168662        host                host                local
3451106126d8        macvlan1            macvlan             local
51873884e885        my_net1             bridge              local
ba9d47e77d81        my_net2             bridge              local
22e802716a9e        none                null                local

[root@server1 network-scripts]# docker run -it --name dzh1 --network=macvlan1 --ip=172.22.0.10 ubuntu
root@3a449ee26757:/# ip addr
7: eth0@if3:  mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 02:42:ac:16:00:0a brd ff:ff:ff:ff:ff:ff
    inet 172.22.0.10/24 brd 172.22.0.255 scope global eth0
       valid_lft forever preferred_lft forever

[root@server1 network-scripts]# docker run -it --name dzh2 --network=macvlan1 --ip=172.22.0.11 ubuntu
root@a0e50a288ecb:/# ping dzh1
PING dzh1 (172.22.0.10) 56(84) bytes of data.
64 bytes from dzh1.macvlan1 (172.22.0.10): icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from dzh1.macvlan1 (172.22.0.10): icmp_seq=2 ttl=64 time=0.032 ms
^C
--- dzh1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.032/0.038/0.044/0.006 ms

4.server2创建容器，能和在server1上的容器ping通

[root@server2 ~]# docker network create -d macvlan --subnet=172.22.0.0/24 --gateway=172.22.0.1 -o parent=eth1 macvlan1

[root@server2 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
542adb020131        bridge              bridge              local
f00b1e567742        host                host                local
4fd716c09fea        macvlan1            macvlan             local
5c219c4041e1        none                null                local

[root@server2 ~]# docker run -it --name dzh3 --network=macvlan1 --ip=172.22.0.12 ubuntu
root@ee5fe1dea407:/# ping 172.22.0.10
PING 172.22.0.10 (172.22.0.10) 56(84) bytes of data.
64 bytes from 172.22.0.10: icmp_seq=1 ttl=64 time=0.541 ms
64 bytes from 172.22.0.10: icmp_seq=2 ttl=64 time=0.384 ms
^C
--- 172.22.0.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.384/0.462/0.541/0.081 ms
root@ee5fe1dea407:/# ping 172.22.0.11
PING 172.22.0.11 (172.22.0.11) 56(84) bytes of data.
64 bytes from 172.22.0.11: icmp_seq=1 ttl=64 time=0.571 ms
64 bytes from 172.22.0.11: icmp_seq=2 ttl=64 time=0.361 ms
^C
--- 172.22.0.11 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.361/0.466/0.571/0.105 ms

5.实现不同网段的容器互连

[root@server2 ~]# docker network create -d macvlan --subnet=172.23.0.0/24 --gateway=172.23.0.1 -o parent=eth1.1 macvlan2

[root@server2 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
542adb020131        bridge              bridge              local
f00b1e567742        host                host                local
4fd716c09fea        macvlan1            macvlan             local
045725fbdf63        macvlan2            macvlan             local
5c219c4041e1        none                null                local

[root@server2 ~]# docker run -it --name dzh4 --network=macvlan2 --ip=172.23.0.11 ubuntu
root@42bb4ac04d92:/# ip addr
7: eth0@if6:  mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 02:42:ac:17:00:0b brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.11/24 brd 172.23.0.255 scope global eth0
       valid_lft forever preferred_lft forever
root@42bb4ac04d92:/# ping 172.22.0.12
PING 172.22.0.12 (172.22.0.12) 56(84) bytes of data.
From 172.23.0.11 icmp_seq=1 Destination Host Unreachable

[root@server2 ~]# docker network connect macvlan1 dzh4
[root@server2 ~]# docker attach dzh4
root@42bb4ac04d92:/# ping 172.22.0.12
PING 172.22.0.12 (172.22.0.12) 56(84) bytes of data.
64 bytes from 172.22.0.12: icmp_seq=1 ttl=64 time=0.078 ms
64 bytes from 172.22.0.12: icmp_seq=2 ttl=64 time=0.031 ms
^C
--- 172.22.0.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.031/0.054/0.078/0.024 ms