docker学习(四)—— 容器虚拟化网络基础
6种名称空间:
- UTS
- User
- Mount
- IPC
- Pid
- Net
Linux内核原生支持二层虚拟网桥设备。用软件来构建一个交换机
OVS:OpenVSwitch 开源的虚拟交换机
SDN:软件定义网络 software define network
每一个虚拟机网卡是成对出现的,可模拟网线的两头。
linux的核心转发
跨物理机做虚拟机,两者都桥接
物理桥桥接:把物理网卡当交换机使用
Overlay Network
有点像gre(自我感觉),
查看docker网络:
[root@docker2 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
1f1d3b3c2f74 bridge bridge local
76bea4912e96 host host local
a33261fb3dc7 none null local[root@docker2 ~]# ifconfig docker0
docker0: flags=4163 mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:2bff:feb1:12fc prefixlen 64 scopeid 0x20
ether 02:42:2b:b1:12:fc txqueuelen 0 (Ethernet)
RX packets 32 bytes 4545 (4.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46 bytes 3446 (3.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 brctl命令
需要安装bridge-utils
[root@docker2 ~]# yum install bridge-utils.x86_64 -y查看所有的虚拟网桥接口:
[root@docker2 ~]# brctl --help
Usage: brctl [commands]
commands:
addbr add bridge
delbr delete bridge
addif add interface to bridge
delif delete interface from bridge
hairpin {on|off} turn hairpin on/off
setageing 查看所有设备信息:
[root@docker2 ~]# ip link show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:ab:c9:4b brd ff:ff:ff:ff:ff:ff
3: ens36: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:ab:c9:55 brd ff:ff:ff:ff:ff:ff
4: docker0: mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:2b:b1:12:fc brd ff:ff:ff:ff:ff:ff
10: vethacd15f5@if9: mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 86:ca:bd:d9:42:4e brd ff:ff:ff:ff:ff:ff link-netnsid 0
12: veth65e1b9d@if11: mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether c2:78:88:29:69:49 brd ff:ff:ff:ff:ff:ff link-netnsid 1
14: veth3ee9411@if13: mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether f6:93:f0:32:65:72 brd ff:ff:ff:ff:ff:ff link-netnsid 2
18: vethd82610f@if17: mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 0e:43:5a:d1:b0:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 3 查看iptables规则:
[root@docker2 ~]#
[root@docker2 ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 795 packets, 81934 bytes)
pkts bytes target prot opt in out source destination
905 95013 PREROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
905 95013 PREROUTING_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
905 95013 PREROUTING_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
15 1102 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 9 packets, 660 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 798 packets, 64159 bytes)
pkts bytes target prot opt in out source destination
1009 80632 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 798 packets, 64159 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
............docker的四种网络模型
- Close container(与外界隔离,就一个lo接口)
- Bridged container (桥接在docker0桥上)桥接式网络
- joined container 联盟式网络(两个容器一部分名称空间隔离,但UTS,Net,IPC是公用的,使用同一个网卡,同一个lo)
- Open container (直接共享物理机的网络名称空间)开放式网络
默认是桥接式网络
在创建容器时可以指定网络类型
[root@docker2 ~]# docker container run --help
--network string Connect a container to a network (default "default")
--network-alias list Add network-scoped alias for the container查看docker网络:
[root@docker2 ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
[root@docker2 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
1f1d3b3c2f74 bridge bridge local
76bea4912e96 host host local
a33261fb3dc7 none null local查看bridge网络详细信息:
[root@docker2 ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "1f1d3b3c2f747d52d2738da75538d319673a1ccd78a823ea110060697bb16ba8",
"Created": "2018-12-30T13:32:28.316588489+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"8ab7e978debcf1406596981e79e88087c3d0430e782cb21f31cff26103d8541a": {
"Name": "b2",
"EndpointID": "d2e4ef96c4dc97a2cc8968ceae33a5e8b8e2be4c04324fd38ed69d612954afde",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"aa7f935730ed5404a1ac81709ccf02d99bdbab8314a27e48884012ce23627ae3": {
"Name": "web1",
"EndpointID": "489e0b674f3f898e4b07319ebef26d66a07c8befa3ed46486c5b21900dbe5290",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"b2a481f1fde0e1ec517ed01684fdd2b1fa7d51d8738aee46342b0ea2ced8c54e": {
"Name": "kvstor1",
"EndpointID": "a34350d92b6c3b18dc342308988b15c9baaf2397370f9639d0233c8b7732bf31",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"b4c9c77e60c0b06b9cb55805d768adb8151b1361e87ed89af3368a30d0d3c950": {
"Name": "t2",
"EndpointID": "60d0dadee75e8badf25802694a99d665b700ffaf7c2c427af28c7305c5695f3c",
"MacAddress": "02:42:ac:11:00:05",
"IPv4Address": "172.17.0.5/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]