docker中bridge、host、container、none四种网络模式简介

目录

一.bridge模式

1.简介

2.演示

（1）运行两个容器，不指定网络模式情况下默认是bridge模式

（2）在主机中自动生成了两个veth设备

（3）查看两个容器的IP地址

（4）可以自定义网桥

二.host模式

1.简介

2.演示

运行一个容器，并且可以在容器内只看到和宿主机共用的IP

三.container模式

1.简介

2.演示

四.none模式

简介

---

一.bridge模式

1.简介

如图所示，docker完整安装后会自动创建一个docker0网桥，不指定网络模式的情况下，docker程序默认将程序与docker0虚拟网桥连接，通过docker0来与宿主机通信。每运行一个docker都会在主机中产生对应的虚拟veth网卡设备，运行的docker都是和docker0虚拟网桥位于同一网段，docker0的地址作为docker的网关地址

bridge模式下主机和docker，docker与docker之间可以互相通信

2.演示

（1）运行两个容器，不指定网络模式情况下默认是bridge模式

[root@localhost ~]# docker run -d -P --name web1 nginx:1.14-alpine 
46dfb334cc76f59cfdb1cafcdea0bbc7b59626607f4f42441a4a579a256fa6fd
[root@localhost ~]# docker run -d -P --name web2 nginx:1.14-alpine 
e98078ffd26a37861dc0eb3e66d87a75bbe6d070917fd0970282372245acf8e2
[root@localhost ~]# docker ps 
CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS                                     NAMES
e98078ffd26a   nginx:1.14-alpine   "nginx -g 'daemon of…"   10 seconds ago   Up 10 seconds   0.0.0.0:32770->80/tcp, :::32770->80/tcp   web2
46dfb334cc76   nginx:1.14-alpine   "nginx -g 'daemon of…"   18 seconds ago   Up 17 seconds   0.0.0.0:32769->80/tcp, :::32769->80/tcp   web1

（2）在主机中自动生成了两个veth设备

[root@localhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:b7:d0:79 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.190/24 brd 192.168.2.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a0:564:e1a7:2b9c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:e5:5e:06:6a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:e5ff:fe5e:66a/64 scope link 
       valid_lft forever preferred_lft forever
15: veth57180bd@if14:  mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 6a:f0:0e:99:2e:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::68f0:eff:fe99:2eb9/64 scope link 
       valid_lft forever preferred_lft forever
17: veth8e2b70d@if16:  mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 8e:72:5f:e8:b0:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::8c72:5fff:fee8:b0c5/64 scope link 
       valid_lft forever preferred_lft forever

（3）查看两个容器的IP地址

[root@localhost ~]# docker inspect web1 | grep -i ipaddress
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",
[root@localhost ~]# docker inspect web2 | grep -i ipaddress
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.3",
                    "IPAddress": "172.17.0.3",

（4）可以自定义网桥

自定义网桥网段发生变化

[root@localhost ~]# docker network create -d bridge mybridge1
9a90056a032815f7a7016ca34e38456a3a494ec470d869bcaf55b54a04a11b3b
[root@localhost ~]# docker network ls
NETWORK ID     NAME        DRIVER    SCOPE
77e840367105   bridge      bridge    local
5e0d2b0cb5bd   host        host      local
9a90056a0328   mybridge1   bridge    local
b1f06c666e9b   none        null      local
[root@localhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:b7:d0:79 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.190/24 brd 192.168.2.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a0:564:e1a7:2b9c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:e5:5e:06:6a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:e5ff:fe5e:66a/64 scope link 
       valid_lft forever preferred_lft forever
15: veth57180bd@if14:  mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 6a:f0:0e:99:2e:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::68f0:eff:fe99:2eb9/64 scope link 
       valid_lft forever preferred_lft forever
17: veth8e2b70d@if16:  mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 8e:72:5f:e8:b0:c5 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::8c72:5fff:fee8:b0c5/64 scope link 
       valid_lft forever preferred_lft forever
18: br-9a90056a0328:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:73:2f:84:71 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-9a90056a0328
       valid_lft forever preferred_lft forever

二.host模式

1.简介

host模式下，容器没有地理的网络命名空间（不会新增网卡设备），和宿主机共用网络命名空间，使用宿主机的IP和端口

2.演示

运行一个容器，并且可以在容器内只看到和宿主机共用的IP

[root@localhost ~]# docker run -it -d -p 80:80 --name web1 --network host nginx:1.14-alpine 
WARNING: Published ports are discarded when using host network mode
fde1b4af966fc7f774185cf5895be0876cd3d06c8576815f105b1e1d33512360
[root@localhost ~]# docker exec -it web1 
"docker exec" requires at least 2 arguments.
See 'docker exec --help'.

Usage:  docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

Execute a command in a running container
[root@localhost ~]# docker exec -it web1 /bin/sh
/ # ls
bin    dev    etc    home   lib    media  mnt    opt    proc   root   run    sbin   srv    sys    tmp    usr    var
/ # ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:b7:d0:79 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.190/24 brd 192.168.2.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a0:564:e1a7:2b9c/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0:  mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:e5:5e:06:6a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # ls
50x.html    index.html
/usr/share/nginx/html # echo hello > index.html 
[root@localhost ~]# curl 192.168.2.190
hello

三.container模式

1.简介

指定这个模式下新运行的容器和已经存在的容器共享命名空间、IP、端口等，不和宿主机共享。可以理解为这两个容器之间在网络方面产生绑定关系，可以通过lo环回网卡设备通信。

2.演示

[root@localhost ~]# docker run --name nginx1 -it --network container:web1 nginx:1.14-alpine
#web1为被共享的docker

四.none模式

简介

none模式下，docker容器拥有自己的网络命名空间，此时不为任何docker容器进行网络配置，需要自定义网卡和IP等等。此模式下docker不参与网络通信，仅能访问本地环回接口，适用于无需网络的环境中的离线任务。