docker默认会通过veth技术进行container 与网桥docker0的网络互联,如何找出它们之间的对应关系?
一.正向找,由veth所属的网络空间ID去找container
[root@k8s-node2 libnetwork]# docker run -dit --name busybox busybox
[root@k8s-node2 libnetwork]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53e742c66528 busybox "sh" 27 minutes ago Up 27 minutes busybox
# 找到veth对应的网络空间ID
[root@k8s-node2 libnetwork]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ab:48:94 brd ff:ff:ff:ff:ff:ff
inet 192.168.255.144/24 brd 192.168.255.255 scope global noprefixroute dynamic ens33
valid_lft 1457sec preferred_lft 1457sec
inet6 fe80::b734:4122:39a9:d0b4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:a0:75:e7:a5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:a0ff:fe75:e7a5/64 scope link
valid_lft forever preferred_lft forever
7: veth5ec7dd7@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link-netnsid 0
inet6 fe80::942d:ffff:fe1d:6ee4/64 scope link
valid_lft forever preferred_lft forever
# 挂载容器的网络空间
[root@k8s-node2 libnetwork]# ln -s /var/run/docker/netns /var/run/netns
# 找出网络空间ID为0的名字
[root@k8s-node2 libnetwork]# ip netns list
7afb3a5422a8 (id: 0)
# 找出这个网络空间对应的container ip
[root@k8s-node2 libnetwork]# ip netns exec 7afb3a5422a8 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 根据container ip知道是哪个container
[root@k8s-node2 53e742c665288c52ea6007b102be5d11e1e63cfaf707bffa9d4e84295905edfa]# docker inspect -f '{{.ID}} - {{.Name}} - {{.NetworkSettings.IPAddress }}' $(docker ps -aq)
dbf2656b313b931604022b6f156846724c2fd2455bbffd707eaf5a4af0a68512 - /nginx - 172.17.0.3
53e742c665288c52ea6007b102be5d11e1e63cfaf707bffa9d4e84295905edfa - /busybox - 172.17.0.2
b871f53940830d0a535f1bc43d81c90035b14f9314b5947dff1ffd4119dcb667 - /k8s_nginx_web-2_default_3f7e5c47-1966-4336-b730-2c8b74ca78aa_0 -
b6e2031f01c39fb843091c7c109511f59445addb357441f2150376bfddbbcbc0 - /k8s_POD_web-2_default_3f7e5c47-1966-4336-b730-2c8b74ca78aa_0 -
a34e2948c7bdfa4143f911db998117719d0900bd3bc763ac5dfa1202822c3814 - /k8s_nginx_web-0_default_346879a5-4273-4263-947d-b0901c5bf836_0 -
798334e59c978bd99c19149d864c99f8ef115dc94c37ee8681c9e151c8557247 - /k8s_POD_web-0_default_346879a5-4273-4263-947d-b0901c5bf836_0 -
29cf4ce87d0285d9d8f0ea5c01ed001a6b14af8f67b0c79fb1295f3e609b92ac - /k8s_kube-flannel_kube-flannel-ds-amd64-v4zrw_kube-system_aa7460a2-a7b2-4f45-81f4-8567869529dc_0 -
fa39c858c7fe1f855b4f5984d04fa4358e3fff7d6e828c16877de5ea3915a1df - /k8s_kube-proxy_kube-proxy-7pxrn_kube-system_3122277f-9d1b-400f-889c-1fc4ea042d0d_0 -
3a5458c9b0a147bd62a255378f2ea8c5c6c5f019e9626ad5944450a644ed3b3a - /k8s_install-cni_kube-flannel-ds-amd64-v4zrw_kube-system_aa7460a2-a7b2-4f45-81f4-8567869529dc_0 -
672bb279fc4a0eb996b50877f6df4e8dfdc861655933f16859fd7d6e52e69fe6 - /k8s_POD_kube-proxy-7pxrn_kube-system_3122277f-9d1b-400f-889c-1fc4ea042d0d_0 -
c4d67a3f2a0d70461505183c39ca694022ea5e7c3db27e9c45e159a6687987c3 - /k8s_POD_kube-flannel-ds-amd64-v4zrw_kube-system_aa7460a2-a7b2-4f45-81f4-8567869529dc_0 -
二.反向找,由container去找veth
# 查到对应容器ID
[root@k8s-node2 libnetwork]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dbf2656b313b nginx "/docker-entrypoint.…" 13 minutes ago Up 13 minutes 80/tcp nginx
53e742c66528 busybox "sh" About an hour ago Up 59 minutes busybox
# 找到容器对应的网卡序号为6
[root@k8s-node2 libnetwork]# docker exec -it 53e742c66528 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 根据veth名称查询container网卡序号
[root@k8s-node2 libnetwork]# ethtool -S veth5ec7dd7
NIC statistics:
6
最终完成veth与container的对应关系
