Docker13:Docker网络Docker0
如何理解Dokcer网络:Docker0
可以先清空本地的docker环境,将镜像都删掉,方便理解
# 删除全部镜像(rm删除容器、rmi删除镜像)
docker rmi -f $(docker images -aq)
查看Linux的ip地址
**lo:**表示本机回环地址
**eth0:**表示服务器的内网地址,比如你的阿里云或者腾讯云等
**docker0:**表示docker帮我们开通的网卡,docker0地址
[root@VM-0-3-centos pdx_haokai]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:16:0b:9f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/20 brd 172.17.15.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe16:b9f/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:8e:96:2d:53 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:8eff:fe96:2d53/64 scope link
valid_lft forever preferred_lft forever
[root@VM-0-3-centos pdx_haokai]#
思考:docker如何处理容器间的网络访问?
1.进入容器查看ip地址
以tomcat镜像为例,没有的可以下载一个,启动进入tomcat容器,执行ip addr
[root@VM-0-3-centos pdx_haokai]# docker exec -it tomcat901 /bin/bash
# 查看容器内部的ip地址,可以发现有一个18: eth0@if19 IP地址,这个是docker分配的
[root@cd561b9bde5c haokai]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@cd561b9bde5c haokai]#
2.本机ping容器内部(可以ping通
)
可以ping通
[root@VM-0-3-centos pdx_haokai]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.054 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.057 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.052 ms
64 bytes from 172.18.0.2: icmp_seq=5 ttl=64 time=0.047 ms
64 bytes from 172.18.0.2: icmp_seq=6 ttl=64 time=0.049 ms
64 bytes from 172.18.0.2: icmp_seq=7 ttl=64 time=0.044 ms
64 bytes from 172.18.0.2: icmp_seq=8 ttl=64 time=0.047 ms
^C
--- 172.18.0.2 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 6999ms
rtt min/avg/max/mdev = 0.044/0.050/0.057/0.009 ms
[root@VM-0-3-centos pdx_haokai]#
3.容器内部ping本机(可以ping通
)
可以ping通
[root@cd561b9bde5c haokai]# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.051 ms
^C
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.038/0.044/0.051/0.009 ms
[root@cd561b9bde5c haokai]#
4.启动tomcat02,让容器进行互ping
也是可以ping通的
**结论:**容器之间可以可以互相ping通。
5.为什么可以ping通?
此时再查看本机的ip地址,发现多了一个19: veth14bb143@if18 IP地址,这个就是代表和容器的eth0@if19 IP地址进行桥接。
[root@VM-0-3-centos pdx_haokai]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:16:0b:9f brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/20 brd 172.17.15.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe16:b9f/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:8e:96:2d:53 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:8eff:fe96:2d53/64 scope link
valid_lft forever preferred_lft forever
19: veth14bb143@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 66:69:a5:f9:40:eb brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::6469:a5ff:fef9:40eb/64 scope link
valid_lft forever preferred_lft forever
[root@VM-0-3-centos pdx_haokai]#
原理:
我们只要安装了docker,就会有一个默认的网卡docker0,每启动一个docker容器,docker就会给docker容器分配一个网卡,同时本机也会生成一个网卡,网卡是成对出现的,它这个是桥接模式,使用的技术是evth-pair技术(一端连着协议,一端彼此相连,二者可以通信,evth-pair充当一个桥梁,连接各种虚拟网络设备)。
Dokcer网络:Docker0总结
- 安装了docker,就会有一个默认的网卡docker0
- 每启动一个docker容器,docker就会给docker容器分配一个网卡,同时本机也会生成一个网卡,网卡是成对出现的,它这个是桥接模式,使用的技术是evth-pair技术(一端连着协议,一端彼此相连,二者可以通信,evth-pair充当一个桥梁,连接各种虚拟网络设备)
- 所有容器不指定网络,默认情况都是docker0来进行路由的,docker会给容器分配一个默认的IP
- docker中所有网络接口都是虚拟的,为什么用虚拟的?因为虚拟的转发效率高
- 删除容器,对应的网桥一对都会清除
- docker重启,会重新分配IP信息,有什么弊端?比如搭了一个MySQL,重启后IP变了就连不上,因此正常使用都是通过容器名字来进行互联的(–link)