yujin2010good
作者yujin2010good2019-01-04 14:14
系统工程师, 大型零售巨头

docker学习--网络详细

字数 26613阅读 2219评论 2赞 7

6种名称空间:UTS、User、Mount、IPC、Pid、Net

命名空间用于资源隔离

ovs:OpenVSwitch
SDN

Docker支持4种网络模式

 bridge
默认网络,Docker启动后创建一个docker0网桥,默认创建的容器也是添加到这个网桥中;IP地址段是172.17.0.1/16 独立名称空间 docker0桥
 host
容器不会获得一个独立的network namespace,而是与宿主机共用一个。 共享物理机的名称空间
 none
获取独立的network namespace,但不为容器进行任何网络配置。
 container
与指定的容器使用同一个network namespace,网卡配置也都是相同的。
 自定义
自定义网桥,默认与bridge网络一样

==============================

overlay Network 叠加网络

docker默认提供3中网络

[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
70927cee27d5        bridge              bridge              local  docker0桥
2ddc6237dbff        host                host                local
50b8c452a332        none                null                local
[root@localhost ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
   

2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

link/ether 00:50:56:98:27:67 brd ff:ff:ff:ff:ff:ff
inet 10.249.100.205/24 brd 10.249.100.255 scope global eno16780032
   valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe98:2767/64 scope link 
   valid_lft forever preferred_lft forever
   

3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

link/ether 02:42:58:9f:a8:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
   valid_lft forever preferred_lft forever
inet6 fe80::42:58ff:fe9f:a8c6/64 scope link 
   valid_lft forever preferred_lft forever
   

7: veth4c58b20@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP 这个是下面那个容器的网络

link/ether 9a:24:05:ac:c6:b3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::9824:5ff:feac:c6b3/64 scope link 
   valid_lft forever preferred_lft forever

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ddfabb456ab2 wolf/httpd:v0.2 "/bin/httpd -f -h /d…" 12 hours ago Up 12 hours t2

===========================================================

创建网络

1、默认模式

[root@localhost ~]# docker run --name a1 -it --rm busybox:latest
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03  
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:578 (578.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 
[root@localhost ~]# docker run --name a1 -it --network bridge --rm busybox:latest
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03  
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:508 (508.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B

=========================================================

2、none模式(封闭式容器)

[root@localhost ~]# docker run --name a1 -it --network none --rm busybox:latest
/ # ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 
/ # hostname     主机名就是容器id
835049f12c9b

设置主机名

[root@localhost ~]# docker run --name a1 -it --network bridge -h a1.wolf.com --rm busybox:latest
/ # hostname
a1.wolf.com
/ # cat /etc/hosts
127.0.0.1    localhost
::1    localhost ip6-localhost ip6-loopback
fe00::0    ip6-localnet
ff00::0    ip6-mcastprefix
ff02::1    ip6-allnodes
ff02::2    ip6-allrouters
172.17.0.3    a1.wolf.com a1
/ # cat etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.0.2.10

设置dns

[root@localhost ~]# docker run --name a1 -it --network bridge -h a1.wolf.com --dns 8.8.8.8 --rm busybox:latest
/ # cat /etc/resolv.conf 
nameserver 8.8.8.8

[root@localhost ~]# docker run --name a1 -it --network bridge -h a1.wolf.com --dns 8.8.8.8 --dns-search ilinux.io --rm busybox:latest
/ # cat /etc/resolv.conf 
search ilinux.io
nameserver 8.8.8.8

注入hosts信息

[root@localhost ~]# docker run --name a1 -it --network bridge -h a1.wolf.com --dns 8.8.8.8 --dns-search ilinux.io --add-host www.baidu.com:2.2.2.2 --rm busybox:latest
/ # cat /etc/hosts
127.0.0.1    localhost
::1    localhost ip6-localhost ip6-loopback
fe00::0    ip6-localnet
ff00::0    ip6-mcastprefix
ff02::1    ip6-allnodes
ff02::2    ip6-allrouters
2.2.2.2    www.baidu.com
172.17.0.3    a1.wolf.com a1

不多说命令自己看

[root@localhost ~]# docker run --help

Usage:    docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Run a command in a new container

Options:
      --add-host list                  Add a custom host-to-IP mapping (host:ip)
  -a, --attach list                    Attach to STDIN, STDOUT or STDERR
      --blkio-weight uint16            Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
      --blkio-weight-device list       Block IO weight (relative device weight) (default [])
      --cap-add list                   Add Linux capabilities
      --cap-drop list                  Drop Linux capabilities
      --cgroup-parent string           Optional parent cgroup for the container
      --cidfile string                 Write the container ID to the file
      --cpu-period int                 Limit CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int                  Limit CPU CFS (Completely Fair Scheduler) quota
      --cpu-rt-period int              Limit CPU real-time period in microseconds
      --cpu-rt-runtime int             Limit CPU real-time runtime in microseconds
  -c, --cpu-shares int                 CPU shares (relative weight)
      --cpus decimal                   Number of CPUs
      --cpuset-cpus string             CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string             MEMs in which to allow execution (0-3, 0,1)
  -d, --detach                         Run container in background and print container ID
      --detach-keys string             Override the key sequence for detaching a container
      --device list                    Add a host device to the container
      --device-cgroup-rule list        Add a rule to the cgroup allowed devices list
      --device-read-bps list           Limit read rate (bytes per second) from a device (default [])
      --device-read-iops list          Limit read rate (IO per second) from a device (default [])
      --device-write-bps list          Limit write rate (bytes per second) to a device (default [])
      --device-write-iops list         Limit write rate (IO per second) to a device (default [])
      --disable-content-trust          Skip image verification (default true)
      --dns list                       Set custom DNS servers
      --dns-option list                Set DNS options
      --dns-search list                Set custom DNS search domains
      --entrypoint string              Overwrite the default ENTRYPOINT of the image
  -e, --env list                       Set environment variables
      --env-file list                  Read in a file of environment variables
      --expose list                    Expose a port or a range of ports
      --group-add list                 Add additional groups to join
      --health-cmd string              Command to run to check health
      --health-interval duration       Time between running the check (ms|s|m|h) (default 0s)
      --health-retries int             Consecutive failures needed to report unhealthy
      --health-start-period duration   Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)
      --health-timeout duration        Maximum time to allow one check to run (ms|s|m|h) (default 0s)
      --help                           Print usage
  -h, --hostname string                Container host name
      --init                           Run an init inside the container that forwards signals and reaps processes
  -i, --interactive                    Keep STDIN open even if not attached
      --ip string                      IPv4 address (e.g., 172.30.100.104)
      --ip6 string                     IPv6 address (e.g., 2001:db8::33)
      --ipc string                     IPC mode to use
      --isolation string               Container isolation technology
      --kernel-memory bytes            Kernel memory limit
  -l, --label list                     Set meta data on a container
      --label-file list                Read in a line delimited file of labels
      --link list                      Add link to another container
      --link-local-ip list             Container IPv4/IPv6 link-local addresses
      --log-driver string              Logging driver for the container
      --log-opt list                   Log driver options
      --mac-address string             Container MAC address (e.g., 92:d0:c6:0a:29:33)
  -m, --memory bytes                   Memory limit
      --memory-reservation bytes       Memory soft limit
      --memory-swap bytes              Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --memory-swappiness int          Tune container memory swappiness (0 to 100) (default -1)
      --mount mount                    Attach a filesystem mount to the container
      --name string                    Assign a name to the container
      --network string                 Connect a container to a network (default "default")
      --network-alias list             Add network-scoped alias for the container
      --no-healthcheck                 Disable any container-specified HEALTHCHECK
      --oom-kill-disable               Disable OOM Killer
      --oom-score-adj int              Tune host's OOM preferences (-1000 to 1000)
      --pid string                     PID namespace to use
      --pids-limit int                 Tune container pids limit (set -1 for unlimited)
      --privileged                     Give extended privileges to this container
  -p, --publish list                   Publish a container's port(s) to the host
  -P, --publish-all                    Publish all exposed ports to random ports
      --read-only                      Mount the container's root filesystem as read only
      --restart string                 Restart policy to apply when a container exits (default "no")
      --rm                             Automatically remove the container when it exits
      --runtime string                 Runtime to use for this container
      --security-opt list              Security Options
      --shm-size bytes                 Size of /dev/shm
      --sig-proxy                      Proxy received signals to the process (default true)
      --stop-signal string             Signal to stop a container (default "SIGTERM")
      --stop-timeout int               Timeout (in seconds) to stop a container
      --storage-opt list               Storage driver options for the container
      --sysctl map                     Sysctl options (default map[])
      --tmpfs list                     Mount a tmpfs directory
  -t, --tty                            Allocate a pseudo-TTY
      --ulimit ulimit                  Ulimit options (default [])
  -u, --user string                    Username or UID (format: <name|uid>[:<group|gid>])
      --userns string                  User namespace to use
      --uts string                     UTS namespace to use
  -v, --volume list                    Bind mount a volume
      --volume-driver string           Optional volume driver for the container
      --volumes-from list              Mount volumes from the specified container(s)
  -w, --workdir string                 Working directory inside the container

opening inbound communication
-p选项使用
暴露一个80端口

[root@localhost ~]# docker run --name myweb --rm -p 80 wolf/httpd:v0.2

[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
c08ea468a409        wolf/httpd:v0.2     "/bin/httpd -f -h /d…"   11 seconds ago      Up 9 seconds        0.0.0.0:32768->80/tcp   myweb
ddfabb456ab2        wolf/httpd:v0.2     "/bin/httpd -f -h /d…"   19 hours ago        Up 19 hours                                 t2
使用docker inspect查看ip
[root@localhost ~]# docker inspect c08ea468a409
。。。。。。。。。
       "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "70927cee27d5e7ec40b7f14d28fca615a5d6786533e3dd94d380021b414eec72",
                    "EndpointID": "0feb5aca367087c69e3ef895e690739c8f7ccc2c46b065a76102bb2a03d7f97f",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
。。。。。。。。。。。。
[root@localhost ~]# ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1 ttl=64 time=0.097 ms
^C
--- 172.17.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.097/0.097/0.097/0.000 ms
[root@localhost ~]# curl 172.17.0.1
curl: (7) Failed connect to 172.17.0.1:80; Connection refused
[root@localhost ~]# curl 172.17.0.3
wolf
使用主机ip+32768 ie也可以访问
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
c08ea468a409        wolf/httpd:v0.2     "/bin/httpd -f -h /d…"   4 minutes ago       Up 4 minutes        0.0.0.0:32768->80/tcp   myweb
ddfabb456ab2        wolf/httpd:v0.2     "/bin/httpd -f -h /d…"   19 hours ago        Up 19 hours                                 t2
[root@localhost ~]# docker kill c08ea468a409
c08ea468a409

固定ip地址

[root@localhost ~]# docker port myweb
80/tcp -> 0.0.0.0:32769
[root@localhost ~]#

[root@localhost ~]# docker run --name myweb --rm -p 80 wolf/httpd:v0.2
[root@localhost ~]# docker port myweb
80/tcp -> 10.249.100.205:32768

指定端口

[root@localhost ~]# docker run --name myweb --rm -p 80:80 wolf/httpd:v0.2
[root@localhost ~]# docker port myweb
80/tcp -> 0.0.0.0:80

指定ip+端口

[root@localhost ~]# docker run --name myweb --rm -p 10.249.100.205:80:80 wolf/httpd:v0.2
[root@localhost ~]# docker port myweb
80/tcp -> 10.249.100.205:80

===========================================

3、container

这种模式网络是共享的,文件系统是隔离的

[root@localhost ~]# docker run --name c1 -it --rm busybox
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03  
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:508 (508.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 
[root@localhost ~]# docker run --name c2 --network container:c1 -it --rm busybox
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03  
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # 

==============================================================

4、host

[root@localhost ~]# docker run --name c2 --network host -it --rm busybox
/ # ifconfig -a
docker0   Link encap:Ethernet  HWaddr 02:42:58:9F:A8:C6  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:58ff:fe9f:a8c6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45 errors:0 dropped:0 overruns:0 frame:0
          TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3691 (3.6 KiB)  TX bytes:5154 (5.0 KiB)

eno16780032 Link encap:Ethernet  HWaddr 00:50:56:98:27:67  
          inet addr:10.249.100.205  Bcast:10.249.100.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe98:2767/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1939842 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11081 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:119735743 (114.1 MiB)  TX bytes:16917243 (16.1 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:268 (268.0 B)  TX bytes:268 (268.0 B)

veth18b5e64 Link encap:Ethernet  HWaddr 6E:1E:3E:DD:9A:5B  
          inet6 addr: fe80::6c1e:3eff:fedd:9a5b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

veth4c58b20 Link encap:Ethernet  HWaddr 9A:24:05:AC:C6:B3  
          inet6 addr: fe80::9824:5ff:feac:c6b3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:680 (680.0 B)  TX bytes:1368 (1.3 KiB)

/ # 

看主机ip

[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
       
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:98:27:67 brd ff:ff:ff:ff:ff:ff
    inet 10.249.100.205/24 brd 10.249.100.255 scope global eno16780032
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe98:2767/64 scope link 
       valid_lft forever preferred_lft forever
       
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:58:9f:a8:c6 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:58ff:fe9f:a8c6/64 scope link 
       valid_lft forever preferred_lft forever
       
7: veth4c58b20@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP 
    link/ether 9a:24:05:ac:c6:b3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::9824:5ff:feac:c6b3/64 scope link 
       valid_lft forever preferred_lft forever
33: veth18b5e64@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP 
    link/ether 6e:1e:3e:dd:9a:5b brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::6c1e:3eff:fedd:9a5b/64 scope link 
       valid_lft forever preferred_lft forever

==============================================================
docker修改默认docker0 ip
cat /etc/docker/daemon.json 在此文件中添加如下一行,然后重启服务。

{
    "bip": "192.168.200.1/24"
}
systemctl restart docker
当然还可以加入其他信息,如dns ,默认网关等
{
    "bip": "192.168.102.1/24",
    "mtu": 1500,
    "default-gateway": "192.168.102.1",
    "dns": ["dns1","dns2"]
}

==============================================================
远程管理其他docker机器
cat /etc/docker/daemon.json 在此文件中添加如下一行,然后重启服务。

{
    "bip": "192.168.200.1/24"
    "hosts": ["tcp://0.0.0.02375","unix:///var/run/docker.sock"]
}
systemctl restart docker

ss -tnl看看2375是否启动

然后去另一台机器

docker -H IP:2375 ps

==============================================================
自己创建一个桥

[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
70927cee27d5        bridge              bridge              local
2ddc6237dbff        host                host                local
50b8c452a332        none                null                local
[root@localhost ~]# docker network create -d bridge --subnet "172.18.0.1/16" --gateway "172.18.0.1" mybr0
2d312d1befcaf95ea10c86a5cf069ea4a16b8a423f533861d14ef401da3d5577
[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
70927cee27d5        bridge              bridge              local
2ddc6237dbff        host                host                local
2d312d1befca        mybr0               bridge              local
50b8c452a332        none                null                local
[root@localhost ~]# ifconfig -a
br-2d312d1befca: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:d4:68:41:47  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 680 (680.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19  bytes 1368 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:58ff:fe9f:a8c6  prefixlen 64  scopeid 0x20<link>
        ether 02:42:58:9f:a8:c6  txqueuelen 0  (Ethernet)
        RX packets 45  bytes 3691 (3.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 59  bytes 5154 (5.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno16780032: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.249.100.205  netmask 255.255.255.0  broadcast 10.249.100.255
        inet6 fe80::250:56ff:fe98:2767  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:98:27:67  txqueuelen 1000  (Ethernet)
        RX packets 2023102  bytes 124771487 (118.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11430  bytes 16956230 (16.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4  bytes 268 (268.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 268 (268.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth18b5e64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::6c1e:3eff:fedd:9a5b  prefixlen 64  scopeid 0x20<link>
        ether 6e:1e:3e:dd:9a:5b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth4c58b20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::9824:5ff:feac:c6b3  prefixlen 64  scopeid 0x20<link>
        ether 9a:24:05:ac:c6:b3  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 680 (680.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19  bytes 1368 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

使用mybr0桥

[root@localhost ~]# docker run --name t3 -it --net mybr0 busybox:latest
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 02:42:AC:12:00:02  
          inet addr:172.18.0.2  Bcast:172.18.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1296 (1.2 KiB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

同一个物理机上的多个桥应该是通的,主要下面这个ip转发

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_forward
1

如果觉得我的文章对您有用,请点赞。您的支持将鼓励我继续创作!

7

添加新评论2 条评论

wuwenpinwuwenpin软件开发工程师, 南京
2019-01-05 21:36
不错,学习学习
dahuaidahuai存储工程师, 曙光
2019-01-04 17:19
非常好的文章
Ctrl+Enter 发表

作者其他文章

相关文章

相关问题

相关资料

X社区推广