在已经安装docker的服务器,通过网络命令来查看网络
ip addr会出现一堆地址,但是我们主要看前面的部分,如下:
会有三个网络。lo本地 eth0内网 docker0 docker0地址。
# 问题: docker是如何处理容器网络访问的?
# [root@iZ2zeg4ytp0whqtmxbsqiiZ ~]# docker run -d -P --name tomcat01 tomcat
# 查看容器内部的网络地址 ip addr
[root@iZ2zeg4ytp0whqtmxbsqiiZ ~]# docker exec -it tomcat01 ip addr, 发现容器启动的时候得到一个eth0@if115 ip地址,docker分配的!
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
114: eth0@if115: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 思考: linux 能不能ping通容器?
[root@iZ2zeg4ytp0whqtmxbsqiiZ ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.075 ms
# linux 可以 ping 通docker容器内部!这是我的服务器的一个容器的网络情况和在服务器内直接通过容器的内网地址eth0ping网络连通情况。
我们每启动一个docker容器, docker就会给docker容器分配一个ip, 我们只要安装了docker,就会有一个网卡 docker0桥接模式,使用的技术是veth-pair技术。
# 我们发现这个容器带来网卡,都是一对对的
# veth-pair 就是一对的虚拟设备接口,他们都是成对出现的,一端连着协议,一端彼此相连
# 正因为有这个特性,veth-pair充当一个桥梁, 连接各种虚拟网络设备
# OpenStac, Docker容器之间的链接,OVS的链接, 都是使用veth-pair技术这些说明什么?说明容器之间是可以PING通的,是可以网络相连接的。
再举个例子简单的,以我目前装了很多容器的服务器来举例
他的网络状况如下图
[root@VM-24-4-centos ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 52:54:00:2e:c4:41 brd ff:ff:ff:ff:ff:ff
inet 10.0.24.4/22 brd 10.0.27.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe2e:c441/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:63:a9:e2:e0 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:63ff:fea9:e2e0/64 scope link
valid_lft forever preferred_lft forever
13: vethd2600ed@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 66:ba:84:bd:da:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::64ba:84ff:febd:da67/64 scope link
valid_lft forever preferred_lft forever
15: veth3768430@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 8e:55:d4:b3:c0:ea brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::8c55:d4ff:feb3:c0ea/64 scope link
valid_lft forever preferred_lft forever
23: veth91647dc@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether c6:5e:43:a8:3d:53 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::c45e:43ff:fea8:3d53/64 scope link
valid_lft forever preferred_lft forever
25: veth87cf643@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ee:20:1d:7c:6d:54 brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::ec20:1dff:fe7c:6d54/64 scope link
valid_lft forever preferred_lft forever
27: veth47fc668@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 2a:8f:5b:d1:6e:74 brd ff:ff:ff:ff:ff:ff link-netnsid 4
inet6 fe80::288f:5bff:fed1:6e74/64 scope link
valid_lft forever preferred_lft forever
29: vethebee148@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether d6:0c:68:80:4b:3a brd ff:ff:ff:ff:ff:ff link-netnsid 5
inet6 fe80::d40c:68ff:fe80:4b3a/64 scope link
valid_lft forever preferred_lft forever
31: vethff0702b@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 62:1c:59:16:0a:39 brd ff:ff:ff:ff:ff:ff link-netnsid 6
inet6 fe80::601c:59ff:fe16:a39/64 scope link
valid_lft forever preferred_lft forever
33: veth99eea84@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether b6:c9:b8:38:fc:7e brd ff:ff:ff:ff:ff:ff link-netnsid 7
inet6 fe80::b4c9:b8ff:fe38:fc7e/64 scope link
valid_lft forever preferred_lft forever
39: veth20084ab@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 3a:c6:00:f0:33:2b brd ff:ff:ff:ff:ff:ff link-netnsid 8
inet6 fe80::38c6:ff:fef0:332b/64 scope link
valid_lft forever preferred_lft forever
63: veth3dc39c6@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 86:2f:42:f5:2c:88 brd ff:ff:ff:ff:ff:ff link-netnsid 9
inet6 fe80::842f:42ff:fef5:2c88/64 scope link
valid_lft forever preferred_lft forever我们知道docker自己搞了一个网络叫做docker0,我的这个地址是172.17.0.1。现在以上图为例子,处理lo,eth0,docker0,这三个一共有10组网络。
我们在172.17.0.2和172.17.0.11之间,包括二者,相当于每个人都是一个网络一台机,而这172.17.0.1可以看做他们的路由器。你可以随便访问这些网络,进各个容器里面去PING其他的机。
但是如果突发奇想,我看到10个网络,最大是11(1被docker0占用了)。我去ping 172.17.0.12会怎么样?
结果当然是ping不通的。Docker使用的是Linux的桥接,宿主机中是一个Docker容器的网桥docker0.
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
