Docker 第五章 容器網絡
ip netns
虛擬化網絡都是基於netns實現
ip-netns - process network namespace management #管理網絡名稱空間工具
網絡命名空間在邏輯上是網絡堆棧的另外一個副本,具備本身的路由,防火牆規則和網絡設備。 默認狀況下,進程從其父級繼承其網絡命名空間。最初,全部進程共享相同的默認網絡名稱空間 來自init進程。
SYNOPSIS top #用法
ip [ OPTIONS ] netns { COMMAND | help }
ip netns [ list ] #列出全部名稱空間
ip netns add NETNSNAME #建立一個新的名稱空間
ip netns attach NETNSNAME PID
ip [-all] netns del [ NETNSNAME ] #傷處一個名稱空間
ip netns set NETNSNAME NETNSID
ip netns identify [ PID ]
ip netns pids NETNSNAME
ip [-all] netns exec [ NETNSNAME ] command... #在網絡名稱空間執行指定命令
ip netns monitor
ip netns list-id
ip [-all] netns delete [ NAME ] - delete the name of a network namespace(s)
[root@localhost netreport]# ip netns add testspace #添加一個名稱空間
[root@localhost netreport]# ip netns list #列出
testspace
[root@localhost netreport]# ip netns del testspace #刪除
[root@localhost netreport]# ip netns add testspace
[root@localhost netreport]# ip netns exec testspace ifconfig -a #執行命令
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost netreport]#
ip-link: network device configuration
#ip link 網絡設備管理工具,用於配置虛擬網卡
[root@localhost netreport]# ip link help Usage: ip link add [link DEV] [ name ] NAME [ txqueuelen PACKETS ] [ address LLADDR ] [ broadcast LLADDR ] [ mtu MTU ] [index IDX ] [ numtxqueues QUEUE_COUNT ] [ numrxqueues QUEUE_COUNT ] type TYPE [ ARGS ] ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ] ip link set { DEVICE | dev DEVICE | group DEVGROUP } [ { up | down } ] [ type TYPE ARGS ] [ arp { on | off } ] [ dynamic { on | off } ] [ multicast { on | off } ] [ allmulticast { on | off } ] [ promisc { on | off } ] [ trailers { on | off } ] [ carrier { on | off } ] [ txqueuelen PACKETS ] [ name NEWNAME ] [ address LLADDR ] [ broadcast LLADDR ] [ mtu MTU ] [ netns { PID | NAME } ] [ link-netnsid ID ] [ alias NAME ] [ vf NUM [ mac LLADDR ] [ vlan VLANID [ qos VLAN-QOS ] [ proto VLAN-PROTO ] ] [ rate TXRATE ] [ max_tx_rate TXRATE ] [ min_tx_rate TXRATE ] [ spoofchk { on | off} ] [ query_rss { on | off} ] [ state { auto | enable | disable} ] ] [ trust { on | off} ] ] [ node_guid { eui64 } ] [ port_guid { eui64 } ] [ xdp { off | object FILE [ section NAME ] [ verbose ] | pinned FILE } ] [ master DEVICE ][ vrf NAME ] [ nomaster ] [ addrgenmode { eui64 | none | stable_secret | random } ] [ protodown { on | off } ] ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE] ip link xstats type TYPE [ ARGS ] ip link afstats [ dev DEVICE ] ip link help [ TYPE ] TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap | bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan | gre | gretap | ip6gre | ip6gretap | vti | nlmon | team_slave | bond_slave | ipvlan | geneve | bridge_slave | vrf | macsec } [root@localhost netreport]#
經常使用命令node
ip link add - 添加虛擬連接 ip link delete - 刪除虛擬連接 ip link set - 更改設備屬性 ip link show - 顯示設備屬性 ip link xstats - 顯示擴展統計信息 ip link afstats - 顯示特定於地址的系列統計信息 ip link help - 顯示幫助
顯示設備屬性nginx
ip link show - display device attributes dev NAME:specifies the network device to show. (default) 若是不指定設備,則顯示全部設備信息 up:only display running interfaces. 只顯示啓動的接口
添加虛擬設備sql
ip link add - add virtual link link DEVICE:specifies the physical device to act operate on. 指定在哪一個物理設備上操做 NAME:specifies the name of the new virtual device. 指定新虛擬設備的名稱 TYPE:specifies the type of the new device. 指定新設備的類型 Link types: vlan - 802.1q tagged virtual LAN interface veth - Virtual ethernet interface 虛擬網絡接口(一對) vcan - Virtual Local CAN interface dummy - Dummy network interface ifb - Intermediate Functional Block device macvlan - virtual interface base on link layer address (MAC) can - Controller Area Network interface bridge - Ethernet Bridge device 網橋設備
刪除虛擬設備docker
ip link delete - delete virtual link DEVICE:specifies the virtual device to act operate on. TYPE:specifies the type of the device. dev DEVICE:specifies the physical device to act operate on.
設置設備屬性bash
ip link set - change device attributes
dev DEVICE:specifies network device to operate on.
up and down:change the state of the device to UP or DOWN. 啓動或關閉網卡
multicast on or multicast off:change the MULTICAST flag on the device. 啓用或禁用組播
name NAME:change the name of the device. 修改網卡名稱。須要先donw掉網卡,否則會提示busy。
This operation is not recommended if the device is running or has some addresses already configured.
alias NAME:give the device a symbolic name for easy reference. 爲網卡設置別名
mtu NUMBER:change the MTU of the device. 設置MTU大小,默認爲1500
netns NETNSNAME:move the device to the network namespace associated with name NETNSNAME. 將接口移動到指定的網絡名稱空間
veth - Virtual ethernet interface #虛擬以太網卡
#veth設備是成對出現的,一端鏈接的是內核協議棧,一端彼此相連。一個設備收到協議棧的數據,會將數據發送另外一個設備上去。大概結構以下:網絡
+----------------------------------------------------------------+
| |
| +------------------------------------------------+ |
| | Newwork Protocol Stack | |
| +------------------------------------------------+ |
| ↑ ↑ ↑ |
|..............|...............|...............|.................|
| ↓ ↓ ↓ |
| +----------+ +-----------+ +-----------+ |
| | eth0 | | veth0 | | veth1 | |
| +----------+ +-----------+ +-----------+ |
|192.168.100.100 ↑ ↑ ↑ |
| | +---------------+ |
| | 10.1.1.1/24 10.1.1.2/24 |
+--------------|-------------------------------------------------+
↓
Physical Network
示例 建立一對虛擬網卡,新建的網卡默認都是關閉的,名稱空間裏的迴環網卡lo默認也是關閉的。
[root@localhost netreport]# ip link add name veth1 type veth peer name veth2
[root@localhost netreport]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:8b:7c:a1 brd ff:ff:ff:ff:ff:ff
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:3d:8c:f3:de brd ff:ff:ff:ff:ff:ff
7: vetha2d7cb7@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 3a:54:20:3d:ff:16 brd ff:ff:ff:ff:ff:ff link-netnsid 0
8: veth2@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 8a:ed:62:73:ec:f6 brd ff:ff:ff:ff:ff:ff
9: veth1@veth2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether da:6c:01:ef:3b:6a brd ff:ff:ff:ff:ff:ff
[root@localhost netreport]#
#一塊網卡只能屬於一個名稱空間, 將veth2 網卡配置爲testspace 名稱空間
[root@localhost netreport]# ip link set dev veth2 netns testspace [root@localhost netreport]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:8b:7c:a1 brd ff:ff:ff:ff:ff:ff 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether 02:42:3d:8c:f3:de brd ff:ff:ff:ff:ff:ff 7: vetha2d7cb7@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default link/ether 3a:54:20:3d:ff:16 brd ff:ff:ff:ff:ff:ff link-netnsid 0 9: veth1@if8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether da:6c:01:ef:3b:6a brd ff:ff:ff:ff:ff:ff link-netnsid 1 [root@localhost netreport]#
讓兩塊在不一樣名稱空間網卡通訊dom
[root@localhost netreport]# ip netns list testspace (id: 1) [root@localhost netreport]# ip netns exec testspace ip link set dev veth2 name veth0 #能夠修改dev name [root@localhost netreport]# ip netns exec testspace ifconfig [root@localhost netreport]# ip netns exec testspace ifconfig -a #顯示網卡 lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth0: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 8a:ed:62:73:ec:f6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost netreport]# ip netns exec testspace ifconfig veth0 10.1.1.2/24 [root@localhost netreport]# ip netns exec testspace ifconfig veth0 10.1.1.2/24 up #配置名稱空間網卡地址,並啓動 [root@localhost netreport]# ip netns exec testspace ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.1.1.2 netmask 255.255.255.0 broadcast 10.1.1.255 ether 8a:ed:62:73:ec:f6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost netreport]# [root@localhost netreport]# ifconfig veth1 10.1.1.1/24 [root@localhost netreport]# ifconfig veth1 10.1.1.1/24 up #配置本地虛擬網卡地址並啓動 [root@localhost netreport]# ping 10.1.1.2 PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data. 64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.079 ms 64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.089 ms 64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.067 ms ^C --- 10.1.1.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.067/0.078/0.089/0.011 ms [root@localhost netreport]#
外部訪問容器
容器中能夠運行一些網絡應用,要讓外部也能夠訪問這些應用,能夠經過 -P 或 -p 參數來指定端口映射。 當使用 -P 標記時,Docker 會隨機映射一個 49000~49900 的端口到內部容器開放的網絡端口。
[root@localhost ~]# docker run -dit -P nginx #-P 生成隨機端口映射
ce812985c0066f2ed13f31b39e1ddd91324b3b4562e92a4ec1f7542d6e995afc
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce812985c006 nginx "nginx -g 'daemon of…" 3 seconds ago Up 3 seconds 0.0.0.0:32768->80/tcp gifted_williamson
1303d8ae1869 dockerpracticecn/docker_practice "nginx -g 'daemon of…" 22 hours ago Up 22 hours 0.0.0.0:8080->80/tcp eager_vaughan
[root@localhost ~]#
[root@localhost ~]# docker run -dit -p 8000:80 nginx #宿主機全部地址的8000 端口,指定端口
02dda7bad87e9801e638786a46c5685f8f8b91f41b0052198a5ad0daaeed1686
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
02dda7bad87e nginx "nginx -g 'daemon of…" 3 seconds ago Up 1 second 0.0.0.0:8000->80/tcp tender_hugle
ce812985c006 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:32768->80/tcp gifted_williamson
1303d8ae1869 dockerpracticecn/docker_practice "nginx -g 'daemon of…" 22 hours ago Up 22 hours 0.0.0.0:8080->80/tcp eager_vaughan
[root@localhost ~]#
[root@localhost ~]# docker run -dit -p 192.168.100.100:9000:80 nginx #限定地址端口
f22564d9af806afe99fda755c885fb3ecc414fcb4ae1847234981c882eb98ede
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f22564d9af80 nginx "nginx -g 'daemon of…" 3 seconds ago Up 2 seconds 192.168.100.100:9000->80/tcp wonderful_jepsen
02dda7bad87e nginx "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:8000->80/tcp tender_hugle
ce812985c006 nginx "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:32768->80/tcp gifted_williamson
1303d8ae1869 dockerpracticecn/docker_practice "nginx -g 'daemon of…" 22 hours ago Up 22 hours 0.0.0.0:8080->80/tcp eager_vaughan
[root@localhost ~]#
[root@localhost ~]# docker port f225 #查看容器映射端口
80/tcp -> 192.168.100.100:9000
[root@localhost ~]#
共享宿主機網絡名稱空間tcp
[root@localhost ~]# docker run --name b4 -it --network host --rm busybox #網絡模型host
/ #
/ # ifocnfig
sh: ifocnfig: not found
/ # ifconfig
br-89e62c51620f Link encap:Ethernet HWaddr 02:42:CF:83:F2:C1
inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
docker0 Link encap:Ethernet HWaddr 02:42:3D:8C:F3:DE
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:3dff:fe8c:f3de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:303 errors:0 dropped:0 overruns:0 frame:0
TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:728619 (711.5 KiB) TX bytes:28556 (27.8 KiB)
ens33 Link encap:Ethernet HWaddr 00:0C:29:8B:7C:A1
inet addr:192.168.100.100 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::d634:8c5a:a11c:8da8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9777 errors:0 dropped:0 overruns:0 frame:0
TX packets:9749 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:955036 (932.6 KiB) TX bytes:1692136 (1.6 MiB)
容器互聯
[root@localhost ~]# docker network create -d bridge my-net #新建一個網絡名稱空間 7563ccc4b9ce8ab73fa9ea49a7cc0ed900e5bd9cc8e65393baaee0764c61bee8 [root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE d4846dd9d420 bridge bridge local 89e62c51620f help bridge local 16d30c89207b host host local 7563ccc4b9ce my-net bridge local c8c1dd52cd81 none null local
[root@localhost ~]# ifconfig
br-7563ccc4b9ce: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 #新建立的網橋
inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255
inet6 fe80::42:edff:fec6:5157 prefixlen 64 scopeid 0x20<link>
ether 02:42:ed:c6:51:57 txqueuelen 0 (Ethernet)
RX packets 4 bytes 280 (280.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 936 (936.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-89e62c51620f: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:cf:83:f2:c1 txqueuelen 0 (Ethernet)
RX packets 4 bytes 280 (280.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1592 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:3dff:fe8c:f3de prefixlen 64 scopeid 0x20<link>
ether 02:42:3d:8c:f3:de txqueuelen 0 (Ethernet)
RX packets 303 bytes 728619 (711.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 251 bytes 28556 (27.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
運行一個容器並鏈接到新建的 my-net 網絡ide
[root@localhost ~]# docker run -it --rm --name busybox1 --network my-net busybox sh #啓動一個容器 並加入指定網絡 / #
[root@localhost ~]# docker run -it --rm --name busybox2 --network my-net busybox sh #測試統一名稱空間的容器通訊 / # ping busybox1 PING busybox1 (172.19.0.2): 56 data bytes 64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.116 ms 64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.091 ms ^C --- busybox1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.091/0.103/0.116 ms / #
相關文章
- 1. docker容器網絡
- 2. Docker容器網絡
- 3. 第三章:docker的容器
- 4. Docker 第三章 容器
- 5. 第五章 神經網絡
- 6. Docker容器網絡指南
- 7. docker 容器網絡篇
- 8. Docker容器及kubernetes網絡
- 9. Docker網絡--容器通訊
- 10. docker(7、容器網絡3) macvlan 網絡
- 更多相關文章...
- • Docker 容器連接 - Docker教程
- • Docker 容器使用 - Docker教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. docker容器網絡
- 2. Docker容器網絡
- 3. 第三章:docker的容器
- 4. Docker 第三章 容器
- 5. 第五章 神經網絡
- 6. Docker容器網絡指南
- 7. docker 容器網絡篇
- 8. Docker容器及kubernetes網絡
- 9. Docker網絡--容器通訊
- 10. docker(7、容器網絡3) macvlan 網絡