①. Docker默认网络原理
- ①. 在linux下使用 ip addr
- lo: 本地所有的
- ethO:虚拟机的私有ip地址 172.28.0.3(所处的路由器分配的),公网不能访问
- docker0:是一个桥接网络 172.17.0.1/16,这里的/16是什么意思呢?
- (点分10进制 11111111.11111111.11111111.11111111,172.17.0.2/16 是前16位不变(也就是172.17不变) ,现在能分配到的ip是 256*256-2(子网域))
②. 环境搭建:拉取一个alpine的镜像,基于这个镜像启动两个容器,进入容器查看各自的ip addr,最后我们重开一个窗口,使用ip addr 查看linux下的网络情况
# 第一个窗口 # 内部有一个330,外部有一个331对应 [root@i-id8g0yu9 ~]# docker run -it --name myalpine1 alpine / # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 330: eth0@if331: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever # 第二个窗口 [root@i-id8g0yu9 ~]# docker run -it --name myalpine2 alpine / # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 332: eth0@if333: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever / # # 第三个窗口 [root@i-id8g0yu9 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:99:b7:86:34 brd ff:ff:ff:ff:ff:ff inet 172.28.0.3/24 brd 172.28.0.255 scope global noprefixroute dynamic eth0 valid_lft 79710sec preferred_lft 79710sec inet6 fe80::5054:99ff:feb7:8634/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:aa:2c:80:a6 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:aaff:fe2c:80a6/64 scope link valid_lft forever preferred_lft forever 331: veth0808c3f@if330: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether c2:44:6c:bc:76:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::c044:6cff:febc:76b8/64 scope link valid_lft forever preferred_lft forever 333: vetha2656be@if332: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether ae:55:f3:40:d2:f3 brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::ac55:f3ff:fe40:d2f3/64 scope link valid_lft forever preferred_lft forever [root@i-id8g0yu9 ~]#
③. 默认网络原理:Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥
(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。
- ocker容器网络就很好的利用了Linux虚拟网络技术,在本地主机和容器内分别创建一个虚拟接口,并让他们彼此联通(这样一对接口叫veth pair)
- 每一个安装了Docker的linux主机都有一个docker0的虚拟网卡。桥接网卡
- 每启动一个容器linux主机多了一个虚拟网卡
