Docker 網(wǎng)絡模式（四種）詳細介紹

更新時間：2016年11月22日 09:21:13 投稿：lqh

這篇文章主要介紹了Docker 網(wǎng)絡模式詳細介紹的相關資料,這里提供了四種網(wǎng)絡模式的介紹，Docker 作為輕量級容器技術，很多比較不錯的功能，網(wǎng)絡不是多好，這里就整理下，需要的朋友可以參考下

Docker 網(wǎng)絡模式

本文首先介紹了Docker自身的4種網(wǎng)絡工作方式，

Docker作為目前最火的輕量級容器技術，有很多令人稱道的功能，如Docker的鏡像管理。然而，Docker同樣有著很多不完善的地方，網(wǎng)絡方面就是Docker比較薄弱的部分。因此，我們有必要深入了解Docker的網(wǎng)絡知識，以滿足更高的網(wǎng)絡需求。

四種網(wǎng)絡模式

我們在使用docker run創(chuàng)建Docker容器時，可以用--net選項指定容器的網(wǎng)絡模式，Docker有以下4種網(wǎng)絡模式：

· host模式，使用--net=host指定。

· container模式，使用--net=container:NAME_or_ID指定。

· none模式，使用--net=none指定。

· bridge模式，使用--net=bridge指定，默認設置。

1 host模式

眾所周知，Docker使用了Linux的Namespaces技術來進行資源隔離，如PID Namespace隔離進程，Mount Namespace隔離文件系統(tǒng)，Network Namespace隔離網(wǎng)絡等。一個Network Namespace提供了一份獨立的網(wǎng)絡環(huán)境，包括網(wǎng)卡、路由、Iptable規(guī)則等都與其他的Network Namespace隔離。一個Docker容器一般會分配一個獨立的Network Namespace。但如果啟動容器的時候使用host模式，那么這個容器將不會獲得一個獨立的Network Namespace，而是和宿主機共用一個Network Namespace。容器將不會虛擬出自己的網(wǎng)卡，配置自己的IP等，而是使用宿主機的IP和端口。

例如，我們在10.10.101.105/24的機器上用host模式啟動一個含有web應用的Docker容器，監(jiān)聽tcp80端口。當我們在容器中執(zhí)行任何類似ifconfig命令查看網(wǎng)絡環(huán)境時，看到的都是宿主機上的信息。而外界訪問容器中的應用，則直接使用10.10.101.105:80即可，不用任何NAT轉換，就如直接跑在宿主機中一樣。但是，容器的其他方面，如文件系統(tǒng)、進程列表等還是和宿主機隔離的。

2 container模式

在理解了host模式后，這個模式也就好理解了。這個模式指定新創(chuàng)建的容器和已經(jīng)存在的一個容器共享一個Network Namespace，而不是和宿主機共享。新創(chuàng)建的容器不會創(chuàng)建自己的網(wǎng)卡，配置自己的IP，而是和一個指定的容器共享IP、端口范圍等。同樣，兩個容器除了網(wǎng)絡方面，其他的如文件系統(tǒng)、進程列表等還是隔離的。兩個容器的進程可以通過lo網(wǎng)卡設備通信。

3 none模式

這個模式和前兩個不同。在這種模式下，Docker容器擁有自己的Network Namespace，但是，并不為Docker容器進行任何網(wǎng)絡配置。也就是說，這個Docker容器沒有網(wǎng)卡、IP、路由等信息。需要我們自己為Docker容器添加網(wǎng)卡、配置IP等。

4 bridge模式

bridge模式是Docker默認的網(wǎng)絡設置，此模式會為每一個容器分配Network Namespace、設置IP等，并將一個主機上的Docker容器連接到一個虛擬網(wǎng)橋上。下面著重介紹一下此模式。
host模式

使用Docker run時使用–net=host指定
Docker使用的網(wǎng)絡實際上和宿主機一樣，在容器內看到的網(wǎng)卡ip是宿主機上的ip。

[root@localhost ~]# docker run -it --rm --net=host centos_with_net bash

–rm，退出鏡像時同時刪除該鏡像

[root@localhost /]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0
    inet6 fe80::8cfc:c7ff:fe49:f1ae prefixlen 64 scopeid 0x20<link>
    ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet)
    RX packets 58 bytes 3820 (3.7 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 6 bytes 468 (468.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.1.179 netmask 255.255.255.0 broadcast 192.168.1.255
    inet6 fe80::20c:29ff:fedb:b228 prefixlen 64 scopeid 0x20<link>
    ether 00:0c:29:db:b2:28 txqueuelen 1000 (Ethernet)
    RX packets 10562 bytes 868003 (847.6 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 2985 bytes 390673 (381.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 16 bytes 960 (960.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 16 bytes 960 (960.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth5446780: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::c0f4:f5ff:fe71:f3bd prefixlen 64 scopeid 0x20<link>
    ether c2:f4:f5:71:f3:bd txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 49 bytes 3894 (3.8 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth111b1ca: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::4c90:a4ff:feb6:9191 prefixlen 64 scopeid 0x20<link>
    ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 13 bytes 1026 (1.0 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth55dbbb2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::c84d:9ff:fecd:da27 prefixlen 64 scopeid 0x20<link>
    ether ca:4d:09:cd:da:27 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 42 bytes 3336 (3.2 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth5e2dff4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::9465:1bff:fed2:f75d prefixlen 64 scopeid 0x20<link>
    ether 96:65:1b:d2:f7:5d txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 20 bytes 1584 (1.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth628d605: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::5cc8:ebff:fedb:ea69 prefixlen 64 scopeid 0x20<link>
    ether 5e:c8:eb:db:ea:69 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 6 bytes 468 (468.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth991629e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::b464:e5ff:fed5:1bd6 prefixlen 64 scopeid 0x20<link>
    ether b6:64:e5:d5:1b:d6 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 27 bytes 2142 (2.0 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vethb086b1c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::dcdf:66ff:fed8:f2df prefixlen 64 scopeid 0x20<link>
    ether de:df:66:d8:f2:df txqueuelen 0 (Ethernet)
    RX packets 8 bytes 636 (636.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 34 bytes 2700 (2.6 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost /]# exit
exit

與宿主機的IP信息對比

[root@localhost ~]# ifconfig
docker0  Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91
     inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
     inet6 addr: fe80::8cfc:c7ff:fe49:f1ae/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:58 errors:0 dropped:0 overruns:0 frame:0
     TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:3820 (3.7 KiB) TX bytes:468 (468.0 b)

eth0   Link encap:Ethernet HWaddr 00:0C:29:DB:B2:28
     inet addr:192.168.1.179 Bcast:192.168.1.255 Mask:255.255.255.0
     inet6 addr: fe80::20c:29ff:fedb:b228/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:10661 errors:0 dropped:0 overruns:0 frame:0
     TX packets:3012 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000
     RX bytes:876797 (856.2 KiB) TX bytes:398049 (388.7 KiB)

lo    Link encap:Local Loopback
     inet addr:127.0.0.1 Mask:255.0.0.0
     inet6 addr: ::1/128 Scope:Host
     UP LOOPBACK RUNNING MTU:65536 Metric:1
     RX packets:16 errors:0 dropped:0 overruns:0 frame:0
     TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)

veth5e2dff4 Link encap:Ethernet HWaddr 96:65:1B:D2:F7:5D
     inet6 addr: fe80::9465:1bff:fed2:f75d/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:1584 (1.5 KiB)

vethb086b1c Link encap:Ethernet HWaddr DE:DF:66:D8:F2:DF
     inet6 addr: fe80::dcdf:66ff:fed8:f2df/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:8 errors:0 dropped:0 overruns:0 frame:0
     TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:636 (636.0 b) TX bytes:2700 (2.6 KiB)

veth55dbbb2 Link encap:Ethernet HWaddr CA:4D:09:CD:DA:27
     inet6 addr: fe80::c84d:9ff:fecd:da27/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:3336 (3.2 KiB)

veth111b1ca Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91
     inet6 addr: fe80::4c90:a4ff:feb6:9191/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:1026 (1.0 KiB)

veth628d605 Link encap:Ethernet HWaddr 5E:C8:EB:DB:EA:69
     inet6 addr: fe80::5cc8:ebff:fedb:ea69/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:468 (468.0 b)

veth991629e Link encap:Ethernet HWaddr B6:64:E5:D5:1B:D6
     inet6 addr: fe80::b464:e5ff:fed5:1bd6/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:2142 (2.0 KiB)

veth5446780 Link encap:Ethernet HWaddr C2:F4:F5:71:F3:BD
     inet6 addr: fe80::c0f4:f5ff:fe71:f3bd/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:3894 (3.8 KiB)

container模式

使用–net=Container:container_id/container_name，多個容器使用共同的網(wǎng)絡看到的ip是一樣的。

[root@localhost ~]# docker ps
CONTAINER ID    IMAGE        COMMAND       CREATED       STATUS       PORTS        NAMES
7169e8be6d3e    centos       "/bin/bash"     About an hour ago  Up About an hour            serene_goldstine
4cd696928bbe    centos       "bash"       About an hour ago  Up About an hour            cent_testv2
4f5bf6f33f2c    centos       "bash"       About an hour ago  Up About an hour            gloomy_colden
0a80861145c9    centos       "bash"       About an hour ago  Up About an hour            mad_carson
fb45150dbc21    centos       "bash"       About an hour ago  Up About an hour            cent_testv
3222c7c5c456    centos       "bash"       2 hours ago     Up 2 hours               sick_albattani
e136b27a8e17    centos       "bash"       2 hours ago     Up 2 hours               tender_euclid
[root@localhost ~]# docker exec -it 7169 bash
[root@7169e8be6d3e /]# ifconfig
bash: ifconfig: command not found
[root@7169e8be6d3e /]# yum install -y net-tools ifconfig
[root@7169e8be6d3e /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0
    inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20<link>
    ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet)
    RX packets 5938 bytes 15420209 (14.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 4841 bytes 329652 (321.9 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@7169e8be6d3e /]# exit
exit
[root@localhost ~]# docker run -it --rm --net=container:7169 centos_with_net bash
[root@7169e8be6d3e /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0
    inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20<link>
    ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet)
    RX packets 5942 bytes 15420377 (14.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 4855 bytes 330480 (322.7 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

none模式

使用–net=none指定，這種模式下不會配置任何網(wǎng)絡。

[root@localhost ~]# docker run -it --rm --net=none centos_with_net bash
[root@67d037935636 /]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

bridge模式（默認模式）

使用–net=bridge指定，不用指定默認就是這種網(wǎng)絡模式。這種模式會為每個容器分配一個獨立的Network Namespace。類似于Vmware的nat網(wǎng)絡模式。同一個宿主機上的所有容器會在同一個網(wǎng)段下，相互之間是可以通信的。

感謝閱讀，希望能幫助到大家，謝謝大家對本站的支持！

您可能感興趣的文章: