Docker Network --Bridge
Bridge
描述:主要用于单机的docker容器,当docker服务程序启动的时候,默认会创建一个Docker0的bridge给容器使用,它是一个default的bridge,另外我们可以自己手动创建bridge给容器使用。
Default bridge network usage
- 检查主机的网络
[root@localhost ~]# ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens9: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6b:cc:77 brd ff:ff:ff:ff:ff:ff
inet 10.90.241.95/24 brd 10.90.241.255 scope global ens9
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe6b:cc77/64 scope link
valid_lft forever preferred_lft forever
3: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:97:1d:2e brd ff:ff:ff:ff:ff:ff
inet 192.168.122.51/24 brd 192.168.122.255 scope global dynamic eth0
valid_lft 2786sec preferred_lft 2786sec
inet6 fe80::5054:ff:fe97:1d2e/64 scope link
valid_lft forever preferred_lft forever
4: docker0: mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:a8:c4:66:fb brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
NO-CARRIER: docker0 没有连接外部的系统
BROADCAST,MULTICAST,UP:支持广播和组播
qdisc noqueue state DOWN:流量的排队规则
- 运行一个docker container,使用default bridge
[root@localhost ~]# docker run --rm -dit --name alpine1 alpine ash
WARNING: IPv4 forwarding is disabled. Networking will not work.
bf3342ceeb32c656437803394fc18797cda8d2162a4840f3724c92b656767762
[root@localhost ~]# docker run --rm -dit --name alpine2 alpine ash
WARNING: IPv4 forwarding is disabled. Networking will not work.
f776e8cbb4eccbbee27e15f9d4d84ca7a50cc75b1deca2211b455ec42c3d67e6
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f776e8cbb4ec alpine "ash" About a minute ago Up About a minute alpine2
bf3342ceeb32 alpine "ash" About a minute ago Up About a minute alpine1
- 查看目前运行的网络
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9d3c66897415 bridge bridge local
726cbc66240c host host local
f80e6afec2c4 none null local
- 查看哪些container连接到了bridge
[root@localhost ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "9d3c66897415ed65fa0efe4a659a0c45427ef17d5e53e793fd70f7c36f87dbe9",
"Created": "2018-03-21T04:14:55.629404898-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"bf3342ceeb32c656437803394fc18797cda8d2162a4840f3724c92b656767762": {
"Name": "alpine1",
"EndpointID": "3dad400f70853aef35a9b91ff9e30fdebd5d4a86e9ffec59c75fda251d81737f",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"f776e8cbb4eccbbee27e15f9d4d84ca7a50cc75b1deca2211b455ec42c3d67e6": {
"Name": "alpine2",
"EndpointID": "eac2c3a844bf145a5e9ab3538617f231a87e7edebfc21ecfb0349b90e8aff746",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
这里可以看到我们的两个container连到了默认的bridge中去了
- 去container中去,检查网络信息
[root@localhost ~]# docker attach alpine1
/ # ls
bin etc lib mnt root sbin sys usr
dev home media proc run srv tmp var
/ # ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link src 172.17.0.2
[root@localhost init.d]# docker attach alpine2
/ # ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if10: mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link src 172.17.0.3
/ # ping -c 2 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.161 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.096 ms
--- 172.17.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.096/0.128/0.161 ms
User-defined network usage
- 创建一个bridge
[root@localhost ~]# docker network create --driver bridge my-bridge
4c6f445889e2fa86a04d49586e0e5f8765915a621b8fcbdee88457545ec985d6
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9d3c66897415 bridge bridge local
726cbc66240c host host local
4c6f445889e2 my-bridge bridge local
f80e6afec2c4 none null local
[root@localhost ~]# docker network inspect my-bridge
[
{
"Name": "my-bridge",
"Id": "87a2e3ee5e6427d0dc5fff4d3637ae423e8d15404b487753776a70adb00ff151",
"Created": "2018-03-23T02:11:58.07690426-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
- 运行container 连接到自定义bridge
[root@localhost ~]# docker run --rm -dit --name alpine1 --network my-bridge alpine ash
WARNING: IPv4 forwarding is disabled. Networking will not work.
eaa70b77c4c1d3d06e3fbf51b0a3678141e183b7d5db17a8ba2163d37cf85c98
- 检查network的信息
[root@localhost ~]# docker network inspect my-bridge
[
{
"Name": "my-bridge",
"Id": "87a2e3ee5e6427d0dc5fff4d3637ae423e8d15404b487753776a70adb00ff151",
"Created": "2018-03-23T02:11:58.07690426-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"8d0c952df68ea3c0f20cd58d0bbb13a73c176b4e7dcc98b9d20790f28225835d": {
"Name": "alpine2",
"EndpointID": "ce1bef30b81bb1080134c5ef9c453f5a63b08e21cc919954f6a55fc6606f1ac5",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"eaa70b77c4c1d3d06e3fbf51b0a3678141e183b7d5db17a8ba2163d37cf85c98": {
"Name": "alpine1",
"EndpointID": "1864f9cab0b8c16d760cf40a2b0742d2618f637fc13fca9d7f7ed8104d9556a4",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
这里可以看到两个container连接到了自己创建的bridge
[root@localhost ~]# docker attach alpine1
/ # ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
13: eth0@if14: mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip route
default via 172.18.0.1 dev eth0
172.18.0.0/16 dev eth0 scope link src 172.18.0.2
这里自定义的bridge可以使用域名进行互相访问
/ # ping -c 2 alpine2
PING alpine2 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.178 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.135 ms
--- alpine2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.135/0.156/0.178 ms