配置Docker的网络模型—none-frankzfz-ChinaUnix博客

在启动容器时指定—net=none，表明在启动的Container中不配置任何网络信息，启动后看到的Container内的信息如下所示：没有eth0接口只有一个lo回环接口。但还是有自己独立的network namespace。
root@10-10-63-106 ~]# docker run -i -t --rm --net=none centos6.3-base-v2 /bin/bash

[root@4685a85d0e11 /]# ifconfig

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

docker run -i -t --rm --net=none frankzfz/centos6.3-base-v1 /bin/bash

[root@0861fd7f405a /]# ifconfig

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

获取容器的进程号，

[root@10-10-63-106 ~]# docker inspect -f '{{.State.Pid}}' 0861fd7f405a

695

[root@10-10-63-106 ~]# docker inspect -f '{{.State.Pid}}' 4685a85d0e11

638

创建网络命名空间的跟踪文件

[root@10-10-63-106 ~]# mkdir -p /var/run/netns

[root@10-10-63-106 ~]# ln -s /proc/695/ns/net /var/run/netns/695

[root@10-10-63-106 ~]# ln -s /proc/638/ns/net /var/run/netns/638

创建一对peer接口，A指定为Container_ID=0861fd7f405a的接口名，B指定为Container_ID=4685a85d0e11，并添加路由信息，他们的下一跳都是指向对端IP地址。

[root@10-10-63-106 ~]# ip link add A type veth peer name B

[root@10-10-63-106 ~]# ip link set A netns 695

[root@10-10-63-106 ~]# ip netns exec 695 ip addr add 10.1.1.1/32 dev A

[root@10-10-63-106 ~]# ip netns exec 695 ip link set A up

[root@10-10-63-106 ~]# ip netns exec 695 ip route add 10.1.1.2/32 dev A

[root@0861fd7f405a /]# ifconfig

A Link encap:Ethernet HWaddr CA:39:26:CD:24:BD

inet addr:10.1.1.1 Bcast:0.0.0.0 Mask:255.255.255.255

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

[root@10-10-63-106 ~]# ip link set B netns 638

[root@10-10-63-106 ~]# ip netns exec 638 ip addr add 10.1.1.2/32 dev B

[root@10-10-63-106 ~]# ip netns exec 638 ip link set B up

[root@10-10-63-106 ~]# ip netns exec 638 ip route add 10.1.1.1/32 dev B

[root@4685a85d0e11 /]# ifconfig

B Link encap:Ethernet HWaddr FE:38:13:D9:2F:87

inet addr:10.1.1.2 Bcast:0.0.0.0 Mask:255.255.255.255

inet6 addr: fe80::fc38:13ff:fed9:2f87/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:8 errors:0 dropped:0 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:648 (648.0 b) TX bytes:648 (648.0 b)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

在其中一台Container中ping另一台的IP地址，保证两台Container可以通信。

[root@4685a85d0e11 /]# ping 10.1.1.1

PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.

64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.084 ms

64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.071 ms

64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.073 ms

64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.069 ms

--- 10.1.1.1 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3505ms

rtt min/avg/max/mdev = 0.069/0.074/0.084/0.008 ms

参考文献：