安装Docker时会自动创建3个网络,可以使用docker network ls命令列出这些网络。
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
ebcfad6f4255 bridge bridge local
b881c67f8813 compose_lnmp_lnmp bridge local
fcf5201effd8 demo_net bridge local
8104a1b1ed6c host host local
7a7562f2d82d none null local
bridge是Docker的默认网络驱动程序,用于连接容器和主机上的网络。它是本地范围的网络,仅在主机上可见。compose_lnmp_lnmp是一个命名的网络,是由Docker Compose创建的,它允许在同一Compose项目中的容器之间进行通信。demo_net是另一个命名的网络,自己创建的网络。host是另一种网络模式,容器与主机共享网络命名空间,因此容器可以直接与主机上的服务进行通信。none表示容器没有与任何网络连接。我们在使用docker run创建容器时,可以用--net选项指定容器的网络模式,Docker有以下4种网络模式:
- Host模式,使用--net=host指定。
- Container模式,使用--net=container:NAME_or_ID指定。
- None模式,使用--net=none指定。
- Bridge模式,使用--net=bridge指定,默认设置。
Host模式
仅主机
Docker底层使用了Linux的Namespaces技术来进行资源隔离,如PID Namespace隔离进程,Mount Namespace隔离文件系统,Network Namespace隔离网络等。一个Network Namespace提供了一份独立的网络环境,包括网卡、路由、Iptables规则等都与其他的Network Namespace隔离。一个Docker容器一般会分配一个独立的Network Namespace。但如果启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Root Network Namespace。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。出于安全考虑不推荐使用这种网络模式。
我们在192.168.50.59/24的机器上用Host模式启动一个含有WEB应用的Docker容器,监听TCP 80端口。当我们在容器中执行任何类似ifconfig命令查看网络环境时,看到的都是宿主机上的信息。而外界访问容器中的应用,则直接使用192.168.200.111:80即可,不用任何NAT转换,就如直接跑在宿主机中一样。但是,容器的其他方面,如文件系统、进程列表等还是和宿主机隔离的。
用host启动 busybox并查看
[root@localhost ~]# docker run -itd --net=host --name=host busybox
df0de56d85f71c01eb015946a1761373d6bb565f73fd3f43a239135c1998fa84
[root@localhost ~]# docker exec -it host ifconfig
br-b881c67f8813 Link encap:Ethernet HWaddr 02:42:00:73:93:F4
inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br-fcf5201effd8 Link encap:Ethernet HWaddr 02:42:57:20:7F:6B
inet addr:172.25.0.1 Bcast:172.25.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:57ff:fe20:7f6b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1484 (1.4 KiB) TX bytes:488 (488.0 B)
docker0 Link encap:Ethernet HWaddr 02:42:96:A8:40:FE
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:96ff:fea8:40fe/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:104 errors:0 dropped:0 overruns:0 frame:0
TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12669 (12.3 KiB) TX bytes:17954 (17.5 KiB)
ens33 Link encap:Ethernet HWaddr 00:0C:29:E8:B0:6A
inet addr:192.168.50.59 Bcast:192.168.50.255 Mask:255.255.255.0
inet6 addr: fe80::dbbb:645e:9534:365f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6723 errors:0 dropped:0 overruns:0 frame:0
TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:533557 (521.0 KiB) TX bytes:722896 (705.9 KiB)
ens36 Link encap:Ethernet HWaddr 00:0C:29:E8:B0:74
inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::4e02:634e:67ca:d86e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:146425 errors:0 dropped:0 overruns:0 frame:0
TX packets:37335 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:173609362 (165.5 MiB) TX bytes:2671847 (2.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
veth1cd495b Link encap:Ethernet HWaddr 9A:18:5B:97:FC:AF
inet6 addr: fe80::9818:5bff:fe97:fcaf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2115 (2.0 KiB) TX bytes:2924 (2.8 KiB)
veth1fe7fee Link encap:Ethernet HWaddr 1A:7A:43:B5:E2:A8
inet6 addr: fe80::187a:43ff:feb5:e2a8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2086 (2.0 KiB) TX bytes:1076 (1.0 KiB)
veth21224d2 Link encap:Ethernet HWaddr C6:5D:7E:9C:F3:E1
inet6 addr: fe80::c45d:7eff:fe9c:f3e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:476 (476.0 B) TX bytes:1174 (1.1 KiB)
veth2af5e71 Link encap:Ethernet HWaddr F2:B0:7F:98:3A:7E
inet6 addr: fe80::f0b0:7fff:fe98:3a7e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2157 (2.1 KiB) TX bytes:2521 (2.4 KiB)
veth3839b96 Link encap:Ethernet HWaddr 76:01:DE:59:71:9A
inet6 addr: fe80::7401:deff:fe59:719a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:476 (476.0 B) TX bytes:1174 (1.1 KiB)
veth5b04bf4 Link encap:Ethernet HWaddr 8A:53:86:BC:37:1C
inet6 addr: fe80::8853:86ff:febc:371c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:378 (378.0 B) TX bytes:1034 (1.0 KiB)
veth6d1b68f Link encap:Ethernet HWaddr 1A:12:AA:12:AD:E2
inet6 addr: fe80::1812:aaff:fe12:ade2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1795 (1.7 KiB) TX bytes:2008 (1.9 KiB)
veth7fdc9d7 Link encap:Ethernet HWaddr 3E:7A:4E:8B:56:13
inet6 addr: fe80::3c7a:4eff:fe8b:5613/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:378 (378.0 B) TX bytes:1522 (1.4 KiB)
veth9e68eab Link encap:Ethernet HWaddr 16:03:A6:A6:78:F5
inet6 addr: fe80::1403:a6ff:fea6:78f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3519 (3.4 KiB) TX bytes:6034 (5.8 KiB)
vethb62206b Link encap:Ethernet HWaddr 2E:6D:F9:34:AB:CA
inet6 addr: fe80::2c6d:f9ff:fe34:abca/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4455 (4.3 KiB) TX bytes:8407 (8.2 KiB)
vethd26c9e7 Link encap:Ethernet HWaddr 46:D3:F8:F7:D5:CF
inet6 addr: fe80::44d3:f8ff:fef7:d5cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:378 (378.0 B) TX bytes:1034 (1.0 KiB)宿主机查看
[root@localhost ~]# ifconfig
br-b881c67f8813: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:00:73:93:f4 txqueuelen 0 (Ethernet)
RX packets 146479 bytes 173614294 (165.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37337 bytes 2672249 (2.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-fcf5201effd8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.0.1 netmask 255.255.0.0 broadcast 172.25.255.255
inet6 fe80::42:57ff:fe20:7f6b prefixlen 64 scopeid 0x20<link>
ether 02:42:57:20:7f:6b txqueuelen 0 (Ethernet)
RX packets 27 bytes 4455 (4.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51 bytes 8407 (8.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:96ff:fea8:40fe prefixlen 64 scopeid 0x20<link>
ether 02:42:96:a8:40:fe txqueuelen 0 (Ethernet)
RX packets 104 bytes 12669 (12.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 124 bytes 17954 (17.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.50.59 netmask 255.255.255.0 broadcast 192.168.50.255
inet6 fe80::dbbb:645e:9534:365f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e8:b0:6a txqueuelen 1000 (Ethernet)
RX packets 6752 bytes 535747 (523.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4822 bytes 735148 (717.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.110 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::4e02:634e:67ca:d86e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e8:b0:74 txqueuelen 1000 (Ethernet)
RX packets 146479 bytes 173614294 (165.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37337 bytes 2672249 (2.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1cd495b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9818:5bff:fe97:fcaf prefixlen 64 scopeid 0x20<link>
ether 9a:18:5b:97:fc:af txqueuelen 0 (Ethernet)
RX packets 17 bytes 2115 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2924 (2.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1fe7fee: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::187a:43ff:feb5:e2a8 prefixlen 64 scopeid 0x20<link>
ether 1a:7a:43:b5:e2:a8 txqueuelen 0 (Ethernet)
RX packets 23 bytes 2086 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1076 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth21224d2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::c45d:7eff:fe9c:f3e1 prefixlen 64 scopeid 0x20<link>
ether c6:5d:7e:9c:f3:e1 txqueuelen 0 (Ethernet)
RX packets 6 bytes 476 (476.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1174 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth2af5e71: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::f0b0:7fff:fe98:3a7e prefixlen 64 scopeid 0x20<link>
ether f2:b0:7f:98:3a:7e txqueuelen 0 (Ethernet)
RX packets 18 bytes 2157 (2.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 2521 (2.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth3839b96: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::7401:deff:fe59:719a prefixlen 64 scopeid 0x20<link>
ether 76:01:de:59:71:9a txqueuelen 0 (Ethernet)
RX packets 6 bytes 476 (476.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1174 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth5b04bf4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::8853:86ff:febc:371c prefixlen 64 scopeid 0x20<link>
ether 8a:53:86:bc:37:1c txqueuelen 0 (Ethernet)
RX packets 5 bytes 378 (378.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1034 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth6d1b68f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1812:aaff:fe12:ade2 prefixlen 64 scopeid 0x20<link>
ether 1a:12:aa:12:ad:e2 txqueuelen 0 (Ethernet)
RX packets 17 bytes 1795 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27 bytes 2008 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth7fdc9d7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::3c7a:4eff:fe8b:5613 prefixlen 64 scopeid 0x20<link>
ether 3e:7a:4e:8b:56:13 txqueuelen 0 (Ethernet)
RX packets 5 bytes 378 (378.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19 bytes 1522 (1.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth9e68eab: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1403:a6ff:fea6:78f5 prefixlen 64 scopeid 0x20<link>
ether 16:03:a6:a6:78:f5 txqueuelen 0 (Ethernet)
RX packets 23 bytes 3519 (3.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 6034 (5.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethb62206b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::2c6d:f9ff:fe34:abca prefixlen 64 scopeid 0x20<link>
ether 2e:6d:f9:34:ab:ca txqueuelen 0 (Ethernet)
RX packets 27 bytes 4455 (4.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51 bytes 8407 (8.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethd26c9e7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::44d3:f8ff:fef7:d5cf prefixlen 64 scopeid 0x20<link>
ether 46:d3:f8:f7:d5:cf txqueuelen 0 (Ethernet)
RX packets 5 bytes 378 (378.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1034 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# docker run -itd --name=con1 busybox
890233a888725ad01804d7c569ca5f68602930312e15b49e0d2279072cd496f7
[root@localhost ~]# docker exec -it con1 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)container模式
这个模式可以指定新创建的容器和已经存在的一个容器共享一个Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过lo网卡设备通信。
使用--net=container:container_id/container_name,多个容器使用共同的网络看到的ip是一样的。
[root@localhost ~]# docker run -itd --net=container:con1 --name=con2 busybox
bda04210a24f5979d60ea5785088cbe029a66ae418e468528a288a59757827dd
[root@localhost ~]# docker run -itd --net=container:con1 --name=con3 busybox
b0e99382e36b49e976a9c38d67d39e057694d98f61bdb4ed4fad13b592156b22
[root@localhost ~]# docker exec -it con2 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@localhost ~]# docker exec -it con3 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
none模式
自己玩模式
在这种模式下,Docker容器拥有自己的Network Namespace,但是并不为Docker容器进行任何网络配置。也就是说,这个Docker容器没有网卡、IP、路由等信息。需要我们自己为Docker容器添加网卡、配置IP等。
使用--net=none指定,这种模式下不会配置任何网络。
[root@localhost ~]# docker run -itd --name=none --net=none busybox
3557fefcac5a2fa0bd5f8dfe878d244c8235ecbf2f3a546085e10c3b7ff39343
[root@localhost ~]# docker exec -it none ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
bridge模式
bridge模式是Docker默认的网络设置,属于一种NAT网络模型,Docker daemon在启动的时候就会建立一个docker0网桥(通过-b参数可以指定),每个容器使用bridge模式启动时,Docker都会为容器创建一对虚拟网络接口(veth pair)设备,这对接口一端在容器的Network Namespace,另一端在docker0,这样就实现了容器与宿主机之间的通信。
在bridge模式下,Docker容器与外部网络通信都是通过iptables规则控制的,这也是Docker网络性能低下的一个重要原因。使用iptables -vnL -t nat可以查看NAT表,在Chain Docker中可以看到容器桥接的规则。
使用iptables -vnL -t nat可以查看NAT表,在Chain Docker中可以看到容器桥接的规则。
[root@localhost ~]# iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 17 packets, 2526 bytes)
pkts bytes target prot opt in out source destination
73 3796 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 17 packets, 2526 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 228 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 3 packets, 228 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !br-fcf5201effd8 172.25.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !br-b881c67f8813 172.18.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- br-fcf5201effd8 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-b881c67f8813 * 0.0.0.0/0 0.0.0.0/0
