当前位置：网站首页>[cloud native | 17] four network modes of container

[cloud native | 17] four network modes of container

2022-07-26 04:43:00 【Xiaopeng Linux】

Author's brief introduction ： The third season of the New Star program for high-quality creators in cloud computing python Track TOP1 Alibaba cloud ACE Certified Senior Engineer
️ Personal home page ： Xiao peng linux
Personal community ： Xiao peng linux（ Personal community ） Welcome to join ！

Recommend a magical topic brush for you Click the link to visit Niuke
Interview questions of major Internet companies . There are all kinds of interview questions from basic question bank to advanced question bank ！
Collection of niuke.com , Meet the interview technical depth of large factories , Fast build Java The core knowledge system is taught by interviewers in large factories , Prepare for interview and skill improvement , Main test points + Mainstream scenes + Internal skill improvement + Analysis of the real problem

1. Docker Process modification

Relatively rare

It will affect all container processes

-b, --bridge=”” Appoint Docker Bridge equipment used , By default Docker Will automatically create and use docker0 Bridge equipment , With this parameter, you can use existing devices .

--bip Appoint Docker0 Of IP And mask , standards-of-use CIDR form , Such as 10.10.10.10/24

--dns Of the configuration container DNS, Start up Docker Process add , All containers are in effect

2. Four network modes of container

With the docker run After the order ：

--dns Used to specify the container to start DNS（ The default is physical ）

--net Used to specify the network communication mode of the container , There are four values

bridge：Docker Default mode , Bridge mode

none： Container has no network stack （ It is mainly used in offline analysis and other modes , Data can be transferred through directory mount , Convenient and safe ）

container： Network stack using other containers ,Docker Containers will be added to other containers network namespace（ The network card of container 2 directly enters the virtual space of container 1 , The two containers communicate directly through the local loopback interface , Extraordinary Universities . It is generally used when only the network adopts this mode to connect , Other processes are isolated from each other ） --network container:(ContainerName)

host： Indicates that the container uses Host Network of , There is no independent network stack . Containers have full access to Host Network of ,

unsafe ！ --network host

2.1 bridge Model experiment

[[email protected] ~]# docker images		# Look at the mirror image 
[[email protected] ~]# docker run --name test1 -d nginx:latest		# Containers test1 Do not specify network mode 
[[email protected] ~]# docker run --name test2 --net bridge -d nginx:latest	# Specify the container test2 The network model of is  bridge Bridge mode 
[[email protected] ~]# docker inspect test1		# Check out "Gateway": "172.17.0.1", and "IPAddress": "172.17.0.2",
[[email protected] ~]# docker inspect test2		# Check out "Gateway": "172.17.0.1", and  "IPAddress": "172.17.0.3

It shows that the network mode of the two containers is the same and can communicate with each other . That is, the default network mode of the container is bridge Bridge mode

2.2 none Model experiment

[[email protected] ~]# docker run --name test3 --net none -d nginx:latest		# Specify the container test3 The network model of is  none Pattern 
[[email protected] ~]# docker inspect test3	# Check to see if ip And gateway

2.3 container Model experiment

[[email protected] ~]# cc	# Delete all containers first 
[[email protected] ~]# docker images	# Look at the mirror image 
[[email protected] ~]# docker run --name test1 -d nginx:latest	# Normal boot mirror nginx:latest
[[email protected] ~]# docker run --name test2 --net container:test1 -d hub.c.163.com/public/centos:7.2-tools	#container Mode starts mirroring hub.c.163.com/public/centos:7.2-tools
[[email protected] ~]# docker exec -it test2 /bin/bash		# Get into test2 Containers 
[[email protected] /]# curl localhost			# Found access to nginx The default page for 
[[email protected] /]# ifconfig 		# see eth0 Of ip by 172.17.0.2
[[email protected] /]# exit		# sign out 
[[email protected] ~]# docker inspect test1		# Check and find this container test1 The address of

It indicates that the network has been shared in this mode .

2.4 host Model experiment

Browser access 192.168.232.165, The visit to fail

[[email protected] ~]# netstat -anpt | grep 80	# Check the port , nothing 80 port 
[[email protected] ~]# docker run --name test1 --net host -d nginx:latest		# With host Network mode start nginx Mirror image 
[[email protected] ~]# netstat -anpt | grep 80	# Check out 80 Open port

Browser access 192.168.232.165, Successful visit

3. Customize Docker0 Bridge address of

modify /etc/docker/daemon.json file

{
    "bip": "192.168.1.5/24",						# Specifies the current docker The address of 
    "fixed-cidr": "192.168.1.0/24",					# Safe cidr Network segment （ The address of each container is through dhcp Acquired ）
    "fixed-cidr-v6": "2001:db8::/64",				#ipv6 It's safe cidr Network segment 
    "mtu": "1500",								    # Packet size 
    "default-gateway": "192.168.1.1",				# Default gateway 
    "default-gateway-v6": "2001:db8:abcd::89",		#ipv6 The default gateway of 
    "dns": ["192.168.1.2","192.168.1.3"]			#DNS The server 
}

4. Project isolation

4.1 Basic commands

docker network ls # View currently available network types

example ：

docker network create -d type # Cyberspace name

# Types are divided into ：

# overlay network

# bridge network

4.2 Separate to different network namespaces

command ：

docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" my-bridge-network

The experimental steps ：

First create my-bridge-network The Internet , The network type is bridge, The network segment is 26

[[email protected] ~]# docker network create -d bridge --subnet "172.27.0.0/16" --gateway "172.27.0.1" anxiaopeng

Then create anxiaopeng The Internet , The network type is also bridge, The network segment is 27

[[email protected] ~]# docker network create -d bridge --subnet "172.27.0.0/16" --gateway "172.27.0.1" anxiaopeng

Look at the following ：

[[email protected] ~]# docker network ls

Start the mirror , Define the first two containers as the same bridge with the network name （26 Network segment , but ip This network segment is random ）, The last two containers are the same bridge （27 Network segment , but ip This network segment is random ）. But all four containers are bridge Bridge mode . This scenario is equivalent to creating multiple projects at work , There are multiple containers in each project , Containers within each project can communicate with each other , But each project is isolated and cannot communicate .

[[email protected] ~]# docker run --name test1.1 --net my-bridge-network -d hub.c.163.com/public/centos:7.2-tools
[[email protected] ~]# docker run --name test1.2 --net my-bridge-network -d hub.c.163.com/public/centos:7.2-tools
[[email protected] ~]# docker run --name test2.1 --net anxiaopeng -d hub.c.163.com/public/centos:7.2-tools
[[email protected] ~]# docker run --name test2.2 --net anxiaopeng -d hub.c.163.com/public/centos:7.2-tools

The order is as follows ：

docker run -d --network=my-bridge-network --name test1  hub.c.163.com/public/centos:6.7-tools
docker run -d --name test2  hub.c.163.com/public/centos:6.7-tools

4.3 Use Linux The bridge communicates between hosts

[[email protected] ~]# docker run --name test1 -p 2222:22 -d hub.c.163.com/public/centos:7.2-tools
[[email protected] ~]# docker exec -it test1 /bin/bash
[[email protected] /]# vim /etc/ssh/sshd_config	# open sshd The configuration file

take #PermitRootLogin yes uncomment , allow root Remote login

[[email protected] /]# passwd	# Change the password to 123456

And then use xshell Tool remote connection IP by ：192.168.232.165, Port is ：2222

[[email protected] ~]#	    # Discovery can log in successfully . It indicates that the current container can be used as a ssh Remote service of 
[[email protected] ~]# docker commit test1 ssh:v0.1	# Package this container into ssh Mirror of the service ！
[[email protected] ~]# cc	# Delete container 
[[email protected] ~]# mkdir /usr/local/script	# Create a directory 
[[email protected] ~]# ifconfig	# First check the existing bridge , The following names cannot conflict when creating a bridge 
[[email protected] ~]# vim /usr/local/script/init-br.sh	# Create a script , The script is as follows ：
#!/bin/bash
ip addr del dev ens33 192.168.232.165/24        # Delete the current physical machine ens33 NIC ip Address 
ip link add link ens33 dev br0 type macvlan mode bridge     # Create one based on ens33 NIC br0 bridge , The type is macvlan The network mode is bridge
ip addr add 192.168.232.165/24 dev br0  # Set up br0 Bridged ip The address is local ip（ If a physical network card becomes a bridge , Then it must not have ip Address , Share with the bridge ）
ip link set dev br0 up                  # start-up br0 bridge 
ip route add default via 192.168.232.1 dev br0  # to br0 Add a gateway to the bridge 
[[email protected] ~]# chmod +x /usr/local/script/init-br.sh 		# Add permissions 
[[email protected] ~]# /bin/bash /usr/local/script/init-br.sh		# The startup script 
[[email protected] ~]# ifconfig	# View discovery ens33 No network card ip Address ,br0 Bridge yes 192.168.232.165IP Address

Use the computer client cmd window ping 192.168.232.165, Discovery can ping Through the

[[email protected] ~]# rz	# Upload pipework-master.zip Compressed package 
[[email protected] ~]# unzip pipework-master.zip	# decompression 
[[email protected] ~]# cp -a pipework-master/pipework /usr/local/bin/	
[[email protected] ~]# chmod a+x /usr/local/bin/pipework	# Add permissions 
[[email protected] ~]# docker run --name test1 --net none -d ssh:v0.1
[[email protected] ~]# pipework br0 test1 192.168.232.166/[email protected]	    # Set container address assignment

Then use the brain client cmd window ping 192.168.232.166, Discovery can ping through

Conclusion

Recommend a magical topic brush for you Click the link to visit Niuke
Interview questions of major Internet companies . There are all kinds of interview questions from basic question bank to advanced question bank ！
Collection of niuke.com , Meet the interview technical depth of large factories , Fast build Java The core knowledge system is taught by interviewers in large factories , Prepare for interview and skill improvement , Main test points + Mainstream scenes + Internal skill improvement + Analysis of the real problem