docker--docker network mode

This article will understand the network model of docker

Docker's network mode

When the docker process runs, it will automatically create a docker0 virtual bridge on the host, which is equivalent to a physical switch. It can exchange network information, realize the host communication between network segments, and assign an address in an unused private network segment to the docker0 interface

At the same time, when creating Docker container, a pair of veth pair interfaces will be created. veth pair technology is used. veth pair is a pair of virtual device interfaces. It appears in pairs. One end is connected to the protocol stack and the other end is connected to each other. Therefore, veth pair is used as a bridge to link various virtual devices

The following example creates a tomcat01 container

When our host tries to connect to the tomcat01 container in docker, it is found that it can be connected

Then do the test, create a tomcat02 container again, try to ping each other between the two containers, and it is found that it can pass through

At the same time, another pair of network cards is found on the host computer

For docker, all network interfaces are virtual, and the virtual forwarding efficiency is very high. At the same time, veth pair technology is used

Custom network

Previously, we have known that docker will automatically create docker0, a virtual network card. At the same time, each container will use veth pair technology to create a pair of network cards to achieve interoperability between containers. However, the existing problems are:

  • Can the communication between two containers only be through ip? Can you make a mapping, such as ping tomcat01? In this way, even if the ip changes, the two can still communicate
  • The isolation between containers cannot be achieved. Through the above test, it can be found that two containers can communicate, but in fact, there may be no communication between my Redis cluster and MySQL Cluster, that is, the isolation between containers should be achieved

You need to use a custom network. You can use docker network to view all the information in the current network

[root@tdsql_1 /]# docker network --help

Usage:  docker network COMMAND

Manage networks

Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks

Run 'docker network COMMAND --help' for more information on a command.

For example, view all current networks

[root@tdsql_1 /]# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
4eda75cb17cb   bridge    bridge    local
3367ec36fa31   host      host      local
8df0f89d4c48   none      null      local

[root@tdsql_1 /]# docker network inspect 4eda75cb17cb

You can find that this network card contains three containers!

To customize the network, you only need to use the docker network create command

[root@tdsql_1 /]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
a50aadf24c2339636c3ba4eb9e6905fd5c8bb9384986bcd53a4156cd1c07218d

  • – driver bridge: refers to the link mode of creating the network. There are generally four link modes:

    • Bridge: Bridge docker (by default, you can create it yourself in bridge mode)
    • none: the network is not configured. Generally, it is not used
    • Host: share the network with the host
    • Container: container network connectivity (less used! Very limited)

  • – subnet: Specifies the network segment

  • – gateway: Specifies the gateway

This will create a custom network, then create tomcat, use this custom network, and use – net to specify the created network mynet

[root@tdsql_1 /]# docker run -d -P --name tomcat-net-01 --net mynet tomcat
c6c4a6180a6592170a3f1e7122f473ece22f6fc37121047143918ed7e086e867
[root@tdsql_1 /]# docker run -d -P --name tomcat-net-02 --net mynet tomcat
395bee1d4fa68812afac4b2d44845b02038589daff5ff84b3a46e1eb5c331ab2

View the basic information of mynet network

It can be found that the two tomcat containers created have been added to the network. The test connection communication can use the containers between the same mynet network to communicate

So can different networks communicate? Can't communicate

To communicate between the two network segments, you must first open the network. Use the docker connect command to open the network and find that it can be connected

Keywords: Docker

Added by kkobashi on Thu, 20 Jan 2022 11:32:24 +0200

Popular Keywords

©2024 Programming VIP