1. Docker支持的网络类型
# 查看docker支持的网络类型
[root@bdc01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f40c126df9e7 bridge bridge local
1012f87c966b host host local
f6e867b802ac none null local
bridge网络类型:相当于搭建虚拟机时候使用的NAT网络模型:
# 宿主机安装docker之后,生成了一块网卡,IP为172.17.0.1
# 后续启动的容器,其网段就是172.17.0.0,IP地址从2开始递增,启动的第一个容器的IP为172.17.0.2,第二个容器的IP地址为172.17.0.3,依此类推
# 在172.17.0.0网段之内的各个容器之间、容器与宿主机之间都可以进行网络访问
# 容器也可以通过宿主机的网卡访问外网,前提是宿主机本身可以访问外网
# 但是跨主机的容器之间是无法访问的
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:2cff:fef3:7b26 prefixlen 64 scopeid 0x20<link>
ether 02:42:2c:f3:7b:26 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 266 (266.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
host网络类型:容器与宿主机共用网络模式,即容器的IP与宿主机的一样,容器内开通的端口就是占用宿主机同样的端口,包括主机名都是相同的
container网络类型:容器与容器之间共用网络模式,即各个容器的IP一样,端口也是使用的一套端口,不能重复
none网络类型:无网络
# 启动容器的时候可以设置网络类型,默认就是bridge
docker container run -it --name centos6.9 --network bridge centos:6.9 /bin/bash
2. Docker跨主机网络
Docker容器之间的跨主机访问有很多实现方法,macvlan和overlay是两种轻量级的方式
2.1 macvlan方式实现Docker跨主机网络
# 创建名为"macvlan_1"的网络通道,并设置了其网段,网卡名
[root@bdc01 ~]# docker network create --driver macvlan --subnet=100.0.0.0/24 --gateway=100.0.0.254 -o parent=eth0 macvlan_1
02eb9a47bd4bd9b7e42f744b921a43987be9556cb08ea89dc2beb316673daf84
# 另一台机器上也用相同的方式创建了名为"macvlan_1"的网络通道
[root@bdc02 ~]# docker network create --driver macvlan --subnet=100.0.0.0/24 --gateway=100.0.0.254 -o parent=eth0 macvlan_1
7fd34135700dd47c8164a571fe7f671bb85948f39644f5e51ddbce937fb11481
# 分别在两台机器上启动容器
# 由于默认没有ping命令,且容器内不能访问外网安装ping命令,所以我用有ping命令的镜像启动的容器,镜像是自己制作的
[root@bdc01 ~]# docker run -it --network macvlan_1 --ip 100.0.0.1 yyh/centos6.9:v1.0 /bin/bash
[root@dff3a3697efe /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:64:00:00:01
inet addr:100.0.0.1 Bcast:100.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:60 (60.0 b) TX bytes:0 (0.0 b)
...
[root@bdc02 ~]# docker run -it --network macvlan_1 --ip 100.0.0.2 yyh/centos6.9:v1.0 /bin/bash
[root@34cd6063adf2 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:64:00:00:01
inet addr:100.0.0.2 Bcast:100.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:276 (276.0 b) TX bytes:0 (0.0 b)
...
# 容器之间可以ping通
[root@dff3a3697efe /]# ping 100.0.0.2
PING 100.0.0.2 (100.0.0.2) 56(84) bytes of data.
64 bytes from 100.0.0.2: icmp_seq=1 ttl=64 time=0.416 ms
64 bytes from 100.0.0.2: icmp_seq=2 ttl=64 time=3.74 ms
...
[root@34cd6063adf2 /]# ping 100.0.0.1
PING 100.0.0.1 (100.0.0.1) 56(84) bytes of data.
64 bytes from 100.0.0.1: icmp_seq=1 ttl=64 time=0.790 ms
64 bytes from 100.0.0.1: icmp_seq=2 ttl=64 time=1.09 ms
macvlan方式的缺点:容器不能访问外网,且两台容器的IP可以相同
2.2 overlay方式实现Docker跨主机网络
# 1.启动consul容器,实现网络的统一配置管理
docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap
# 2.Docker所有的客户端修改配置文件,重启docker服务
vim /etc/docker/daemon.json
{
# IP是宿主机的IP
...
"hosts":["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://10.0.0.11:8500",
"cluster-advertise": "10.0.0.11:2376"
}
systemctl daemon-reload
systemctl restart docker
# 3.创建overlay网络,只需要在一个节点创建
[root@bdc01 ~]# docker network create -d overlay --subnet 172.16.0.0/24 --gateway 172.16.0.254 overlay
b6ed34ef1071d48f1990dc4fe68b57c3323ebae5be45d3750d86ad4f4a9ab620
# 4.启动容器测试
[root@bdc01 ~]# docker run -it --network overlay busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
9758c28807f2: Pull complete
Digest: sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Status: Downloaded newer image for busybox:latest
/ # ifconfig
# 每个容器有两块网卡,eth0实现容器间的通讯,eth1实现容器访问外网
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:00:01
inet addr:172.16.0.1 Bcast:172.16.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:13:00:02
inet addr:172.19.0.2 Bcast:172.19.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1222 (1.1 KiB) TX bytes:0 (0.0 B)
...
/ # ping www.baidu.com
PING www.baidu.com (220.181.38.150): 56 data bytes
64 bytes from 220.181.38.150: seq=0 ttl=127 time=6.180 ms
64 bytes from 220.181.38.150: seq=1 ttl=127 time=13.048 ms
[root@bdc02 sshd]# docker run -it --network overlay busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
9758c28807f2: Pull complete
Digest: sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d
Status: Downloaded newer image for busybox:latest
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:10:00:02
inet addr:172.16.0.2 Bcast:172.16.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:AC:12:00:02
inet addr:172.18.0.2 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1222 (1.1 KiB) TX bytes:0 (0.0 B)
...
/ # ping www.baidu.com
PING www.baidu.com (220.181.38.150): 56 data bytes
64 bytes from 220.181.38.150: seq=0 ttl=127 time=7.446 ms
64 bytes from 220.181.38.150: seq=1 ttl=127 time=9.846 ms
这里,跨主机的两个容器可以访问外网,但是互相不能ping通....原因以及解决方案待更新
