1.创建一个测试容器
[root@localhost ~]# docker run -d -it --name busybox_1 busybox /bin/sh -c "while true;do sleep 3600;done" 03b308c847edd23f21ba69afb825d92f7aaeb05b1ff4431dd47ccee439a0361a
2.查看当前机器docker有哪些网络
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE fa30a4d17b5b bridge bridge local a03aaca35833 host host local d85c50eb947c none null local
3.查看bridge详细信息
[root@localhost ~]# docker network inspect fa30a4d17b5b #fa30a4d17b5b 为bridge的ID ..... "Containers": { #该字段表示名称为busybox_1的Container网络连接到的是bridge这个网络 "03b308c847edd23f21ba69afb825d92f7aaeb05b1ff4431dd47ccee439a0361a": { #容器的ID "Name": "busybox_1", #容器的名称 "EndpointID": "c850f22941894ef8655a80a96e4be4c5045699b70b4bc17201f80f07a27a3b4d", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", #地址 "IPv6Address": "" } }, ......
4.查看宿主机及容器busybox_1这个容器的网络接口,其中宿主机的veth66a7ab0@if110与容器中的eth0@if111网络接口实际上是一对pari,而veth66a7ab0@if110又连接到docker0上
[root@localhost ~]# ip a #查看宿主网络接口 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:fd:34:4b brd ff:ff:ff:ff:ff:ff inet 172.16.150.135/24 brd 172.16.150.255 scope global eth0 valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:23:c0:91:f9 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever 111: veth66a7ab0@if110: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 7e:59:81:8b:54:a2 brd ff:ff:ff:ff:ff:ff link-netnsid 0 [root@localhost ~]# docker exec busybox_1 ip a #查看busybox_1容器的网络接口 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 110: eth0@if111: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:2/64 scope link valid_lft forever preferred_lft forever
5.验证veth66a7ab0网络与docker0相连接
[root@localhost ~]# brctl show #如果没有该命令,yum安装 bridge-utils软件包即可 bridge name bridge id STP enabled interfaces docker0 8000.024223c091f9 no veth66a7ab0
6.创建第二测试容器
[root@localhost ~]# docker run -d -it --name busybox_2 busybox /bin/sh -c "while true;do sleep 3600;done" b884db0bf4a862281b1dfb66457c7f565896fce1a40151619e80c2c5b1499216
7.再次查看bridge网络信息
[root@localhost ~]# docker network inspect bridge ...... "Containers": { "03b308c847edd23f21ba69afb825d92f7aaeb05b1ff4431dd47ccee439a0361a": { "Name": "busybox_1", "EndpointID": "c850f22941894ef8655a80a96e4be4c5045699b70b4bc17201f80f07a27a3b4d", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" }, "b884db0bf4a862281b1dfb66457c7f565896fce1a40151619e80c2c5b1499216": { "Name": "busybox_2", #busybox_2 也连接到bridge "EndpointID": "a5e56917165daf2965bf7f24cf9ce58c88e4ff3c1118544c49ca5f25172af28d", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" } }, ......
8.查看本地网络接口,发现多了113: vethc039e93@if112
[root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:fd:34:4b brd ff:ff:ff:ff:ff:ff inet 172.16.150.135/24 brd 172.16.150.255 scope global eth0 valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:23:c0:91:f9 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever 111: veth66a7ab0@if110: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 7e:59:81:8b:54:a2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
113: vethc039e93@if112: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether ea:a2:a8:dc:48:78 brd ff:ff:ff:ff:ff:ff link-netnsid 1
9.查看bridge网络信息,发现docker0连接率两个接口了
[root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces docker0 8000.024223c091f9 no veth66a7ab0 vethc039e93
简单拓扑图:
总结:实质上docker容器之间通过与docker0接口连接.实现先互直接通信,感觉有点像交换机?
10.docker访问公网简单拓扑图
总结:实质上docker访问公网网络通过docker0 NAT转发实现
