本文章来自【知识林】
在Docker服务安装成功后默认有三个网络(docker network ls
):
C:\Users\zsl-pc>docker network ls
NETWORK ID NAME DRIVER SCOPE
992344cd89fe bridge bridge local
06445f4f5774 host host local
2d964ece79b9 none null local
bridge
:是容器的默认网络,可以配置后与宿主机通信从而与互联网互联互通。
host
和none
:是属于无网络(可以使用docker network inspect host
查看,其中无子网和网关),容器添加到这两个网络时时将容器添加到特定的容器网络堆栈,是不能与外界网络通信的。
每当使用docker run
启动一个容器时,这个容器都会有一个默认的网络,即bridge
。
可以通过inspect
命令查看各网络中的容器(查看bridge
网络):
C:\Users\zsl-pc>docker network inspect bridge
[
{
"Name": "bridge",
"Id": "992344cd89fe90aa240651e7497131e5dc40539d3f1ad540f973feab6b345b3c"
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
在Containers中看到是空,表示目前还没有任何容器加入到这个网络。
启动容器:
docker run -d -it --name c1 centos /bin/bash -c "while true; do echo hello; sleep 1; done"
说明:启动了一个名为c1
的Centos的容器,每隔一秒输出hello
,可以通过docker logs c1
查看输出信息。
此时再查看bridge
网络(docker network inspect bridge
):
C:\Users\zsl-pc>docker network inspect bridge
…………
"Containers": {
"7883225f9192cb4eb68283fd47bc9435ab70dd76803ede1d926f30db3bb1101f": {
"Name": "c1",
"EndpointID": "e784f093b0c810f5c5112235e2e8502f6193077fa5da44a9a527aa9086894382",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
}
…………
说明:可以看到bridge
网络中已经有一个容器c1
,且IP地址是172.17.0.2
。
通过这个例子可以看出在docker run
启动容器时在未指定网络情况下默认使用了bridge
这个网络。
在容器中查看网络
C:\Users\zsl-pc>docker exec -it c1 /bin/bash
[root@7883225f9192 /]# more /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 7883225f9192
[root@7883225f9192 /]#
可以看到主机名7883225f9192
对应的IP地址正是前面所说的172.17.0.2
。也可通过ifconfig
查看容器内部的网络信息,如果提示:bash: ifconfig: command not found
可以先安装网络工具:yum install -y net-tools
,安装完成后再输入:ifconfig
[root@7883225f9192 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:acff:fe11:2 prefixlen 64 scopeid 0x20<link>
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 2057 bytes 7829768 (7.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1873 bytes 105536 (103.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0
就是这个容器的网卡信息,也可以看出IP地址是172.17.0.2
。
再启动一个容器与其他容器通信
docker run -d -it --name c2 centos /bin/bash -c "while true; do echo hello; sleep 1; done"
说明:又启动了一个容器,名称为c2
,与c1
做的事情一样。再使用docker network inspect bridge
可以看到:
C:\Users\zsl-pc>docker network inspect bridge
…………
"Containers": {
"7117f84edc269c5f61052a136791e775e26372c2b977db77081cd78533e5721e": {
"Name": "c2",
"EndpointID": "78be5b7b0737d23082607fd016664017df77ceb1d469d9a3972033796ac8d761",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"7883225f9192cb4eb68283fd47bc9435ab70dd76803ede1d926f30db3bb1101f": {
"Name": "c1",
"EndpointID": "859ff1ec55e136c5ec431df7baaf42af8f2a3e872a7472e16e392a9fa68d797d",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
}
…………
可以看出:c1
和c2
是在一个局域网内,c2
的IP地址是172.17.0.3
,可以尝试互相ping一下看是否能ping通:
C:\Users\zsl-pc>docker exec -it c2 /bin/bash
[root@7117f84edc26 /]# ping -w 4 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.114 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.120 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.121 ms
64 bytes from 172.17.0.2: icmp_seq=5 ttl=64 time=0.115 ms
--- 172.17.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3996ms
rtt min/avg/max/mdev = 0.044/0.102/0.121/0.032 ms
[root@7117f84edc26 /]# exit
C:\Users\zsl-pc>docker exec -it c1 /bin/bash
[root@7883225f9192 /]# ping -w 4 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.107 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.089 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.113 ms
64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.114 ms
--- 172.17.0.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3996ms
rtt min/avg/max/mdev = 0.048/0.094/0.114/0.025 ms
[root@7883225f9192 /]#
在c2
里面是可以ping通c1
的IP地址,在c1
里面也可以ping通c2
的IP地址,说明在一个网络下的容器是可以相互通信的。
本文章来自【知识林】