This is the 8th day of my participation in the August More Text Challenge.
【Docker】8
Host IP address A
How does Docker handle container network access?
When the container is started, it will get an eth0@if60 IP address assigned by Docker
Ponder: Can Linux ping through the inside of a container? (can)
The principle of
Every time we start a Docker container, Docker will assign an IP to the Docker container, as long as we install docker, there will be a network card Docker0, bridge mode, using evTH-pair technology!
Test IP Add again
Start another container and find another pair of network cards
We found that this container brought network cards, pairs of network cards.
Veth-pair is a pair of virtual device interfaces, they come in pairs, one end is connected to the interface, the other end is connected to each other. Because of this feature, VEth-pair acts as a bridge between OpenStac,Docker containers, OVS, Both use EVTH-pair technology
Tomcat01 and Tomcat02 share the same router, Docker0.
All containers are routed through Docker0 when no network is specified, and Docker assigns a default available IP to our containers
Containers can ping each other: == container 1→Docker0→ container 2==
All network interfaces in Docker are virtual with high forwarding efficiency. When the container is deleted, the corresponding bridge is also deleted.
Custom Network (recommended)
View all the Docker networks
docker network ls
Copy the code
Network mode
-
Bridge: Bridge docker (default, create your own is also bridge mode)
-
None: Indicates that the network is not configured
-
Host: Shares the network with the host
-
Container: The container network is connected (rarely used! Very limited)
The docker run command takes a default parameter –net Bridge, where bridge refers to Docker0. How do we create a new network if we don’t want to use Docker0?
Create a new network, which was mentioned when installing ES
Docker network create -- Driver network mode --subnet subnet IP --gateway Gateway network nameCopy the code
View network details
Docker network inspect not only found the newly created network newnet under the docker network ls command, but also can use the Docker network inspect command to view its details, including the subnet IP and gateway defined when we created:
As long as both containers are started via — NET and use the same created network, the different containers can communicate with each other by IP address or container name/ID:
Network unicom
Two containers tomcat01 and Tomcat02 are built on different networks (Docker0, newnet). They are in different network segments and therefore cannot ping through each other:
Docker network connect docker network connect docker network connect
Docker Network Connect Network name Container name/IDCopy the code
This function is similar to assigning multiple IP addresses to a container. Docker network Inspect command can also be used to check the changes of the network after network connectivity:
The newnet network originally contained only Tomcat02, but now has tomcat01, so it can be connected.
We have customized the network, and Docker has maintained the corresponding relationship for us. It is recommended that we use the network like this at ordinary times.
Benefits:
Redis – Different clusters use different networks to keep the clusters healthy and safe
Mysql – Different clusters use different networks to ensure a healthy and secure cluster