docker0 网络
在我们启动一个容器的时候默认指定的网络就是docker0。--net bridge
# 两个命令一个意思,网络属于docker0
docker run -d -it --name tomcat01 tomcat:9.0
docker run -d -it --name tomcat02 --net bridge tomcat:9.0docker0网络不支持ping 容器名,只能ping ip
# 查看容器列表
➜ ~ docker ps|grep tomcat
# 尝试使用容器名ping,结果失败
➜ ~ docker exec -it tomcat01 ping tomcat02
ping: tomcat02: Name or service not known
# 查看ip
➜ ~ docker inspect tomcat02
......
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
# 可以得到当前容器的ip是172.17.0.3
# 尝试ping ip地址
➜ ~ docker exec -it tomcat01 ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.325 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.088 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.091 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.152 ms
64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.109 ms
^C
--- 172.17.0.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 90ms
rtt min/avg/max/mdev = 0.088/0.153/0.325/0.088 ms
#可以看到ping ip是OK的。为了实现可以直接通过容器名称进行ping
方式一 --link
--link可以将A容器连接到B容器,A ping B ok,B pingA 不行。因为其实现方式是修改了宿主机的hosts文件<linux中是>,进行映射。
这个方式很差,已经淘汰。简单看一下例子即可
# 启动了容器tomcat03 并link到tomcat02
➜ ~ docker run -d -it --name tomcat03 --link tomcat02 tomcat:9.0
24eb51eea7ec198497aa094698318a7f41b8fe3a146b4794fd6cfe9ac8d49514
# 由于link存在,ping OK
➜ ~ docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.197 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.079 ms
^C
--- tomcat02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 22ms
rtt min/avg/max/mdev = 0.079/0.138/0.197/0.059 ms
# 反过来ping就不行了
➜ ~ docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Name or service not known
方式二 自定义网络
docker network create
通过自定义网络可以为容器--net指定网络
# 多使用--help查看文档
➜ ~ docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
# 创建一个自定义网络
# --driver 指定网络模式 桥接
# --subnet 子网掩码
# --gateway 网关IP
➜ ~ docker network create --driver bridge --subnet 192.167.0.0/16 --gateway 192.167.0.1 new_net
808d9abd95e811b14ca5dac710aa8f81b0e4e75c98552c3fa2a1e78ba574a401
#创建tomcat04 并指定网络new_net
➜ ~ docker run -d -it --name tomcat04 --net new_net tomcat:9.0
0272ba2e3510a593fbcb4c4745954796c92e31207c3d49aaa69d9494897f9031
#查看两者ip
# 192.167.0.2
➜ ~ docker inspect tomcat04
# 192.167.0.3
➜ ~ docker inspect tomcat05
# 直接指定容器名ping
➜ ~ docker exec -it tomcat04 ping tomcat05
PING tomcat05 (192.167.0.3) 56(84) bytes of data.
64 bytes from tomcat05.new_net (192.167.0.3): icmp_seq=1 ttl=64 time=0.270 ms
64 bytes from tomcat05.new_net (192.167.0.3): icmp_seq=2 ttl=64 time=0.078 ms
^C
--- tomcat05 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 0.078/0.174/0.270/0.096 ms
➜ ~ docker exec -it tomcat05 ping tomcat04
PING tomcat04 (192.167.0.2) 56(84) bytes of data.
64 bytes from tomcat04.new_net (192.167.0.2): icmp_seq=1 ttl=64 time=0.066 ms
64 bytes from tomcat04.new_net (192.167.0.2): icmp_seq=2 ttl=64 time=0.143 ms
64 bytes from tomcat04.new_net (192.167.0.2): icmp_seq=3 ttl=64 time=0.114 ms
^C
--- tomcat04 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 75ms
rtt min/avg/max/mdev = 0.066/0.107/0.143/0.033 ms
# 结论:自定义网络之后同一个网络的是可以ping通的基于以上的结论,请问docker0的tomcat01 可以ping通new_net网络的tomcat04吗?答案:不可以
学过计算机网络就明白,原因是不在一个局域网没法访问。
➜ ~ docker exec -it tomcat01 ping tomcat04
ping: tomcat04: Name or service not known解决办法 docker network connect “Connect a container to a network”。将容器和网络互连互通。
# 将容器tomcat01和网络new_net连接
➜ ~ docker network connect new_net tomcat01
# 再次尝试ping, ok!
➜ ~ docker exec -it tomcat01 ping tomcat04
PING tomcat04 (192.167.0.2) 56(84) bytes of data.
64 bytes from tomcat04.new_net (192.167.0.2): icmp_seq=1 ttl=64 time=0.157 ms
64 bytes from tomcat04.new_net (192.167.0.2): icmp_seq=2 ttl=64 time=0.075 ms
^C
--- tomcat04 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.075/0.116/0.157/0.041 ms
# 相反的也可以ping
➜ ~ docker exec -it tomcat04 ping tomcat01
PING tomcat01 (192.167.0.4) 56(84) bytes of data.
64 bytes from tomcat01.new_net (192.167.0.4): icmp_seq=1 ttl=64 time=0.110 ms
64 bytes from tomcat01.new_net (192.167.0.4): icmp_seq=2 ttl=64 time=0.084 ms
^C
--- tomcat01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.084/0.097/0.110/0.013 ms
上面的测试提现了互连互通
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。