作为Docker学习笔记,单机网络通信相关,以备后查。
计算机网络模型
OSI七层网络模型与TCP/IP四层网络模型
两台主机通信模型
Linux中的网卡
查看网卡
ip link showls /sys/class/netip a
在Linux中网卡对应的就是文件,查看网卡对应的文件
cat /etc/sysconfig/network-scripts/ifcfg-eth0
网卡
- 状态:UP/DOWN/UNKOWN
- link/ether:MAC地址
- inet:绑定的IP地址
- 网卡添加/删除IP地址
ip addr add 192.168.0.100/24 dev eth0ip addr delete 192.168.0.100/24 dev eth0
- 网卡启动与关闭
- 启动
ifup eth0或ip link set eth0 up - 关闭
ifdown eth0或ip link set eth0 down - 重启
service network restart或systemctl restart network
- 启动
Network Namespace
在linux上,网络的隔离是通过network namespace来管理的,不同的network namespace是互相隔离的
network namespace管理
查看
ip netns list添加
ip netns add ns1删除
ip netns delete ns1查看ns1上的网卡信息
ip netns ns1 ip a启动ns1上的lo网卡
ip netns ns1 ifup lo或ip netns ns1 ip link set lo up
Container中的network namespace
veth pair(Virtual Ethernet pair),成对的端口,实现两个namespace的网络连通
创建一对link ip
link add veth-ns1 type veth peer name veth-ns2查看link
ip link将veth-ns加入对应ns中
ip link set veth-ns1 netns ns1,ip link set veth-ns2 netns ns2分别查看宿主机和ns1、ns2的情况
1
2
3ip link
ip netns exec ns1 ip link
ip netns exec ns2 ip link添加对应IP地址
1
2ip netns exec ns1 ip addr add 192.168.0.11/24 dev veth-ns1
ip netns exec ns2 ip addr add 192.168.0.12/24 dev veth-ns2启动veth-ns
1
2ip netns exec ns1 ip link set veth-ns1 up
ip netns exec ns2 ip link set veth-ns2 up两个namespace中能互相ping通
1
2ip netns exec ns1 ping 192.168.0.12
ip netns exec ns2 ping 192.168.0.11
Container中的网络—bridge
docker0默认的bridge
在同一台机器中分别启动tomcat01、tomcat02两个容器
查看centos7中的网络
ip a1
2
3
4
5
6
7
8
9
10
11
12
13
144: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:e0:38:a7:05 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:e0ff:fe38:a705/64 scope link
valid_lft forever preferred_lft forever
113: vethcc01151@if112: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 66:46:15:2b:a4:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::6446:15ff:fe2b:a4b8/64 scope link
valid_lft forever preferred_lft forever
115: veth0c4651d@if114: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether ea:6a:76:c0:b7:82 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::e86a:76ff:fec0:b782/64 scope link
valid_lft forever preferred_lft forever查看tomcat01中的网络
docker exec -it tomcat01 ip a1
2
3
4
5
6
7
81: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
112: eth0@if113: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever查看tomcat02中的网络
docker exec -it tomcat02 ip a1
2
3
4
5
6
7
81: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
114: eth0@if115: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever桥接网络(bridge)
查看docker中的网络模式
- 先安装brctl
yum install bridge-utils - 查看bridge
brctl show - 查看docker中网络模式
docker network ls - 检查bridge
docker network inspect bridge
- 先安装brctl
Container中的网络—host、none
host
创建tomcat容器,指定网络为host
- docker run -d –name my-tomcat-host –network host tomcat
查看ip地址
- docker exec -it my-tomcat-host ip a
检查host网络
- docker network inspect host
none
创建tomcat容器,指定网络为none
- docker run -d –name my-tomcat-none –network none tomcat
查看ip地址
- docker exec -it my-tomcat-none ip a
检查none网络
- docker network inspect none