网站 备案号,免费代理服务器国外,厦门翔安建设局网站,凡客网站建设五、docker的网络模式
5.1 Docker的四种网络模式
当你安装docker时#xff0c;它会自动创建三个网络#xff0c;可使用如下命令查看#xff1a;
[rootlocalhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7390284b02d6 bridge bridge lo…五、docker的网络模式
5.1 Docker的四种网络模式
当你安装docker时它会自动创建三个网络可使用如下命令查看
[rootlocalhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7390284b02d6 bridge bridge local
d6f8e8de2c03 host host local
ec6c758e2ed2 none null localBridge此模式会为每一个容器分配、设置IP等。使用 --netbridge 指定默认设置。
host容器将不会虚拟出自己的网卡配置自己的IP等而是使用宿主机的IP和端口。使用--nethost 指定。
None该模式关闭了容器的网络功能。使用 --netnone 指定。
Container创建的容器不会创建自己的网卡配置自己的IP而是和一个指定的容器共享IP、端口范围。使用 --netcontainer:NAMEorID 指定。
5.2 None网络模式
使用none模式Docker容器拥有自己的Network Namespace但是并不为Docker容器进行任何网络配置。也就是说这个Docker容器没有网卡、IP、路由等信息只有lo 网络接口。需要我们自己为Docker容器添加网卡、配置IP等。
不参与网络通信运行于此类容器中的进程仅能访问本地回环接口仅适用于进程无须网络通信的场景中例如备份、进程诊断及各种离线任务等。None模式示意图如下所示 [rootlocalhost ~]# docker run -it --network none --rm busybox:latest
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
/ # exit5.3 Host网络模式
如果启动容器的时候使用host模式那么这个容器将不会获得一个独立的Network Namespace而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡配置自己的IP等而是使用宿主机的IP和端口。但是容器的其他方面如文件系统、进程列表等还是和宿主机隔离的。Host模式示意图如下所示 [rootlocalhost ~]# ip a show ens33
2: ens33: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:fb:63:04 brd ff:ff:ff:ff:ff:ffaltname enp2s1inet 192.168.168.101/24 brd 192.168.168.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fefb:6304/64 scope link noprefixroutevalid_lft forever preferred_lft forever
[rootlocalhost ~]# docker run --name busybox --rm -it --network host busybox:latest
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
2: ens33: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc fq_codel qlen 1000link/ether 00:0c:29:fb:63:04 brd ff:ff:ff:ff:ff:ffinet 192.168.168.101/24 brd 192.168.168.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fefb:6304/64 scope link noprefixroutevalid_lft forever preferred_lft forever
3: docker0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueuelink/ether 02:42:1e:0f:2f:31 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:1eff:fe0f:2f31/64 scope linkvalid_lft forever preferred_lft forever
37: veth0a9f628if36: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueue master docker0link/ether ea:67:63:ea:8d:5a brd ff:ff:ff:ff:ff:ffinet6 fe80::e867:63ff:feea:8d5a/64 scope linkvalid_lft forever preferred_lft forever
38: br-f65f09f8a274: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueuelink/ether 02:42:40:d3:87:29 brd ff:ff:ff:ff:ff:ffinet 172.18.0.1/16 brd 172.18.255.255 scope global br-f65f09f8a274valid_lft forever preferred_lft foreverinet6 fe80::42:40ff:fed3:8729/64 scope linkvalid_lft forever preferred_lft forever
/ # exit5.4 container网络模式
这个模式指定新创建的容器和已经存在的一个容器共享一个 Network Namespace而不是和宿主机共享。新创建的容器不会创建自己的网卡配置自己的 IP而是和一个指定的容器共享 IP、端口范围等。同样两个容器除了网络方面其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过 lo 网卡设备通信。Container模式示意图如下 1先用bridge网络模式启动容器1
[rootlocalhost ~]# docker run -d --name web4 nginx:1.27.2-alpine
e5c5ae64f304fd37af4952659b4139f0d478bee732bc784ede8c36c93f638f76
[rootlocalhost ~]# docker inspect web4 | grep -i ipaddressSecondaryIPAddresses: null,IPAddress: 172.17.0.3,IPAddress: 172.17.0.3,2再使用Container 网络模式创建容器2
[rootlocalhost ~]# docker run --name busybox --rm -it --network container:web4 busybox:latest
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
43: eth0if44: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ffinet 172.17.0.3/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
#web1上启动的nginx服务在该容器中可以直接访问
/ # wget -O - -q 172.17.0.3
!DOCTYPE html
html
head
titleWelcome to nginx!/title
style
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
/style
/head
body
h1Welcome to nginx!/h1
pIf you see this page, the nginx web server is successfully installed and
working. Further configuration is required./ppFor online documentation and support please refer to
a hrefhttp://nginx.org/nginx.org/a.br/
Commercial support is available at
a hrefhttp://nginx.com/nginx.com/a./ppemThank you for using nginx./em/p
/body
/html
#注意文件系统并不共享
/ # ls /usr/share
ls: /usr/share: No such file or directory5.5 Bridge网络模式
安装docker时会自动创建一个docker0网桥运行容器时你可以使用docker run --networkNETWORK选项指定容器应连接到哪个网络否则Docker守护程序默认将容器连接到docker0虚拟网桥通过docker0网桥以及Iptables nat表配置与宿主机通信。
Docker 随机分配一个本地未占用的私有网段 在 RFC1918 中定义 中的一个地址给docker0 接口。 此后启动的容器内的网口也会自动分配一个同一网段的地址。docker0的IP地址则为容器的默认网关。在主机上创建一对虚拟网卡veth pair设备Docker将veth pair设备的一端放在新创建的容器中并命名为eth0容器的网卡另一端放在主机中以vethxxx这样类似的名字命名并将这个网络设备加入到docker0网桥中bridge模式示意图如下图所示。可以通过brctl show命令查看。 [rootlocalhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02421e0f2f31 no
[rootlocalhost ~]# ip a show docker0
3: docker0: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue state DOWN group defaultlink/ether 02:42:1e:0f:2f:31 brd ff:ff:ff:ff:ff:ffinet 172.17.0.1/16 brd 172.17.255.255 scope global docker0valid_lft forever preferred_lft foreverinet6 fe80::42:1eff:fe0f:2f31/64 scope linkvalid_lft forever preferred_lft forever
通过这种方式 主机可以跟容器通信 容器之间也可以相互通信。 Docker 就创建了在主机和所有容器之间一个虚拟共享网络。
注bridge模式是docker的默认网络模式不写–net参数就是bridge模式。使用docker run -p时docker实际是在iptables做了DNAT规则实现端口转发功能。可以使用iptables -t nat -vnL查看。
5.5.1 使用默认的网桥
#未指定网络模式则默认为bridge模式
[rootlocalhost ~]# docker run -d -P --name web3 nginx:1.14-alpine
009f12f2142c6a297cd8cf3d0fb078037a03e2a8388c581016df9015ecaecd66
[rootlocalhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
009f12f2142c nginx:1.14-alpine nginx -g daemon of… 4 seconds ago Up 3 seconds 0.0.0.0:32775-80/tcp, [::]:32775-80/tcp web3
[rootlocalhost ~]#
[rootlocalhost ~]# iptables -t nat -vnL DOCKER
Chain DOCKER (2 references)pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32775 to:172.17.0.2:80
[rootlocalhost ~]# docker exec -it web3 /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
36: eth0if37: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
#尝试ping宿主机
/ # ping -c2 192.168.168.101
PING 192.168.168.101 (192.168.168.101): 56 data bytes
64 bytes from 192.168.168.101: seq0 ttl64 time0.062 ms
64 bytes from 192.168.168.101: seq1 ttl64 time0.043 ms5.5.2 自定义网桥
#也可以在创建网桥时指定网段docker network create -d bridge --subnet 10.100.0.0/24 --gateway 10.100.0.1 my-bridge
[rootlocalhost ~]# docker network create -d bridge my-bridge
[rootlocalhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7390284b02d6 bridge bridge local
d6f8e8de2c03 host host local
f65f09f8a274 my-bridge bridge local
ec6c758e2ed2 none null local
[rootlocalhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br-f65f09f8a274 8000.024240d38729 no
docker0 8000.02421e0f2f31 no veth0a9f628
[rootlocalhost ~]# ip a show br-f65f09f8a274
38: br-f65f09f8a274: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue state DOWN group defaultlink/ether 02:42:40:d3:87:29 brd ff:ff:ff:ff:ff:ffinet 172.18.0.1/16 brd 172.18.255.255 scope global br-f65f09f8a274valid_lft forever preferred_lft forever
[rootlocalhost ~]# docker run --name busybox --rm -it --network my-bridge busybox:latest
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
41: eth0if42: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ffinet 172.18.0.2/16 brd 172.18.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ # ping 192.168.168.101
PING 192.168.168.101 (192.168.168.101): 56 data bytes
64 bytes from 192.168.168.101: seq0 ttl64 time0.278 ms
64 bytes from 192.168.168.101: seq1 ttl64 time0.060 ms
5.6 容器间的通信
5.6.1 同一台主机上的容器间的通信
1容器都使用默认的Bridge网络模式
两个容器使用ip地址互相访问
#运行第一个容器
[rootlocalhost ~]# docker run --rm -it busybox:1.36 /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
7: eth0if8: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever#运行第二个容器
[rootlocalhost ~]# docker run -it --rm busybox:latest /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
13: eth0if14: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ffinet 172.17.0.3/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever#第一个容器ping第二个容器
/ # ping -c2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq0 ttl64 time0.056 ms
64 bytes from 172.17.0.3: seq1 ttl64 time0.066 ms#第二个容器ping第一个容器
/ # ping -c2 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq0 ttl64 time0.032 ms
64 bytes from 172.17.0.2: seq1 ttl64 time0.062 ms
容器间使用名字互相访问
[rootlocalhost ~]# docker run --rm -it --name test-name busybox:1.36 /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
19: eth0if20: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ffinet 172.17.0.3/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
[rootlocalhost ~]# docker run -it --rm --link test-name:server1 busybox:latest /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
21: eth0if22: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ffinet 172.17.0.4/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 server1 d9a9e6278e9f test-name
172.17.0.4 9e6943af3424
/ # ping -c 2 server1
PING server1 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq0 ttl64 time0.035 ms
64 bytes from 172.17.0.3: seq1 ttl64 time0.073 ms--- server1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max 0.035/0.054/0.073 ms
/ # ping -c 2 test-name
PING test-name (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq0 ttl64 time0.035 ms
64 bytes from 172.17.0.3: seq1 ttl64 time0.062 ms--- test-name ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max 0.035/0.048/0.062 ms
/ #
2容器使用不同的bridge模式
[rootlocalhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9d160e040474 bridge bridge local
d6f8e8de2c03 host host local
f65f09f8a274 my-bridge bridge local
ec6c758e2ed2 none null local
#查看新添加的网桥
[rootlocalhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br-f65f09f8a274 8000.02427ef21b98 no vethf8467c8
docker0 8000.0242c16db1ae no vethcde7c3a
#运行第一个容器使用bridge模式
[rootlocalhost ~]# docker run --rm --network bridge -it busybox:1.36 /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
5: eth0if6: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever#在另外一个终端窗口运行第二个容器使用my-bridge模式
[rootlocalhost ~]# docker run -it --rm --network my-bridge busybox:latest /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
7: eth0if8: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ffinet 172.18.0.2/16 brd 172.18.255.255 scope global eth0valid_lft forever preferred_lft forever#两个容器互相访问访问失败
#第一个容器ping第二个容器
/ # ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2): 56 data bytes#第二个容器ping第一个容器
/ # ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes查看防火墙规则
#重新配置iptables规则
#1先将旧的iptables规则保存至iptables.sh文件中
[rootlocalhost ~]# iptables-save /root/iptables.sh
#2修改iptables.sh文件注释下面两行
#-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
#-A DOCKER-ISOLATION-STAGE-2 -o br-f65f09f8a274 -j DROP
#3导入新的iptables规则
[rootlocalhost ~]# iptables-restore /root/iptables.sh#两个容器互相测试
#第一个容器访问第二个容器
/ # ping -c2 172.18.0.2
PING 172.18.0.2 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq0 ttl63 time0.066 ms
64 bytes from 172.18.0.2: seq1 ttl63 time0.093 ms
#第二个容器访问第一个容器
/ # ping -c3 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq0 ttl63 time0.067 ms
64 bytes from 172.17.0.2: seq1 ttl63 time0.095 ms
64 bytes from 172.17.0.2: seq2 ttl63 time0.095 ms5.6.2 不同主机上的容器间的通信
两个主机上的容器之间的通信前提是宿主机之间的网络是可以互相通信的然后个容器才可以通过宿主机访问到对方的容器实现原理是在宿主机做一个网络路由就可以实现宿主机A的容器访问宿主机容器B的目的。
由于docker默认网段是172.17.0.X/24如果要做路由每个宿主机的docker使用的默认网段不能一致。
#服务器A使用默认网段
#服务器B修改默认网段为10.10.0.X/24
[rootnode02 yum.repos.d]# vim /usr/lib/systemd/system/docker.service
#修改该行信息
ExecStart/usr/bin/dockerd -H fd:// --containerd/run/containerd/containerd.sock --bip10.10.0.1/24
[rootnode02 yum.repos.d]# systemctl daemon-reload
[rootnode02 yum.repos.d]# systemctl start docker
[rootnode02 yum.repos.d]# ip a show docker0
3: docker0: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue state DOWN group defaultlink/ether 02:42:bb:a0:47:ca brd ff:ff:ff:ff:ff:ffinet 10.10.0.1/24 brd 10.10.0.255 scope global docker0valid_lft forever preferred_lft forever#服务器A启动容器
[rootlocalhost ~]# docker run -it --rm busybox:1.36 /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
9: eth0if10: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever#服务器B启动容器
[rootnode02 ~]# docker run -it --rm busybox:latest /bin/sh
/ # ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
4: eth0if5: BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN mtu 1500 qdisc noqueuelink/ether 02:42:0a:0a:00:02 brd ff:ff:ff:ff:ff:ffinet 10.10.0.2/24 brd 10.10.0.255 scope global eth0valid_lft forever preferred_lft forever
#容器间互相访问测试无法访问
/ # ping -c2 10.10.0.2
PING 10.10.0.2 (10.10.0.2): 56 data bytes--- 10.10.0.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss/ # ping -c 2 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes--- 172.17.0.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
#给serverA添加静态路由当本机要访问10.10.0.0/24网段的主机的时候网关指定为serverB宿主机的地址
[rootlocalhost ~]# route add -net 10.10.0.0/24 gw 192.168.168.102
#设置防火墙规则
[rootlocalhost ~]# iptables -A FORWARD -s 192.168.168.0/24 -j ACCEPT#给serverB添加静态路由网关地址为serverA的地址
[rootnode02 ~]# route add -net 172.17.0.0/24 gw 192.168.168.101
#设置防火墙规则
[rootlocalhost ~]# iptables -A FORWARD -s 192.168.168.0/24 -j ACCEPT#测试
#宿主机A容器访问宿主机B容器
/ # ping -c2 10.10.0.2
PING 10.10.0.2 (10.10.0.2): 56 data bytes
64 bytes from 10.10.0.2: seq0 ttl62 time0.461 ms
64 bytes from 10.10.0.2: seq1 ttl62 time0.556 ms--- 10.10.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max 0.461/0.508/0.556 ms#宿主机B容器访问宿主机A容器
/ # ping -c 2 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq0 ttl62 time0.491 ms
64 bytes from 172.17.0.2: seq1 ttl62 time0.575 ms
文章转载自: http://www.morning.kwqqs.cn.gov.cn.kwqqs.cn http://www.morning.gassnw.com.gov.cn.gassnw.com http://www.morning.jfjqs.cn.gov.cn.jfjqs.cn http://www.morning.wfwqr.cn.gov.cn.wfwqr.cn http://www.morning.fgkrh.cn.gov.cn.fgkrh.cn http://www.morning.jgttx.cn.gov.cn.jgttx.cn http://www.morning.qrwdg.cn.gov.cn.qrwdg.cn http://www.morning.dxsyp.cn.gov.cn.dxsyp.cn http://www.morning.ylsxk.cn.gov.cn.ylsxk.cn http://www.morning.tscsd.cn.gov.cn.tscsd.cn http://www.morning.qkqhr.cn.gov.cn.qkqhr.cn http://www.morning.qhrdx.cn.gov.cn.qhrdx.cn http://www.morning.rxrw.cn.gov.cn.rxrw.cn http://www.morning.ysbhj.cn.gov.cn.ysbhj.cn http://www.morning.mdnnz.cn.gov.cn.mdnnz.cn http://www.morning.rmkyb.cn.gov.cn.rmkyb.cn http://www.morning.qlpq.cn.gov.cn.qlpq.cn http://www.morning.cybch.cn.gov.cn.cybch.cn http://www.morning.djpps.cn.gov.cn.djpps.cn http://www.morning.xxlz.cn.gov.cn.xxlz.cn http://www.morning.zfcfx.cn.gov.cn.zfcfx.cn http://www.morning.qsy36.cn.gov.cn.qsy36.cn http://www.morning.rlhh.cn.gov.cn.rlhh.cn http://www.morning.prysb.cn.gov.cn.prysb.cn http://www.morning.qrzqd.cn.gov.cn.qrzqd.cn http://www.morning.dshxj.cn.gov.cn.dshxj.cn http://www.morning.rxnr.cn.gov.cn.rxnr.cn http://www.morning.sxbgc.cn.gov.cn.sxbgc.cn http://www.morning.nbrdx.cn.gov.cn.nbrdx.cn http://www.morning.tfqfm.cn.gov.cn.tfqfm.cn http://www.morning.wbdm.cn.gov.cn.wbdm.cn http://www.morning.qphdp.cn.gov.cn.qphdp.cn http://www.morning.gdljq.cn.gov.cn.gdljq.cn http://www.morning.wmrgp.cn.gov.cn.wmrgp.cn http://www.morning.wqkzf.cn.gov.cn.wqkzf.cn http://www.morning.dzpnl.cn.gov.cn.dzpnl.cn http://www.morning.gkmwk.cn.gov.cn.gkmwk.cn http://www.morning.zybdj.cn.gov.cn.zybdj.cn http://www.morning.mplld.cn.gov.cn.mplld.cn http://www.morning.kghhl.cn.gov.cn.kghhl.cn http://www.morning.djgrg.cn.gov.cn.djgrg.cn http://www.morning.bmts.cn.gov.cn.bmts.cn http://www.morning.rkhhl.cn.gov.cn.rkhhl.cn http://www.morning.jzfrl.cn.gov.cn.jzfrl.cn http://www.morning.jmmzt.cn.gov.cn.jmmzt.cn http://www.morning.hmktd.cn.gov.cn.hmktd.cn http://www.morning.gbjxj.cn.gov.cn.gbjxj.cn http://www.morning.rfkyb.cn.gov.cn.rfkyb.cn http://www.morning.lqtwb.cn.gov.cn.lqtwb.cn http://www.morning.zgnng.cn.gov.cn.zgnng.cn http://www.morning.hbdqf.cn.gov.cn.hbdqf.cn http://www.morning.kgkph.cn.gov.cn.kgkph.cn http://www.morning.plfy.cn.gov.cn.plfy.cn http://www.morning.mhybs.cn.gov.cn.mhybs.cn http://www.morning.qgzmz.cn.gov.cn.qgzmz.cn http://www.morning.mlnzx.cn.gov.cn.mlnzx.cn http://www.morning.kkqgf.cn.gov.cn.kkqgf.cn http://www.morning.lgtzd.cn.gov.cn.lgtzd.cn http://www.morning.fgppj.cn.gov.cn.fgppj.cn http://www.morning.nmymn.cn.gov.cn.nmymn.cn http://www.morning.yjmlg.cn.gov.cn.yjmlg.cn http://www.morning.yfffg.cn.gov.cn.yfffg.cn http://www.morning.tstkr.cn.gov.cn.tstkr.cn http://www.morning.rfdqr.cn.gov.cn.rfdqr.cn http://www.morning.rqqmd.cn.gov.cn.rqqmd.cn http://www.morning.jwncx.cn.gov.cn.jwncx.cn http://www.morning.mqldj.cn.gov.cn.mqldj.cn http://www.morning.tpssx.cn.gov.cn.tpssx.cn http://www.morning.qkrqt.cn.gov.cn.qkrqt.cn http://www.morning.wlqbr.cn.gov.cn.wlqbr.cn http://www.morning.wynqg.cn.gov.cn.wynqg.cn http://www.morning.stmkm.cn.gov.cn.stmkm.cn http://www.morning.dqkrf.cn.gov.cn.dqkrf.cn http://www.morning.spnky.cn.gov.cn.spnky.cn http://www.morning.sltfk.cn.gov.cn.sltfk.cn http://www.morning.hmqjj.cn.gov.cn.hmqjj.cn http://www.morning.wpcfh.cn.gov.cn.wpcfh.cn http://www.morning.sgnxl.cn.gov.cn.sgnxl.cn http://www.morning.gqksd.cn.gov.cn.gqksd.cn http://www.morning.gbxxh.cn.gov.cn.gbxxh.cn
