1. 前言
2. container 模型
2.1 docker container 模型
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07d642f06fa0 busybox:latest "top" About an hour ago Up About an hour container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
// 創建一個與container01共用network namespace的容器container05-container
root@nicktming:~# docker run -d --name container05-container --net container:container01 busybox top
dcc680c896840afed10135c3bf1789c92d9fa10af9675b196dfbb90aee873e56
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dcc680c89684 busybox:latest "top" 5 seconds ago Up 4 seconds container05-container
07d642f06fa0 busybox:latest "top" 2 hours ago Up 2 hours container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
// 查看容器container05-container的網絡配置
root@nicktming:~# docker exec -it dcc680c89684 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2855 (2.7 KiB) TX bytes:2228 (2.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 B) TX bytes:336 (336.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ #
/ # echo $$
7
/ # readlink /proc/7/ns/net
net:[4026532172]
/ # exit
root@nicktming:~#
// 查看container01的namespace
root@nicktming:~# docker exec -it container01 sh
/ # echo $$
48
/ # readlink /proc/48/ns/net
net:[4026532172]
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2855 (2.7 KiB) TX bytes:2228 (2.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 B) TX bytes:336 (336.0 B)
/ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
/ # exit
root@nicktming:~#
可以看到
container05-container與container01擁有共同的network namespace, 所以網絡配置都一樣.
container.png
3. None 網絡模型
3.1 docker創建一個none網絡模型的容器
3.1.1 創建一個none網絡模型的容器
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dcc680c89684 busybox:latest "top" 30 minutes ago Up 30 minutes container05-container
07d642f06fa0 busybox:latest "top" 2 hours ago Up 2 hours container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
root@nicktming:~# docker run -d --name container06-none --net none busybox top
f09c599fc329c10f3e1bb6d8993dddade703d003ce72f356452d7cea5c61a41e
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f09c599fc329 busybox:latest "top" 3 seconds ago Up 2 seconds container06-none
dcc680c89684 busybox:latest "top" 31 minutes ago Up 31 minutes container05-container
07d642f06fa0 busybox:latest "top" 2 hours ago Up 2 hours container03-host
6998224ba1cb busybox:latest "top" 4 hours ago Up 4 hours container02
3b5d2352935e busybox:latest "top" 4 hours ago Up 4 hours container01
root@nicktming:~#
root@nicktming:~# echo $$
21412
root@nicktming:~# readlink /proc/21412/ns/net
net:[4026531956]
root@nicktming:~# docker exec -it container06-none sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
/ # ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
/ # echo $$
16
/ # readlink /proc/16/ns/net
net:[4026532412]
/ # exit
root@nicktming:~#
可以看到生成了一個新的
network namespacenet:[4026532412], 但是網絡配置只有一個lo. 所以需要什么配置可以自己添加.
3.1.2 添加自定義網絡配置
root@nicktming:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f09c599fc329 busybox:latest "top" 2 hours ago Up 2 hours container06-none
dcc680c89684 busybox:latest "top" 2 hours ago Up 2 hours container05-container
07d642f06fa0 busybox:latest "top" 4 hours ago Up 4 hours container03-host
6998224ba1cb busybox:latest "top" 7 hours ago Up 7 hours container02
3b5d2352935e busybox:latest "top" 7 hours ago Up 7 hours container01
// 查看該容器container06-none在宿主機中的pid
root@nicktming:~# docker inspect container06-none | grep Pid
"PidMode": "",
"Pid": 25052,
// 該容器container06-none所在的network namespace
root@nicktming:~# ls -l /proc/25052/ns/net
lrwxrwxrwx 1 root root 0 May 3 16:50 /proc/25052/ns/net -> net:[4026532412]
root@nicktming:~#
// 該部分可以參考 [mydocker]---網絡虛擬設備veth bridge iptables
root@nicktming:~# ln -s /proc/25052/ns/net /var/run/netns/container06-none-net
root@nicktming:~# ip netns list
container06-none-net
ns2
ns1
// 將veth6 attach到docker0
root@nicktming:~# brctl addif docker0 veth6
root@nicktming:~# ip link set veth6 up
// 將veth7放到container06-none-net network namespace
root@nicktming:~# ip link set veth7 netns container06-none-net
// 進入到container06-none-net network namespace 中進行配置
root@nicktming:~# ip netns exec container06-none-net sh
# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
29: veth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether c2:0a:45:98:5f:84 brd ff:ff:ff:ff:ff:ff
#
// 配置ip
# ip link set veth7 name eth0
# ip addr add 172.17.0.5/16 dev eth0
# ip link set eth0 up
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
// 添加默認網關 docker0的ip
# route add default gw 172.17.42.1
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
# exit
3.1.3 進入容器中測試
由于在
container06-none-netnetwork namespace已經配置好了, 當再次進入到container06-none容器時, 可以看到相應的網絡配置并且可以進行測試.
root@nicktming:~# docker exec -it container06-none sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr C2:0A:45:98:5F:84
inet addr:172.17.0.5 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::c00a:45ff:fe98:5f84/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
// 訪問容器container01
/ # ping -c 1 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.079 ms
--- 172.17.0.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.079/0.079/0.079 ms
// 訪問容器container02
/ # ping -c 1 172.17.0.4
PING 172.17.0.4 (172.17.0.4): 56 data bytes
64 bytes from 172.17.0.4: seq=0 ttl=64 time=0.084 ms
--- 172.17.0.4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.084/0.084/0.084 ms
// 訪問docker0
/ # ping -c 1 172.17.42.1
PING 172.17.42.1 (172.17.42.1): 56 data bytes
64 bytes from 172.17.42.1: seq=0 ttl=64 time=0.084 ms
--- 172.17.42.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.084/0.084/0.084 ms
// 訪問宿主機
/ # ping -c 1 172.19.16.7
PING 172.19.16.7 (172.19.16.7): 56 data bytes
64 bytes from 172.19.16.7: seq=0 ttl=64 time=0.070 ms
--- 172.19.16.7 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.070/0.070/0.070 ms
// 訪問自己
/ # ping -c 1 172.17.0.5
PING 172.17.0.5 (172.17.0.5): 56 data bytes
64 bytes from 172.17.0.5: seq=0 ttl=64 time=0.063 ms
--- 172.17.0.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.063/0.063/0.063 ms
// 訪問自己
/ # ping -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.049 ms
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.049/0.049/0.049 ms
// 訪問互聯網
/ # ping -c 1 www.baidu.com
PING www.baidu.com (119.63.197.151): 56 data bytes
64 bytes from 119.63.197.151: seq=0 ttl=51 time=54.777 ms
--- www.baidu.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 54.777/54.777/54.777 ms
// 訪問network namespace ns1
/ # ping -c 1 192.168.2.10
PING 192.168.2.10 (192.168.2.10): 56 data bytes
64 bytes from 192.168.2.10: seq=0 ttl=63 time=0.076 ms
--- 192.168.2.10 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.076/0.076/0.076 ms
// 訪問network namespace ns2
/ # ping -c 1 192.168.2.20
PING 192.168.2.20 (192.168.2.20): 56 data bytes
64 bytes from 192.168.2.20: seq=0 ttl=63 time=0.071 ms
--- 192.168.2.20 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.071/0.071/0.071 ms
// 訪問br0
/ # ping -c 1 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: seq=0 ttl=64 time=0.057 ms
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.057/0.057/0.057 ms
/ # exit
root@nicktming:~#
3.2 手動實現
由于該配置與[mydocker]---docker的四種網絡模型與原理實現(1) 中的 2.2 手動實現 基本一致, 所以就不再重復.
4. 參考
1. https://blog.csdn.net/csdn066/article/details/77165269
2. https://blog.csdn.net/xbw_linux123/article/details/81873490
5. 全部內容
mydocker.png
1. [mydocker]---環境說明
2. [mydocker]---urfave cli 理解
3. [mydocker]---Linux Namespace
4. [mydocker]---Linux Cgroup
5. [mydocker]---構造容器01-實現run命令
6. [mydocker]---構造容器02-實現資源限制01
7. [mydocker]---構造容器02-實現資源限制02
8. [mydocker]---構造容器03-實現增加管道
9. [mydocker]---通過例子理解存儲驅動AUFS
10. [mydocker]---通過例子理解chroot 和 pivot_root
11. [mydocker]---一步步實現使用busybox創建容器
12. [mydocker]---一步步實現使用AUFS包裝busybox
13. [mydocker]---一步步實現volume操作
14. [mydocker]---實現保存鏡像
15. [mydocker]---實現容器的后臺運行
16. [mydocker]---實現查看運行中容器
17. [mydocker]---實現查看容器日志
18. [mydocker]---實現進入容器Namespace
19. [mydocker]---實現停止容器
20. [mydocker]---實現刪除容器
21. [mydocker]---實現容器層隔離
22. [mydocker]---實現通過容器制作鏡像
23. [mydocker]---實現cp操作
24. [mydocker]---實現容器指定環境變量
25. [mydocker]---網際協議IP
26. [mydocker]---網絡虛擬設備veth bridge iptables
27. [mydocker]---docker的四種網絡模型與原理實現(1)
28. [mydocker]---docker的四種網絡模型與原理實現(2)
29. [mydocker]---容器地址分配
30. [mydocker]---網絡net/netlink api 使用解析
31. [mydocker]---網絡實現
32. [mydocker]---網絡實現測試
