Home  >  Article  >  php教程  >  配置Docker的网络模型—none

配置Docker的网络模型—none

WBOY
WBOYOriginal
2016-06-13 08:48:361047browse

配置Docker的网络模型—none

在启动容器时指定—net=none,表明在启动的Container中不配置任何网络信息,启动后看到的Container内的信息如下所示:没有eth0接口只有一个lo回环接口。但还是有自己独立的network namespace。
root@10-10-63-106 ~]# docker run -i -t --rm--net=none centos6.3-base-v2 /bin/bash

[root@4685a85d0e11/]# ifconfig

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

docker run -i -t --rm --net=nonefrankzfz/centos6.3-base-v1 /bin/bash

[root@0861fd7f405a /]# ifconfig

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

获取容器的进程号,

[root@10-10-63-106 ~]# docker inspect -f'{{.State.Pid}}' 0861fd7f405a

695

[root@10-10-63-106 ~]# docker inspect -f'{{.State.Pid}}' 4685a85d0e11

638

创建网络命名空间的跟踪文件

[root@10-10-63-106 ~]# mkdir -p/var/run/netns

[root@10-10-63-106 ~]# ln -s/proc/695/ns/net /var/run/netns/695

[root@10-10-63-106 ~]# ln -s/proc/638/ns/net /var/run/netns/638

创建一对peer接口,A指定为Container_ID=0861fd7f405a的接口名,B指定为Container_ID=4685a85d0e11,并添加路由信息,他们的下一跳都是指向对端IP地址。

[root@10-10-63-106 ~]# ip link add A typeveth peer name B

[root@10-10-63-106 ~]# ip link set A netns695

[root@10-10-63-106 ~]# ip netns exec 695 ipaddr add 10.1.1.1/32 dev A

[root@10-10-63-106 ~]# ip netns exec 695 iplink set A up

[root@10-10-63-106 ~]# ip netns exec 695 iproute add 10.1.1.2/32 dev A

[root@0861fd7f405a /]# ifconfig

ALink encap:Ethernet HWaddrCA:39:26:CD:24:BD

inet addr:10.1.1.1 Bcast:0.0.0.0Mask:255.255.255.255

UP BROADCAST MULTICASTMTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

[root@10-10-63-106 ~]# ip link set B netns638

[root@10-10-63-106 ~]# ip netns exec 638 ip addr add 10.1.1.2/32 devB

[root@10-10-63-106 ~]# ip netns exec 638 iplink set B up

[root@10-10-63-106 ~]# ip netns exec 638 iproute add 10.1.1.1/32 dev B

[root@4685a85d0e11 /]# ifconfig

BLink encap:Ethernet HWaddrFE:38:13:D9:2F:87

inet addr:10.1.1.2Bcast:0.0.0.0Mask:255.255.255.255

inet6 addr: fe80::fc38:13ff:fed9:2f87/64 Scope:Link

UP BROADCAST RUNNING MULTICASTMTU:1500 Metric:1

RX packets:8 errors:0 dropped:0 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:648 (648.0 b) TXbytes:648 (648.0 b)

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

在其中一台Container中ping另一台的IP地址,保证两台Container可以通信。

[root@4685a85d0e11/]# ping 10.1.1.1

PING 10.1.1.1 (10.1.1.1) 56(84) bytes ofdata.

64 bytes from 10.1.1.1: icmp_seq=1 ttl=64time=0.084 ms

64 bytes from 10.1.1.1: icmp_seq=2 ttl=64time=0.071 ms

64 bytes from 10.1.1.1: icmp_seq=3 ttl=64time=0.073 ms

64 bytes from 10.1.1.1: icmp_seq=4 ttl=64time=0.069 ms

^C

--- 10.1.1.1 ping statistics ---

4 packets transmitted, 4 received, 0%packet loss, time 3505ms

rtt min/avg/max/mdev =0.069/0.074/0.084/0.008 ms

参考文献:

https://docs.docker.com/articles/networking/

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn