docker's point to point container network configuration
- 2020-10-07 18:57:56
- OfStack
1. Build a network between containers
1. View your current network environment
[root@liuxin-test01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:41:84 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.192/24 brd 192.168.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feca:4184/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:0c:29:ca:41:8e brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:a3:f4:2f:40 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:a3ff:fef4:2f40/64 scope link
valid_lft forever preferred_lft forever
Create two networkless containers
--rm parameter explanation 1 Below:
When the Docker container exits, the file system inside the default container is still preserved for easy debugging and retention of user data.
However, with foreground containers, since they only run for a short time during development and debugging, there is no need to retain user data, so you can set the --rm option when the container starts up, so that the file system inside the container can be cleaned up automatically when the container exits.
--net=none no network environment --net=bridge, the default parameter to set the container's network through the bridge (docker0). The default bridge can also be specified with the -ES26en parameter of the DOCKER_OPTS option --net=host Network environment for Shared hosts is not recommended Two containers share network resources such as the IP address and port numberThe following two containers are created in both terminals
[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos01' centos:7.4.1708
[root@f64cdc7ffff1 /]#
[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos02' centos:7.4.1708
[root@cd4df383b68e /]#
3. Look at the process ID for both containers
[root@liuxin-test01 ~]# docker inspect -f '{{.State.Pid}}' f64
21682
[root@liuxin-test01 ~]# docker inspect -f '{{.State.Pid}}' cd4
21832
4. Create virtual cyberspace for both containers
[root@liuxin-test01 ~]# mkdir -p /var/run/netns
[root@liuxin-test01 ~]# ln -s /proc/21682/ns/net /var/run/netns/21682
[root@liuxin-test01 ~]# ln -s /proc/21832/ns/net /var/run/netns/21832
[root@liuxin-test01 ~]#
5. Create 1 pair of veth and name the two ends A and B
veth is a virtual Ethernet device, similar to a network card device. This is introduced by the linux container technology and must come in pairs
[root@liuxin-test01 ~]# ip link add A type veth peer name B
[root@liuxin-test01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:41:84 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.192/24 brd 192.168.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feca:4184/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:0c:29:ca:41:8e brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:a3:f4:2f:40 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:a3ff:fef4:2f40/64 scope link
valid_lft forever preferred_lft forever
157: B@A: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether de:f7:3b:24:a5:0e brd ff:ff:ff:ff:ff:ff
158: A@B: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 9a:65:96:de:04:90 brd ff:ff:ff:ff:ff:ff
6. Place the ends in two containers
As we can see, after adding to the container, performing ip a again no longer sees either device
[root@liuxin-test01 ~]# ip link set A netns 21682
[root@liuxin-test01 ~]# ip link set B netns 21832
[root@liuxin-test01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:41:84 brd ff:ff:ff:ff:ff:ff
inet 192.168.8.192/24 brd 192.168.8.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feca:4184/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:0c:29:ca:41:8e brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:a3:f4:2f:40 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:a3ff:fef4:2f40/64 scope link
valid_lft forever preferred_lft forever
7. Set ip for two container network Spaces
[root@liuxin-test01 ~]# ip netns exec 21682 ip addr add 192.168.99.1/32 dev A
[root@liuxin-test01 ~]# ip netns exec 21832 ip addr add 192.168.99.2/32 dev B
8. Start a network of two containers
[root@liuxin-test01 ~]# ip netns exec 21682 ip link set A up
[root@liuxin-test01 ~]# ip netns exec 21832 ip link set B up
9. Set 1 gateway for both containers
[root@liuxin-test01 ~]# ip netns exec 21682 ip route add 192.168.99.2/32 dev A
[root@liuxin-test01 ~]# ip netns exec 21832 ip route add 192.168.99.1/32 dev B
Test 10.
[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos01' centos:7.4.1708
[root@f64cdc7ffff1 /]#
0
[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos01' centos:7.4.1708
[root@f64cdc7ffff1 /]#
1