docker's point to point container network configuration

  • 2020-10-07 18:57:56
  • OfStack

1. Build a network between containers

1. View your current network environment


[root@liuxin-test01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 00:0c:29:ca:41:84 brd ff:ff:ff:ff:ff:ff
  inet 192.168.8.192/24 brd 192.168.8.255 scope global eth0
    valid_lft forever preferred_lft forever
  inet6 fe80::20c:29ff:feca:4184/64 scope link
    valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  link/ether 00:0c:29:ca:41:8e brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
  link/ether 02:42:a3:f4:2f:40 brd ff:ff:ff:ff:ff:ff
  inet 172.17.0.1/16 scope global docker0
    valid_lft forever preferred_lft forever
  inet6 fe80::42:a3ff:fef4:2f40/64 scope link
    valid_lft forever preferred_lft forever

Create two networkless containers

--rm parameter explanation 1 Below:

When the Docker container exits, the file system inside the default container is still preserved for easy debugging and retention of user data.

However, with foreground containers, since they only run for a short time during development and debugging, there is no need to retain user data, so you can set the --rm option when the container starts up, so that the file system inside the container can be cleaned up automatically when the container exits.

--net=none no network environment --net=bridge, the default parameter to set the container's network through the bridge (docker0). The default bridge can also be specified with the -ES26en parameter of the DOCKER_OPTS option --net=host Network environment for Shared hosts is not recommended Two containers share network resources such as the IP address and port number

The following two containers are created in both terminals


[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos01' centos:7.4.1708
[root@f64cdc7ffff1 /]#

[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos02' centos:7.4.1708
[root@cd4df383b68e /]#

3. Look at the process ID for both containers


[root@liuxin-test01 ~]# docker inspect -f '{{.State.Pid}}' f64
21682
[root@liuxin-test01 ~]# docker inspect -f '{{.State.Pid}}' cd4
21832

4. Create virtual cyberspace for both containers


[root@liuxin-test01 ~]# mkdir -p /var/run/netns
[root@liuxin-test01 ~]# ln -s /proc/21682/ns/net /var/run/netns/21682
[root@liuxin-test01 ~]# ln -s /proc/21832/ns/net /var/run/netns/21832
[root@liuxin-test01 ~]#

5. Create 1 pair of veth and name the two ends A and B

veth is a virtual Ethernet device, similar to a network card device. This is introduced by the linux container technology and must come in pairs


[root@liuxin-test01 ~]# ip link add A type veth peer name B
[root@liuxin-test01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 00:0c:29:ca:41:84 brd ff:ff:ff:ff:ff:ff
  inet 192.168.8.192/24 brd 192.168.8.255 scope global eth0
    valid_lft forever preferred_lft forever
  inet6 fe80::20c:29ff:feca:4184/64 scope link
    valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  link/ether 00:0c:29:ca:41:8e brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
  link/ether 02:42:a3:f4:2f:40 brd ff:ff:ff:ff:ff:ff
  inet 172.17.0.1/16 scope global docker0
    valid_lft forever preferred_lft forever
  inet6 fe80::42:a3ff:fef4:2f40/64 scope link
    valid_lft forever preferred_lft forever
157: B@A: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
  link/ether de:f7:3b:24:a5:0e brd ff:ff:ff:ff:ff:ff
158: A@B: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
  link/ether 9a:65:96:de:04:90 brd ff:ff:ff:ff:ff:ff

6. Place the ends in two containers

As we can see, after adding to the container, performing ip a again no longer sees either device


[root@liuxin-test01 ~]# ip link set A netns 21682
[root@liuxin-test01 ~]# ip link set B netns 21832
[root@liuxin-test01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 00:0c:29:ca:41:84 brd ff:ff:ff:ff:ff:ff
  inet 192.168.8.192/24 brd 192.168.8.255 scope global eth0
    valid_lft forever preferred_lft forever
  inet6 fe80::20c:29ff:feca:4184/64 scope link
    valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  link/ether 00:0c:29:ca:41:8e brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
  link/ether 02:42:a3:f4:2f:40 brd ff:ff:ff:ff:ff:ff
  inet 172.17.0.1/16 scope global docker0
    valid_lft forever preferred_lft forever
  inet6 fe80::42:a3ff:fef4:2f40/64 scope link
    valid_lft forever preferred_lft forever

7. Set ip for two container network Spaces


[root@liuxin-test01 ~]# ip netns exec 21682 ip addr add 192.168.99.1/32 dev A
[root@liuxin-test01 ~]# ip netns exec 21832 ip addr add 192.168.99.2/32 dev B

8. Start a network of two containers


[root@liuxin-test01 ~]# ip netns exec 21682 ip link set A up
[root@liuxin-test01 ~]# ip netns exec 21832 ip link set B up

9. Set 1 gateway for both containers


[root@liuxin-test01 ~]# ip netns exec 21682 ip route add 192.168.99.2/32 dev A
[root@liuxin-test01 ~]# ip netns exec 21832 ip route add 192.168.99.1/32 dev B

Test 10.


[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos01' centos:7.4.1708
[root@f64cdc7ffff1 /]#
0

[root@liuxin-test01 ~]# docker run --rm -it --net=none --name='centos01' centos:7.4.1708
[root@f64cdc7ffff1 /]#
1

Related articles: