Implementation of Network Management and Network Isolation in Docker Container
- 2021-08-12 04:09:45
- OfStack
1. Management of the Docker network
1. Mode of Docker container
1) Docker accesses the external network
The Docker container is connected to the Docker0 bridge of the host machine to access the external network; The docker0 bridge is automatically added to the docker container by default.
2) Container-to-container communication
Need an administrator to create a bridge; Connect different containers to a bridge to realize mutual access between containers.
3) External Network Access Container
Communication is achieved through port mapping or synchronous docker host network configuration.
2. Network communication mode of Docker container
1) bridge
The default container accesses the external network communication; Depends on the docker0 bridge.
2) none
It is necessary to create a separate network namespace for the container; The created container is not configured with TCP/IP information.
3) container
Container and container communication use; Containers need to share container namespaces, and different containers communicate through sharing container namespaces.
4) host
The internal network of the container is synchronized with the host.
3. Configure bridge network communication mode
[root@centos01 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
<!-- Installation centos7 Source -->
[root@centos01 ~]# yum -y install docker <!-- Installation docker-->
[root@centos01 ~]# systemctl start docker <!-- Start docker-->
[root@centos01 ~]# systemctl enable docker <!-- Settings docker Automatic startup -->
[root@centos01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf <!-- Turn on the routing function -->
[root@centos01 ~]# sysctl -p <!-- Refresh configuration -->
net.ipv4.ip_forward = 1
[root@centos01 ~]# docker pull hub.c.163.com/public/centos:7.2-tools <!-- Download image -->
[root@centos01 ~]# docker images <!-- View Mirror -->
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.c.163.com/public/centos 7.2-tools 4a4618db62b9 3 years ago 515 MB
[root@centos01 ~]# docker run -d --net=bridge --name centos7.201 hub.c.163.com/public/centos:7.2-tools
<!-- Configure the created container to bridge network communication, and the container accesses the Internet using -->
b308fb5c097fd455073f2f4a280d2660e6943fe1a62d6409e8ebcd3b86469438
[root@centos01 ~]# docker ps <!-- View the running container -->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b308fb5c097f hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 20 seconds ago Up 19 seconds 22/tcp centos7.201
[root@centos01 ~]# ifconfig <!-- View Docker Host machine IP Address information -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
[root@centos01 ~]# docker exec -it centos7.201 /bin/bash <!-- Login centos7.201 Container -->
[root@b308fb5c097f /]# ifconfig <!-- View IP Address -->
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
[root@b308fb5c097f /]# ping www.baidu.com <!--centos7.201 Container ping Public network test -->
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18: icmp_seq=1 ttl=50 time=18.4 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=50 time=18.3 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=50 time=16.9 ms
[root@b308fb5c097f /]# ping 192.168.100.10 <!--ping Host machine IP Test -->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.043 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.086 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.150 ms
4. Configure none network communication mode
[root@centos01 ~]# docker run -d --net=none --name centos7.202 hub.c.163.com/public/centos:7.2-tools
<!-- Configure docker Containers do not need to be connected to the network, and containers cannot communicate -->
e2c4837d67818e7ef4d7cedf964db21d98cabb594d12091d7f69da4e8fb3f30f
[root@centos01 ~]# docker ps <!-- View the running container -->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e2c4837d6781 hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 57 seconds ago Up 56 seconds centos7.202
b308fb5c097f hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 7 minutes ago Up 7 minutes 22/tcp centos7.201
[root@centos01 ~]# docker exec -it centos7.202 /bin/bash <!-- Login centos7.202 Container -->
[root@e2c4837d6781 /]# ifconfig <!-- View IP Address -->
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
[root@e2c4837d6781 /]# ping www.baidu.com <!--ping The public network found that it was impassable -->
ping: unknown host www.baidu.com
[root@e2c4837d6781 /]#
[root@e2c4837d6781 /]# ping 192.168.100.10 <!--ping Host machine IP Address discovery is impassable -->
connect: Network is unreachable
5. Configure host network communication mode
[root@centos01 ~]# docker run -d --net=host --name centos7.203 -v /data1 hub.c.163.com/public/centos:7.2-tools
<!-- Configure the running container and host network to stay synchronized -->
2911358be486720c4ee93c8de22cd77301236f48c5baf22ea63bb3c54450032e
[root@centos01 ~]# ls /var/lib/docker/volumes/ <!-- View the created data volume -->
dc755f3b6036f167471435629918d06264e1c2c6a8b175426fa80da36143a87e metadata.db
[root@centos01 ~]# docker ps <!-- View the running container -->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2911358be486 hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" About a minute ago Up About a minute centos7.203
e2c4837d6781 hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 15 minutes ago Up 15 minutes centos7.202
b308fb5c097f hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 21 minutes ago Up 21 minutes 22/tcp centos7.201
[root@centos01 ~]# docker exec -it centos7.203 /bin/bash <!-- Log in to centos7.203 Container -->
[root@centos01 /]# ifconfig <!-- View IP Address -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.126 netmask 255.255.255.0 broadcast 192.168.0.255
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
vethc39178a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::7c4b:a6ff:fe1c:a37f prefixlen 64 scopeid 0x20<link>
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
[root@centos01 ~]# docker exec -it centos7.203 /bin/bash <!-- Login centos7.203 Container -->
[root@centos01 /]# ping www.baidu.com <!--ping Public network test -->
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14: icmp_seq=1 ttl=51 time=20.0 ms
64 bytes from 39.156.66.14: icmp_seq=2 ttl=51 time=19.1 ms
64 bytes from 39.156.66.14: icmp_seq=3 ttl=51 time=15.9 ms
[root@centos01 /]# ping 192.168.100.10 <!--ping Host machine IP Address test -->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.030 ms
<!---Centos7.203 Container installation Nginx-->
[root@centos01 ~]# cp /mnt/nginx-1.6.0.tar.gz ./ <!-- Copy Nginx Compressed package -->
[root@centos01 ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg nginx-1.6.0.tar.gz
[root@centos01 ~]# cp nginx-1.6.0.tar.gz /var/lib/docker/volumes/dc755f3b6036f167471435629918d06264e1c2c6a8b175426fa80da36143a87e/_data/
<!-- Will Nginx Compressed packages are shared through data volumes to centos7.203 Container -->
[root@centos01 ~]# docker exec -it centos7.203 /bin/bash <!-- Log in to centos7.203 Container -->
[root@centos01 /]# ls
anaconda-post.log bin data1 dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@centos01 /]# cd data1/ <!-- Viewing data shared by hosts -->
[root@centos01 data1]# ls
nginx-1.6.0.tar.gz
[root@centos01 /]# yum -y install pcre-devel zlib-devel <!-- Installation Nginx Dependent program -->
[root@centos01 /]# useradd -M -s /sbin/nologin nginx <!-- Create management Nginx Users -->
[root@centos01 /]# tar zxvf /data1/nginx-1.6.0.tar.gz -C /usr/src/ <!-- Decompression Nginx Bag -->
[root@centos01 /]#yum -y install gcc pcre-devel zlib-devel make <!-- Install dependencies first -->
[root@centos01 /]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module && make && make install
<!-- Configure Nginx And Compile and install nginx-->
[root@centos01 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ <!-- Optimization Nginx Execute a command -->
[root@centos01 nginx-1.6.0]# echo "www.docker.nginx.com" > /usr/local/nginx/html/index.html
<!-- Modify Nginx Website homepage content -->
[root@centos01 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
<!-- In centos7.203 Start in container Nginx Services -->
[root@centos01 nginx-1.6.0]# netstat -anptu | grep nginx <!-- Eavesdropping Nginx Is the service port number running -->
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6268/nginx: master
[root@centos01 ~]# curl http://192.168.100.10 <!--docker Host access centos7.203 In the container nginx-->
www.docker.nginx.com
[root@centos01 nginx-1.6.0]# cat /usr/local/nginx/logs/access.log
<!-- View centos7.203 Successful access in the container Nginx Log of -->
192.168.100.10 - - [12/May/2020:21:42:47 +0800] "GET / HTTP/1.1" 200 21 "-" "curl/7.29.0"
6. Configure docker0 network card parameters
[root@centos01 ~]# ifconfig <!-- View docker Host machine IP Address -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
[root@centos01 ~]# systemctl stop docker <!-- Stop docker Services -->
[root@centos01 ~]# ip link set dev docker0 down <!-- Stop docker0 Network bridge -->
[root@centos01 ~]# brctl delbr docker0 <!-- Delete the system default docker0 Network bridge -->
[root@centos01 ~]# brctl addbr docker0 <!-- Create a new bridge with the name docker0-->
[root@centos01 ~]# ip addr add 192.168.20.1/24 dev dokcer0 <!-- New bridge docker0 Configure IP Address -->
[root@centos01 ~]# ip link set dev docker0 up <!-- Start a new docker0 Network bridge -->
[root@centos01 ~]# vim /etc/docker/daemon.json
<!-- Modify docker Configuration file to load a new bridge docker0-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]}
{"bip":"192.168.20.1/24"} <!-- Add this line -->
[root@centos01 ~]# systemctl start docker <!-- Start docker Services -->
[root@centos01 ~]# ifconfig <!-- View docker Host machine IP Details -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.1 netmask 255.255.255.0 broadcast 0.0.0.0
[root@centos01 ~]# docker run -it -d --name centos7.2v1 hub.c.163.com/public/centos:7.2-tools <!-- Create 1 Containers run in the background -->
d0b5392e60cef37f3c44d79a9fb73916720cfc44faa7b73862bee05fb2d6ce7b
[root@centos01 ~]# docker exec -it centos7.2v1 /bin/bash <!-- Login centos7.2v1 Container -->
[root@d0b5392e60ce /]# ifconfig <!-- View IP Address details -->
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.2 netmask 255.255.255.0 broadcast 0.0.0.0
2. Docker Network Isolation
1. Docker network isolation principle
Need to manage the creation of cyberspace names; Load different containers into different cyberspace names to achieve isolation; Network isolation is not configured by default. The docker0 cyberspace name assigned to the container by default is not configured.
2. Cyberspace name type of Docker container
bridge: The container is bridged to the docker0 bridge; host: Container synchronizes network configuration information of docker host; none: The docker container does not need to configure TCP/IP information without creating a network;
3. Configure Docker Network Namespace Isolation
[root@centos01 ~]# docker network ls <!-- View docker Default network namespace -->
NETWORK ID NAME DRIVER SCOPE
8bb953004416 bridge bridge local
2c18234cad82 host host local
67860e823c36 none null local
[root@centos01 ~]# docker network create -d bridge liyanxin <!-- Create a network namespace -->
0c69de4672ec173dc4c60b19e0bf93b361f45a804859f7bc2105d85ca83b1169
[root@centos01 ~]# docker network create -d bridge gongsunli <!-- Create a network namespace -->
35687468c9034262173a96e9c23e045cbb8b7ffa6648fc84e015504740815001
[root@centos01 ~]# ifconfig <!-- View docker Host network card information -->
br-0c69de4672ec: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
br-35687468c903: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
[root@centos01 ~]# docker run -it -d --name centos6.701 --network=liyanxin hub.c.163.com/public/centos:6.7-tools
<!-- Create a running container and add it to the liyanxin Isolation in Network Namespace -->
b85a2d8419a98756369ddc3b78247d3d42c178e8e563a936fe973f2f6611f951
[root@centos01 ~]# docker exec -it centos6.701 /bin/bash <!-- Login centos6.701 Container -->
[root@b85a2d8419a9 /]# ifconfig <!-- View IP Address -->
eth0 Link encap:Ethernet HWaddr 02:42:AC:12:00:02
inet addr:172.18.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
[root@centos01 ~]# docker run -it -d --name centos6.702 --network=gongsunli hub.c.163.com/public/centos:6.7-tools
<!-- Create a running container and add it to the gongsunli Isolation in Network Namespace -->
9af0fb7b85af3270f3c7c44b62438f436b22289ac0a7604d6ed522604b7b185f
[root@centos01 ~]# docker exec -it centos6.702 /bin/bash <!-- Login centos6.702 Container -->
[root@9af0fb7b85af /]# ifconfig <!-- View IP Address -->
eth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:02
inet addr:172.19.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
3. Configure the bridge for network isolation
1. Configure the bridge for the purpose of network isolation
Containers that implement Docker hosts are used for container communication across Docker hosts.
2. Configure the bridge to realize the principle of network isolation
Bridging the physical network card to the created bridge network card; Configure IP address for bridge network card; Create a container to load the bridge network card; The docker host container communicates across the docker host container; The administrator manages the docker host for remote management through the bridge network card
3. Configure docker Bridge for Network Isolation
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
<!-- Modify docker The host physical network card is bridged to the bridge network card br0-->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0 <!-- Add this row -->
[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-br0
<!-- Create and generate br0 Network bridge -->
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0 <!-- Edit br0 Network card configuration file -->
TYPE=Bridge <!-- Modify this line -->
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=br0 <!-- Change a name -->
DEVICE=br0 <!-- Change a name -->
ONBOOT=yes
IPADDR=192.168.100.10 <!-- Add host machine IP Address -->
NETMASK=255.255.255.0
[root@centos01 ~]# systemctl restart network <!-- Restart docker Host network card service -->
[root@centos01 ~]# ifconfig <!-- View docker Host network card information -->
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
br-0c69de4672ec: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
br-35687468c903: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:18:d3:26 txqueuelen 1000 (Ethernet)
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::4ad2:dd37:4341:5d8e prefixlen 64 scopeid 0x20<link>
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
veth7b0bb5f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ccd3:86ff:fee6:5725 prefixlen 64 scopeid 0x20<link>
veth7e0f471: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::684c:fdff:fe13:b436 prefixlen 64 scopeid 0x20<link>
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
[root@centos01 ~]# yum -y install git <!--docker Host installation git-->
[root@centos01 ~]# git clone https://github.com/jpetazzo/pipework
<!-- Download docker Container network management tool pipework-->
[root@centos01 ~]# cp pipework/pipework /usr/local/bin/ <!-- Optimize management command -->
[root@centos01 ~]# chmod +x /usr/local/bin/pipework <!-- Add Execute Permission -->
[root@centos01 ~]# docker run -d --name centos6.703 --network=none hub.c.163.com/public/centos:6.7-tools
<!-- Run the container through mirroring -->
adea0ad48bdde947ec595382d96cba06eb6522ec046e9b3c7bfcb1edb5c84545
[root@centos01 ~]# pipework br0 centos6.703 192.168.100.101/24
<!-- To centos6.703 Container configuration IP Address -->
[root@centos01 ~]# docker exec -it centos6.703 /bin/bash <!-- Login centos6.703 Container -->
[root@adea0ad48bdd /]# ifconfig <!-- View IP Address -->
eth1 Link encap:Ethernet HWaddr FA:3A:9D:ED:C0:FF
inet addr:192.168.100.101 Bcast:192.168.100.255 Mask:255.255.255.0
[root@adea0ad48bdd /]# ping 192.168.100.10
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.097 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.039 ms
4. Configure docker Host Container to communicate with docker Host Container
[root@centos02 ~]# ping www.baidu.com <!-- Re-open 1 Server, connect to public network, install docker-->
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=1 ttl=51 time=19.5 ms
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=2 ttl=51 time=17.3 ms
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=3 ttl=51 time=18.1 ms
[root@centos02 ~]# cd /etc/yum.repos.d/
[root@centos02 yum.repos.d]# ls
local.repo
[root@centos02 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
<!-- Download centos7 Source -->
[root@centos02 ~]# yum install docker -y <!-- Installation docker-->
[root@centos02 ~]# systemctl start docker <!-- Start docker-->
[root@centos02 ~]# systemctl enable docker <!-- Set the boot to start automatically -->
[root@centos02 ~]# docker pull hub.c.163.com/public/centos:6.7-tools <!-- Download image -->
[root@centos02 ~]# docker images <!-- View Mirror -->
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.c.163.com/public/centos 6.7-tools b2ab0ed558bb 3 years ago 602 MB
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
<!-- Modify docker Host network card configuration information bridging br0 Network card -->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0 <!-- Add this row -->
[root@centos02 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-br0 <!-- Create and generate br0 Network bridge -->
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0 <!-- Edit br0 Network card configuration file -->
TYPE=Bridge <!-- Modify to Bridge-->
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=br0 <!-- Change a name -->
DEVICE=br0 <!-- Modify to br0-->
ONBOOT=yes
IPADDR=192.168.100.20 <!-- Add host machine IP Address -->
NETMASK=255.255.255.0
[root@centos02 ~]# systemctl restart network <!-- Restart docker Host network card service -->
[root@centos02 ~]# ifconfig <!-- View docker Host network card information -->
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.20 netmask 255.255.255.0 broadcast 192.168.100.255
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:97:5c:9f txqueuelen 1000 (Ethernet)
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.104 netmask 255.255.255.0 broadcast 192.168.0.255
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
[root@centos02 ~]# yum -y install git <!-- Installation git-->
[root@centos02 ~]# git clone https://github.com/jpetazzo/pipework
<!-- Download docker Container network management tool pipework-->
[root@centos02 ~]# cp pipework/pipework /usr/local/bin/ <!-- Optimize management command -->
[root@centos02 ~]# chmod +x /usr/local/bin/pipework <!-- Add Execute Permission -->
[root@centos02 ~]# docker run -d --name centos6.7 --network=none hub.c.163.com/public/centos:6.7-tools <!-- By running the container -->
abec0a6bd3822a2fd702dc44d1cf3043648aadd1a661e577c23701e30ee9df7a
[root@centos02 ~]# pipework br0 centos6.7 192.168.100.102/24
<!-- To centos6.7 Container configuration IP Address -->
[root@centos02 ~]# docker exec -it centos6.7 /bin/bash <!-- Login centos6.7 Container -->
[root@abec0a6bd382 /]# ifconfig <!-- View IP Address -->
eth1 Link encap:Ethernet HWaddr EE:01:B7:99:90:1C
inet addr:192.168.100.102 Bcast:192.168.100.255 Mask:255.255.255.0
[root@abec0a6bd382 /]# ping 192.168.100.101 <!---->
PING 192.168.100.101 (192.168.100.101) 56(84) bytes of data.
64 bytes from 192.168.100.101: icmp_seq=1 ttl=64 time=0.660 ms
64 bytes from 192.168.100.101: icmp_seq=2 ttl=64 time=0.865 ms
64 bytes from 192.168.100.101: icmp_seq=3 ttl=64 time=0.382 ms
[root@abec0a6bd382 /]# ping 192.168.100.10 <!---->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.632 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.732 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.796 ms
[root@abec0a6bd382 /]# ping 192.168.100.20 <!---->
PING 192.168.100.20 (192.168.100.20) 56(84) bytes of data.
64 bytes from 192.168.100.20: icmp_seq=1 ttl=64 time=0.144 ms
64 bytes from 192.168.100.20: icmp_seq=2 ttl=64 time=0.094 ms
64 bytes from 192.168.100.20: icmp_seq=3 ttl=64 time=0.043 ms