This is the 10th day of my participation in the August More Text Challenge. For details, see:August is more challenging

【Docker series 】 Docker learning eight, Docker network

Begin to understand Docker

So to start, let’s think about, how does the host communicate with the container?

If containers are isolated from each other, can they communicate? How do they communicate?

Began to explore

Let’s start by looking at what mirrors in our environment have. Yesxmtubuntu

# docker images
REPOSITORY            TAG       IMAGE ID       CREATED          SIZE
xmtubuntu             latest    c3e95388a66b   38 seconds ago   114MB
Copy the code

Take a look at the host’s network card information

IP addr to view our host network card information

We found a Docker0 because docker’s service is installed on our host, and Docker will generate a virtual network adapter for me. The Docker0 in the figure is the information of the virtual network adapter

Create and start a Docker named Ubuntu1

docker run -it --name ubuntu1 -P xmtubuntu

View the host nic information

View the nic information of the host

If we check the nic information of Ubuntu1, Docker will also assign an IP address to our container by default

You can find 117: veth838e165@if116: in docker0, and 116: eth0@if117 in Ubuntu1

We found that the veth numbers came in pairs and our host was able to communicate with Ubuntu1

Use the host machine (Docker0) andubuntu1Ping each other

docker0 pingubuntu1 ok

Ubuntu1pingdocker0, same ok

We could try creating and starting another Docker named Ubuntu2, and do exactly the same thing

# docker run -it -P --name ubuntu2 xmtubuntu
Copy the code

Enter the container and run IP a to view the Nic information of Ubuntu2

View network information on the host

There’s another veth on the host,119: veth0b29558@if118

The nic information on Ubuntu2 is 118: eth0@if119. They are also in pairs

How about ubuntu1 ping ubuntu2?

The corresponding 172.18.0.2 ubuntu1

The corresponding 172.18.0.3 ubuntu2

# docker exec- it ubuntu1 ping 172.18.0.3PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data. 64 bytes from 172.18.0.3: Icmp_seq =1 TTL =64 time=0.071 ms 64 bytes from 172.18.0.3: ICmp_seq =2 TTL =64 time=0.070 ms 64 bytes from 172.18.0.3: ICmp_seq =2 TTL =64 time=0.070 ms 64 bytes from 172.18.0.3: ICmp_seq =2 TTL =64 time=0.070 ms 64 bytes from 172.18.0.3: Icmp_seq TTL = 3 = 64 time = 0.077 msCopy the code

Still able to communicate, very nice

How does it work?

In the above exploration, we found that the container created by the host machine can ping the host directly, so what is their principle?

Careful XDM should see that in the above example, veth comes in pairs, and the above host and container are able to communicate over the network thanks to this technology, veth-pair

veth-pair

**veth-pair ** is a pair of virtual device interfaces that come in pairs, with one attached to the protocol and the other to each other

Because of this feature, the Veth-pair here acts as a bridge between the various virtual appliances

From the figure above, we can draw the following conclusions:

  • ubuntu1ubuntu2They are shared by a router, which is docker0 and Ubuntu1pingtongubuntu2Because Docker0 helps it forward
  • All containers take docker0 as the route when no route is specified, and Docker will also assign an available IP address to our container
  • Docker0 will exist if the docker service is installed on the host

As we can see from the figure above, the container and host were bridging to get through the network.

All network interfaces in Dcoker are virtual, because the forwarding efficiency of virtual is high. When we delete a container, the nic information corresponding to the container will also be deleted

So if you think about it, if you’re looking for IP addresses, if the IP addresses change, wouldn’t we be able to find the right container? Can we access the container through the service name?

– the link

Of course, we can do this by adding -link when creating and starting the container

Let’s create another container, Ubuntu3, and have it link to Ubuntu2

# docker run -it --name ubuntu3 -P --link ubuntu2 xmtubuntu

# docker exec -it ubuntu3 ping ubuntu2PING 172.18.0.3 56(84) bytes of data. 64 bytes from Ubuntu2 (172.18.0.3): Icmp_seq =1 TTL =64 time=0.093 ms 64 bytes from ubuntu2 (172.18.0.3): Icmp_seq =2 TTL =64 time= 0.085ms 64 bytes from ubuntu2 (172.18.0.3): Icmp_seq =3 TTL =64 time= 0.092ms 64 bytes from ubuntu2 (172.18.0.3): ICmp_seq =4 TTL =64 time= 0.073msCopy the code

Obviously, we can see that Ubuntu3 can communicate directly with Ubuntu2 using the service name Ubuntu2, but how about the other way around?

# docker exec -it ubuntu2 ping ubuntu3
ping: ubuntu3: Name or service not known
Copy the code

Not line? Why is that?

Take a look at the local /etc/hosts file of Ubuntu3

In /etc/hosts file, add a host, but this point we can all know, but this link or good rub, bad, he needs to create and start the container when the use, use inconvenient

So do we have a better way?

Custom network

You can use docker Network LS to view the network status of host Docker

:~# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
8317183dfc58   bridge    bridge    local
997107487c6b   host      host      local
ab130876cbe6   none      null      local
Copy the code

Network mode

  • bridge

By default, Docker0 uses the name bridge

  • host

Share the network with the host

  • none

Not configuring the Network

  • container

The container network is connected, and this pattern is rarely used because of its limitations

Now we can customize a network to connect the two containers

Custom network

Customize a Mynet network

#Docker network create --driver Bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
9a597fc31f1964d434181907e21ff7010738f3f7dc35ba86bf7434f05a6afc4a
Copy the code
  • docker network create

Create a network

  • –driver

Specify that the driver is bridge

  • –subnet

The specified subnet

  • –gateway

Specify the gateway

Here we set the subnet to –subnet 192.168.0.0/16 and the gateway to 192.168.0.1, so the remaining AVAILABLE IP addresses are 192.168.0.2 — 192.168.255.254, with 192.168.255.255 being the broadcast address

Empty existing containers

Empty the containers for all tests, minus interference

Create and start two containers, Ubuntu1 and Ubuntu2

# docker run -it -P --name ubuntu1 --net mynet xmtubuntu
# docker run -it -P --name ubuntu2 --net mynet xmtubuntu
Copy the code

At this point we can look at the host’s network card information and verify that the two containers can communicate directly through the container name

Consider the benefits of a custom web

We have customized Docker network, which has helped us maintain the corresponding relationship. The advantage of this is that the network can be isolated between containers.

For example,

A bunch of Redis containers, using 192.168.0.0/16 network segment, gateway is 192.168.0.1

A bunch of mongodb containers, using network segment 192.167.0.0/16, gateway 192.167.0.1

In this way, subnets can be well isolated. Different clusters use different subnets and do not affect each other

Is it possible to get through between subnets?

Network connectivity

How do two containers on different subnets communicate?

It is absolutely impossible for containers on different subnets to communicate with each other without routing. This is impossible. Subnets are isolated from each other

But there is a way to get the ubuntu3 container through mynet and forward it to ubuntu1 or ubuntu2

Through the subnet

Check out docker Network’s help manual

docker network -h

This can be done using the Docker Network connect command, as shown in the help documentation

# docker network connect -h
Flag shorthand -h has been deprecated, please use --help

Usage:  docker network connect [OPTIONS] NETWORK CONTAINER

Connect a container to a network
Copy the code

To get through

docker network connect mynet ubuntu3

At this point we can take a look at the mynet network details

# docker network inspect mynet
Copy the code

You can see that on the Mynet network, another container has been added, with IP 192.168.0.4

Yes, docker handles this kind of networking as simple as adding a virtual network adapter to the ubuntu3 container, allowing ubuntu3 to connect to the mynet network

The host also has a corresponding veth

! [] (gitee.com/common_dev/… master/image-20210807204514806.png)

Now, to operate someone else’s container across the network, we can use Docker Network Connect to get through the network and get to work

Are you still interested in the Internet? Haha, the links of the previous articles about Docker are as follows. You can learn gradually, deepen slowly and review more

Docker: A container data volume is a container data volume

【Docker series 】 Docker learning four, together to learn the principles of image related

【Docker series 】 Docker learning three, Docker preliminary actual combat and Docker visual management tool trial

【Docker series 】 Docker learning 2, Docker common commands, mirroring commands, container commands, other commands

【 Docker series 】 a Docker learning, the installation of the Docker use and basic operation principle of the Docker | August more challenges

References:

docker docs

Welcome to like, follow and collect

Dear friends, your support and encouragement are the motivation for me to keep sharing and improve the quality

All right, that’s it for this time

Technology is open, our mentality, should be more open. Embrace change, live in the sun, and strive to move forward.

I am nezha, welcome to like the collection, see you next time ~