docker在宿主机上虚拟了一个网桥,当创建并启动容器的时候,每一个容器默认都会被分配一个跟网桥网段一致的ip,网桥作为容器的网关,网桥与每一个容器联通,容器间通过网桥可以通信。由于网桥是虚拟出来的,外网无法进行寻址,也就是默认外网无法访问容器,需要在创建启动容器时把宿主机的端口与容器端口进行映射,通过宿主机ip端口访问容器。这是docker默认的网络,它有一个弊端是只能通过ip让容器互相访问,如果想使用容器名称或容器id互相访问需要在创建启动容器时候用link的方式修改hosts文件实现。一般使用自定义网络,自定义网络使用network创建,创建时可以指定子网网段及网关等信息,在创建并启动容器时指定使用的网络。这样在一个自定义网络里的所有容器可以直接使用容器名进行访问,如果一个容器想要访问其他网络中的容器也可以在network中进行设置,这样这个容器与目标网络的容器可以使用容器名通信。
1 默认网络docker0
用vm虚拟机测试,未启动docker 系统中有两个网络(回环网络、虚拟机网络)
当启动docker服务后,宿主机多出一个网络docker0 这就是docker默认网络
# 启动docker服务 [root@localhost ~]# systemctl start docker
启动一个tomcat容器,会发现宿主机又多出一个网络
启动tomcat [root@localhost ~]# docker run -d -p --name tomcat1 tomcat
再启动一个tomcat,会发展宿主机又多出一个网络
# 启动tomcat [root@localhost ~]# docker run -d -p --name tomcat2 tomcat
测试两个tomcat网络ip是通的
# 查看tomcat的ip地址
[root@localhost ~]# docker exec -it tomcat2 ip addr
1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state unknown group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0@if10: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state up group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 在tomcat1 ping tomcat2的ip
[root@localhost ~]# docker exec -it tomcat1 ping 172.17.0.3
ping 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.146 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.088 ms
^c
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.067/0.100/0.146/0.034 ms
在tomcat1里ping tomcat2的 容器名无法ping通
# 在tomcat1里ping tomcat2的容器名 [root@localhost ~]# docker exec -it tomcat1 ping tomcat2 ^c[root@localhost ~]#
停止tomcat1 重新创建启动tomcat 使用link 会在底层修改tomcat1 的hosts文件 实现容器名作为ip域名从而tomcat1到tomcat2的单向ping通
# 删除tomcat1
[root@localhost ~]# docker rm -f tomcat1
tomcat1
# 查看run的帮助文档 link用法
[root@localhost ~]# docker run --help
usage: docker run [options] image [command] [arg...]
run a command in a new container
options:
--add-host list add a custom host-to-ip mapping (host:ip)
-a, --attach list attach to stdin, stdout or stderr
--blkio-weight uint16 block io (relative weight), between 10 and 1000, or 0 to disable (default 0)
--blkio-weight-device list block io weight (relative device weight) (default [])
--cap-add list add linux capabilities
--cap-drop list drop linux capabilities
--cgroup-parent string optional parent cgroup for the container
--cgroupns string cgroup namespace to use (host|private)
'host': run the container in the docker host's cgroup namespace
'private': run the container in its own private cgroup namespace
'': use the cgroup namespace as configured by the
default-cgroupns-mode option on the daemon (default)
--cidfile string write the container id to the file
--cpu-period int limit cpu cfs (completely fair scheduler) period
--cpu-quota int limit cpu cfs (completely fair scheduler) quota
--cpu-rt-period int limit cpu real-time period in microseconds
--cpu-rt-runtime int limit cpu real-time runtime in microseconds
-c, --cpu-shares int cpu shares (relative weight)
--cpus decimal number of cpus
--cpuset-cpus string cpus in which to allow execution (0-3, 0,1)
--cpuset-mems string mems in which to allow execution (0-3, 0,1)
-d, --detach run container in background and print container id
--detach-keys string override the key sequence for detaching a container
--device list add a host device to the container
--device-cgroup-rule list add a rule to the cgroup allowed devices list
--device-read-bps list limit read rate (bytes per second) from a device (default [])
--device-read-iops list limit read rate (io per second) from a device (default [])
--device-write-bps list limit write rate (bytes per second) to a device (default [])
--device-write-iops list limit write rate (io per second) to a device (default [])
--disable-content-trust skip image verification (default true)
--dns list set custom dns servers
--dns-option list set dns options
--dns-search list set custom dns search domains
--domainname string container nis domain name
--entrypoint string overwrite the default entrypoint of the image
-e, --env list set environment variables
--env-file list read in a file of environment variables
--expose list expose a port or a range of ports
--gpus gpu-request gpu devices to add to the container ('all' to pass all gpus)
--group-add list add additional groups to join
--health-cmd string command to run to check health
--health-interval duration time between running the check (ms|s|m|h) (default 0s)
--health-retries int consecutive failures needed to report unhealthy
--health-start-period duration start period for the container to initialize before starting health-retries countdown
(ms|s|m|h) (default 0s)
--health-timeout duration maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help print usage
-h, --hostname string container host name
--init run an init inside the container that forwards signals and reaps processes
-i, --interactive keep stdin open even if not attached
--ip string ipv4 address (e.g., 172.30.100.104)
--ip6 string ipv6 address (e.g., 2001:db8::33)
--ipc string ipc mode to use
--isolation string container isolation technology
--kernel-memory bytes kernel memory limit
-l, --label list set meta data on a container
--label-file list read in a line delimited file of labels
--link list add link to another container
--link-local-ip list container ipv4/ipv6 link-local addresses
--log-driver string logging driver for the container
--log-opt list log driver options
--mac-address string container mac address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes memory limit
--memory-reservation bytes memory soft limit
--memory-swap bytes swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int tune container memory swappiness (0 to 100) (default -1)
--mount mount attach a filesystem mount to the container
--name string assign a name to the container
--network network connect a container to a network
--network-alias list add network-scoped alias for the container
--no-healthcheck disable any container-specified healthcheck
--oom-kill-disable disable oom killer
--oom-score-adj int tune host's oom preferences (-1000 to 1000)
--pid string pid namespace to use
--pids-limit int tune container pids limit (set -1 for unlimited)
--platform string set platform if server is multi-platform capable
--privileged give extended privileges to this container
-p, --publish list publish a container's port(s) to the host
-p, --publish-all publish all exposed ports to random ports
--pull string pull image before running ("always"|"missing"|"never") (default "missing")
--read-only mount the container's root filesystem as read only
--restart string restart policy to apply when a container exits (default "no")
--rm automatically remove the container when it exits
--runtime string runtime to use for this container
--security-opt list security options
--shm-size bytes size of /dev/shm
--sig-proxy proxy received signals to the process (default true)
--stop-signal string signal to stop a container (default "sigterm")
--stop-timeout int timeout (in seconds) to stop a container
--storage-opt list storage driver options for the container
--sysctl map sysctl options (default map[])
--tmpfs list mount a tmpfs directory
-t, --tty allocate a pseudo-tty
--ulimit ulimit ulimit options (default [])
-u, --user string username or uid (format: <name|uid>[:<group|gid>])
--userns string user namespace to use
--uts string uts namespace to use
-v, --volume list bind mount a volume
--volume-driver string optional volume driver for the container
--volumes-from list mount volumes from the specified container(s)
-w, --workdir string working directory inside the container
# 启动tomcat1 link指定要访问的容器名
[root@localhost ~]# docker run -d -p --name tomcat1 --link tomcat2 tomcat
f78c51961662a1d3558fc8d0d95906b902a7a042f251a60858e72bcfa62e7a08
# 测试ping
[root@localhost ~]# docker exec -it tomcat1 ping tomcat2
ping tomcat2 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat2 (172.17.0.3): icmp_seq=1 ttl=64 time=0.088 ms
64 bytes from tomcat2 (172.17.0.3): icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from tomcat2 (172.17.0.3): icmp_seq=3 ttl=64 time=0.071 ms
^c
--- tomcat2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.071/0.076/0.088/0.012 ms
# 查看tomcat1的hosts已经加入了tomcat2的域名
[root@localhost ~]# docker exec -it tomcat1 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat2 27766c324de6
172.17.0.2 f78c51961662
# tomcat2无法ping通tomcat1
[root@localhost ~]# docker exec -it tomcat2 ping tomcat1
^c[root@localhost ~]#
2 自定义网络
需要用到network命令
# 查看帮助文档 [root@localhost ~]# docker network --help usage: docker network command manage networks commands: connect connect a container to a network create create a network disconnect disconnect a container from a network inspect display detailed information on one or more networks ls list networks prune remove all unused networks rm remove one or more networks run 'docker network command --help' for more information on a command.
列出当前的docker网络 bridge为 默认网络docker0
[root@localhost ~]# docker network ls network id name driver scope 9b27ff0926bf bridge bridge local 8dfa2efae677 host host local 2025b7fb1d7c none null local
创建网络mynet
[root@localhost ~]# docker network create --help
usage: docker network create [options] network
create a network
options:
--attachable enable manual container attachment
--aux-address map auxiliary ipv4 or ipv6 addresses used by network driver (default map[])
--config-from string the network from which to copy the configuration
--config-only create a configuration only network
-d, --driver string driver to manage the network (default "bridge")
--gateway strings ipv4 or ipv6 gateway for the master subnet
--ingress create swarm routing-mesh network
--internal restrict external access to the network
--ip-range strings allocate container ip from a sub-range
--ipam-driver string ip address management driver (default "default")
--ipam-opt map set ipam driver specific options (default map[])
--ipv6 enable ipv6 networking
--label list set metadata on a network
-o, --opt map set driver specific options (default map[])
--scope string control the network's scope
--subnet strings subnet in cidr format that represents a network segment
[root@localhost ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
1abaa8e6a387bc8bbc7ac50d9f2289e96a143a92f074e90f698bd70411c86672
[root@localhost ~]# docker network inspect mynet
[
{
"name": "mynet",
"id": "1abaa8e6a387bc8bbc7ac50d9f2289e96a143a92f074e90f698bd70411c86672",
"created": "2021-05-13t11:21:13.494039122+08:00",
"scope": "local",
"driver": "bridge",
"enableipv6": false,
"ipam": {
"driver": "default",
"options": {},
"config": [
{
"subnet": "192.168.0.0/16",
"gateway": "192.168.0.1"
}
]
},
"internal": false,
"attachable": false,
"ingress": false,
"configfrom": {
"network": ""
},
"configonly": false,
"containers": {},
"options": {},
"labels": {}
}
]
使用mynet创建启动两个tomcat,他们可以直接通过容器名称双向互相ping通
[root@localhost ~]# docker run --help
usage: docker run [options] image [command] [arg...]
run a command in a new container
options:
--add-host list add a custom host-to-ip mapping (host:ip)
-a, --attach list attach to stdin, stdout or stderr
--blkio-weight uint16 block io (relative weight), between 10 and 1000, or 0 to disable (default 0)
--blkio-weight-device list block io weight (relative device weight) (default [])
--cap-add list add linux capabilities
--cap-drop list drop linux capabilities
--cgroup-parent string optional parent cgroup for the container
--cgroupns string cgroup namespace to use (host|private)
'host': run the container in the docker host's cgroup namespace
'private': run the container in its own private cgroup namespace
'': use the cgroup namespace as configured by the
default-cgroupns-mode option on the daemon (default)
--cidfile string write the container id to the file
--cpu-period int limit cpu cfs (completely fair scheduler) period
--cpu-quota int limit cpu cfs (completely fair scheduler) quota
--cpu-rt-period int limit cpu real-time period in microseconds
--cpu-rt-runtime int limit cpu real-time runtime in microseconds
-c, --cpu-shares int cpu shares (relative weight)
--cpus decimal number of cpus
--cpuset-cpus string cpus in which to allow execution (0-3, 0,1)
--cpuset-mems string mems in which to allow execution (0-3, 0,1)
-d, --detach run container in background and print container id
--detach-keys string override the key sequence for detaching a container
--device list add a host device to the container
--device-cgroup-rule list add a rule to the cgroup allowed devices list
--device-read-bps list limit read rate (bytes per second) from a device (default [])
--device-read-iops list limit read rate (io per second) from a device (default [])
--device-write-bps list limit write rate (bytes per second) to a device (default [])
--device-write-iops list limit write rate (io per second) to a device (default [])
--disable-content-trust skip image verification (default true)
--dns list set custom dns servers
--dns-option list set dns options
--dns-search list set custom dns search domains
--domainname string container nis domain name
--entrypoint string overwrite the default entrypoint of the image
-e, --env list set environment variables
--env-file list read in a file of environment variables
--expose list expose a port or a range of ports
--gpus gpu-request gpu devices to add to the container ('all' to pass all gpus)
--group-add list add additional groups to join
--health-cmd string command to run to check health
--health-interval duration time between running the check (ms|s|m|h) (default 0s)
--health-retries int consecutive failures needed to report unhealthy
--health-start-period duration start period for the container to initialize before starting health-retries countdown
(ms|s|m|h) (default 0s)
--health-timeout duration maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help print usage
-h, --hostname string container host name
--init run an init inside the container that forwards signals and reaps processes
-i, --interactive keep stdin open even if not attached
--ip string ipv4 address (e.g., 172.30.100.104)
--ip6 string ipv6 address (e.g., 2001:db8::33)
--ipc string ipc mode to use
--isolation string container isolation technology
--kernel-memory bytes kernel memory limit
-l, --label list set meta data on a container
--label-file list read in a line delimited file of labels
--link list add link to another container
--link-local-ip list container ipv4/ipv6 link-local addresses
--log-driver string logging driver for the container
--log-opt list log driver options
--mac-address string container mac address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes memory limit
--memory-reservation bytes memory soft limit
--memory-swap bytes swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int tune container memory swappiness (0 to 100) (default -1)
--mount mount attach a filesystem mount to the container
--name string assign a name to the container
--network network connect a container to a network
--network-alias list add network-scoped alias for the container
--no-healthcheck disable any container-specified healthcheck
--oom-kill-disable disable oom killer
--oom-score-adj int tune host's oom preferences (-1000 to 1000)
--pid string pid namespace to use
--pids-limit int tune container pids limit (set -1 for unlimited)
--platform string set platform if server is multi-platform capable
--privileged give extended privileges to this container
-p, --publish list publish a container's port(s) to the host
-p, --publish-all publish all exposed ports to random ports
--pull string pull image before running ("always"|"missing"|"never") (default "missing")
--read-only mount the container's root filesystem as read only
--restart string restart policy to apply when a container exits (default "no")
--rm automatically remove the container when it exits
--runtime string runtime to use for this container
--security-opt list security options
--shm-size bytes size of /dev/shm
--sig-proxy proxy received signals to the process (default true)
--stop-signal string signal to stop a container (default "sigterm")
--stop-timeout int timeout (in seconds) to stop a container
--storage-opt list storage driver options for the container
--sysctl map sysctl options (default map[])
--tmpfs list mount a tmpfs directory
-t, --tty allocate a pseudo-tty
--ulimit ulimit ulimit options (default [])
-u, --user string username or uid (format: <name|uid>[:<group|gid>])
--userns string user namespace to use
--uts string uts namespace to use
-v, --volume list bind mount a volume
--volume-driver string optional volume driver for the container
--volumes-from list mount volumes from the specified container(s)
-w, --workdir string working directory inside the container
[root@localhost ~]# docker run -d -p --name tomcat-n-1 --network mynet tomcat
404e4e63622b207af2ed534e768996f4d1cba4c798bba9e5d9b33c42711eaa4a
[root@localhost ~]# docker run -d -p --name tomcat-n-2 --network mynet tomcat
f6352fb3db01beed6ddf17ef84999a4ab209f026a6137b3bc7e35335d434785f
[root@localhost ~]# docker ps
container id image command created status ports names
f6352fb3db01 tomcat "catalina.sh run" 3 seconds ago up 2 seconds 0.0.0.0:49159->8080/tcp, :::49159->8080/tcp tomcat-n-2
404e4e63622b tomcat "catalina.sh run" 10 seconds ago up 9 seconds 0.0.0.0:49158->8080/tcp, :::49158->8080/tcp tomcat-n-1
f78c51961662 tomcat "catalina.sh run" 15 minutes ago up 15 minutes 0.0.0.0:49157->8080/tcp, :::49157->8080/tcp tomcat1
27766c324de6 tomcat "catalina.sh run" 16 minutes ago up 16 minutes 0.0.0.0:49156->8080/tcp, :::49156->8080/tcp tomcat2
[root@localhost ~]# docker exec -it tomcat-n-1 ping tomcat-n-2
ping tomcat-n-2 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-n-2.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from tomcat-n-2.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from tomcat-n-2.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.164 ms
^c
--- tomcat-n-2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.069/0.111/0.164/0.041 ms
查看mynet网络的详细信息,包含了启动的两个tomcat容器的网络信息
[root@localhost ~]# docker network inspect mynet
[
{
"name": "mynet",
"id": "1abaa8e6a387bc8bbc7ac50d9f2289e96a143a92f074e90f698bd70411c86672",
"created": "2021-05-13t11:21:13.494039122+08:00",
"scope": "local",
"driver": "bridge",
"enableipv6": false,
"ipam": {
"driver": "default",
"options": {},
"config": [
{
"subnet": "192.168.0.0/16",
"gateway": "192.168.0.1"
}
]
},
"internal": false,
"attachable": false,
"ingress": false,
"configfrom": {
"network": ""
},
"configonly": false,
"containers": {
"404e4e63622b207af2ed534e768996f4d1cba4c798bba9e5d9b33c42711eaa4a": {
"name": "tomcat-n-1",
"endpointid": "b9efbd78daabe9345ade2a2e55291b7646d01679516e2f0be1efd5c2d6fea6b8",
"macaddress": "02:42:c0:a8:00:02",
"ipv4address": "192.168.0.2/16",
"ipv6address": ""
},
"f6352fb3db01beed6ddf17ef84999a4ab209f026a6137b3bc7e35335d434785f": {
"name": "tomcat-n-2",
"endpointid": "6b05a1ceff43514305bf3d0adf9e30ba8007db5ec8349d47f96ff2b216912fc0",
"macaddress": "02:42:c0:a8:00:03",
"ipv4address": "192.168.0.3/16",
"ipv6address": ""
}
},
"options": {},
"labels": {}
}
]
启动一个tomcat3使用默认网络docker0
[root@localhost ~]# docker run -d -p --name tomcat3 tomcat
90e94ac30a3c61b493d2ea38c32cf5dddb781e88c30547b609db765b15d7d1e0
[root@localhost ~]# docker network ls
network id name driver scope
9b27ff0926bf bridge bridge local
8dfa2efae677 host host local
1abaa8e6a387 mynet bridge local
2025b7fb1d7c none null local
# 查看docker0详细信息 tomcat3出现在默认网络里
[root@localhost ~]# docker network inspect 9b27ff0926bf
[
{
"name": "bridge",
"id": "9b27ff0926bf22d0828ccd07d6e14eb17d96a4989f9def6f9118c099cf1ca1c6",
"created": "2021-05-13t10:51:20.244232273+08:00",
"scope": "local",
"driver": "bridge",
"enableipv6": false,
"ipam": {
"driver": "default",
"options": null,
"config": [
{
"subnet": "172.17.0.0/16",
"gateway": "172.17.0.1"
}
]
},
"internal": false,
"attachable": false,
"ingress": false,
"configfrom": {
"network": ""
},
"configonly": false,
"containers": {
"27766c324de619b24e2ed522d8064c5a4610c8f509ff0aed8fa1719691f01bf1": {
"name": "tomcat2",
"endpointid": "de913778ce2d7478e25daca26809aa75c9093c43853d9420c70886fb16741722",
"macaddress": "02:42:ac:11:00:03",
"ipv4address": "172.17.0.3/16",
"ipv6address": ""
},
"90e94ac30a3c61b493d2ea38c32cf5dddb781e88c30547b609db765b15d7d1e0": {
"name": "tomcat3",
"endpointid": "2223e522a0950b846bb7691b31f60bbd88ab3c9b8e71d601a495cce39387b8cc",
"macaddress": "02:42:ac:11:00:04",
"ipv4address": "172.17.0.4/16",
"ipv6address": ""
},
"f78c51961662a1d3558fc8d0d95906b902a7a042f251a60858e72bcfa62e7a08": {
"name": "tomcat1",
"endpointid": "59299fdca5497e55dc5a94e408529cc98819b673568720c81aa1c554dff1bbe5",
"macaddress": "02:42:ac:11:00:02",
"ipv4address": "172.17.0.2/16",
"ipv6address": ""
}
},
"options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"labels": {}
}
]
tomcat3和mynet不在一个网络,tomcat3无法访问mynet网络里的两个tomcat,可以使用network打通tomcat3和mynetwork,实现双向互相访问(支持容器名称)。
# 查看mynet网络里容器的ip
[root@localhost ~]# docker network inspect mynet
[
{
"name": "mynet",
"id": "1abaa8e6a387bc8bbc7ac50d9f2289e96a143a92f074e90f698bd70411c86672",
"created": "2021-05-13t11:21:13.494039122+08:00",
"scope": "local",
"driver": "bridge",
"enableipv6": false,
"ipam": {
"driver": "default",
"options": {},
"config": [
{
"subnet": "192.168.0.0/16",
"gateway": "192.168.0.1"
}
]
},
"internal": false,
"attachable": false,
"ingress": false,
"configfrom": {
"network": ""
},
"configonly": false,
"containers": {
"404e4e63622b207af2ed534e768996f4d1cba4c798bba9e5d9b33c42711eaa4a": {
"name": "tomcat-n-1",
"endpointid": "b9efbd78daabe9345ade2a2e55291b7646d01679516e2f0be1efd5c2d6fea6b8",
"macaddress": "02:42:c0:a8:00:02",
"ipv4address": "192.168.0.2/16",
"ipv6address": ""
},
"f6352fb3db01beed6ddf17ef84999a4ab209f026a6137b3bc7e35335d434785f": {
"name": "tomcat-n-2",
"endpointid": "6b05a1ceff43514305bf3d0adf9e30ba8007db5ec8349d47f96ff2b216912fc0",
"macaddress": "02:42:c0:a8:00:03",
"ipv4address": "192.168.0.3/16",
"ipv6address": ""
}
},
"options": {},
"labels": {}
}
]
# tomcat3 ping ip不通
[root@localhost ~]# docker exec -it tomcat3 ping 192.168.0.2
ping 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
^c
--- 192.168.0.2 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 11ms
[root@localhost ~]# docker exec -it tomcat3 ping 192.168.0.3
ping 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
^c
--- 192.168.0.3 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 20ms
# 使用connect联通一个网络和另外一个网络里的容器,可以互相容器名称访问 [root@localhost ~]# docker network connect --help usage: docker network connect [options] network container connect a container to a network options: --alias strings add network-scoped alias for the container --driver-opt strings driver options for the network --ip string ipv4 address (e.g., 172.30.100.104) --ip6 string ipv6 address (e.g., 2001:db8::33) --link list add link to another container --link-local-ip strings add a link-local address for the container [root@localhost ~]# docker network connect mynet tomcat3 [root@localhost ~]# docker exec -it tomcat3 ping tomcat-n-1 ping tomcat-n-1 (192.168.0.2) 56(84) bytes of data. 64 bytes from tomcat-n-1.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.235 ms 64 bytes from tomcat-n-1.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.070 ms 64 bytes from tomcat-n-1.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.064 ms ^c --- tomcat-n-1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 6ms rtt min/avg/max/mdev = 0.064/0.123/0.235/0.079 ms [root@localhost ~]# docker exec -it tomcat-n-1 ping tomcat3 ping tomcat3 (192.168.0.4) 56(84) bytes of data. 64 bytes from tomcat3.mynet (192.168.0.4): icmp_seq=1 ttl=64 time=0.055 ms 64 bytes from tomcat3.mynet (192.168.0.4): icmp_seq=2 ttl=64 time=0.169 ms 64 bytes from tomcat3.mynet (192.168.0.4): icmp_seq=3 ttl=64 time=0.194 ms ^c --- tomcat3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 6ms rtt min/avg/max/mdev = 0.055/0.139/0.194/0.061 ms
以上就是docker网络原理及自定义网络详细解析的详细内容,更多关于docker网络原理的资料请关注www.887551.com其它相关文章!