Linux运维笔记|自动化运维攻城狮
我们每启动一个docker容器,docker就会给docker容器分配一个ip,我们只要按照了docker,就会有一个网卡docker0桥接模式,使用的技术是
veth-pair技术.veth-pair 就是一对的虚拟设备接口,都是成对出现,一段连着协议,一段彼此相连
正因为有这个特性,
evth-pair充当一个桥梁,连接各种虚拟网络设备Openstack,Docker容器之间的连接,OVS的连接,都是使用
evth-pair技术
- 本机和容器内网络测试是否互通
# docker0 类似于一个路由
[root@centos72 dockerfile]# ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:7f:3b:be:4f txqueuelen 0 (Ethernet)
RX packets 300048209 bytes 53765822218 (50.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 326353914 bytes 60125182887 (55.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 容器内获取的IP地址是docker分配的`eth0: flags=4163`
[root@centos72 dockerfile]# docker exec -it ddf2d54d0fb5 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 246 bytes 343679 (335.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 258 bytes 16676 (16.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 相应服务器增加了一个
vethe81ab35: flags=4163
vethe81ab35: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 4a:ae:15:21:13:a2 txqueuelen 0 (Ethernet)
RX packets 264 bytes 17208 (16.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 252 bytes 344211 (336.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 确认服务器和容器内网络是可以互通的
[root@centos72 dockerfile]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.144 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.111 ms
--- 172.17.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.074/0.107/0.144/0.027 ms
- 再次启动一个容器,发现又多了一对网卡
vethe81ab35: flags=4163
# 启动一个新容器
# docker run -d --name mytomcat1 -p 8086:8080 leoiceo/centos7-tomcat
# 本机执行 ifconfig
......
vethe81ab35: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 4a:ae:15:21:13:a2 txqueuelen 0 (Ethernet)
RX packets 264 bytes 17208 (16.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 253 bytes 344253 (336.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos72 ~]# docker exec -it 9bb2644dc360 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 232 bytes 344660 (336.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 231 bytes 14050 (13.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 测试两个容器之间是否可以ping通
# 容器1: 172.17.0.2
# 容器2: 172.17.0.3
[root@ddf2d54d0fb5 ~]# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.125 ms
^C
--- 172.17.0.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.125/0.125/0.125/0.000 ms
容器1和容器2是公用一个路由器,docker0
所有的容器不指定网络的情况下,都是docker0路由的,docker会给我们的容器分配一个默认可用的IP
总结
Docker使用的是Linux的桥接,宿主机中是一个Dokcer容器的网桥docker0。
Docker中的所有的网络接口都是虚拟的,虚拟的转发效率高。(比如内网传递文件)
只要容器删除,对应网桥一对就没了。