1. 网络的命名空间:
$ docker pull busybox
$ docker run -d --name test1 busybox /bin/sh -c "while true; do sleep 3600; done"
$ docker exec -it test1 /bin/sh
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
inet 127.0.0.1/8 scope host lo
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
$ docker exec test1 ping 192.168.205.10
PING 192.168.205.10 (192.168.205.10): 56 data bytes
64 bytes from 192.168.205.10: seq=0 ttl=64 time=0.043 ms
说明:
①. 显示网络接口(两个):lo表示本地地址、eth0
②. 这个其实就是一个网络namespace.
③. 宿主机与docker里的网络是隔离的.
④. 创建容器的同时,也创建了network namespace.
⑤. 原理与linux本身创建network namesapce是一样的.
⑥. 两个容器之间可以ping通表示两个network namesapce是可以连在一起的.
⑦. 两个容器都可以ping通宿主机2. docker内部网络:
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
93a0b5da3a99 bridge bridge local
3627f8f76a46 host host local
6ffb3a36e003 none null local3. docker里面两台container是怎样连在一起:
3.1 查看网络详情:
基于busybox镜像,docker run了两个容器test1、test2
$ docker network inspect 93a0b5da3a99(networkId)
......
"Containers": {
"b037ac6c246a......": {
"Name": "test1", # 说明test1是连到了bridge网络上的
"EndpointID": "926162eed4477......",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
},
"e9dacf8eccd......": {
"Name": "test2",
"EndpointID": "2a5fffaa448e90......",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
}
}
......