2. it技术
  3. Docker网络笔记

Docker网络笔记

it2025-02-12  22

Docker 网络

理解Docker0

测试

三个网络

# 问题: docker 是如何处理容器网络访问的?

注:那个容器的ID(ca5d44e0a844)是我创建的centos的容器的ID

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -it centos /bin/bash [root@ca5d44e0a844 /]# [root@iZuf61n8ywv9zx27oeoajoZ /] #这里按了 Ctrl + P + Q #查看容器的内部网络地址 ip addr , 发现容器启动的时候会得到一个 eth0@if2176 ip地址 , docker分配的 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it ca5d44e0a844 ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2175: eth0@if2176: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever #思考:linux能不能 ping 通容器内部! [root@iZuf61n8ywv9zx27oeoajoZ /]# ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.052 ms 64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.039 ms 64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.042 ms 64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.042 ms #linux 可以ping 通 docker 容器内部

原理

我们每安装一个docker容器, docker就会给docker容器分配一个ip, 我们只要安装了docker, 就会有一个网卡 docker0

桥接模式, 使用的技术是 evth-pair技术

再次测试 ip addr

[root@iZuf61n8ywv9zx27oeoajoZ /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:16:93:3d brd ff:ff:ff:ff:ff:ff inet 172.19.14.174/20 brd 172.19.15.255 scope global dynamic eth0 valid_lft 315301052sec preferred_lft 315301052sec 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:64:79:d4:89 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 6: br-a8b173597bb8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:c3:7c:be:ea brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a8b173597bb8 valid_lft forever preferred_lft forever 2176: veth9a1d701@if2175: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 16:85:4a:83:39:57 brd ff:ff:ff:ff:ff:ff link-netnsid 0 # 可以看到 启动一个容器后, 再次测试, 又多了一个地址(并且紧接着容器的序号2175)

再启动一个容器测试 , 发现又多了一对网卡~

注意:我们前台没有进程,所以采用 下面第一行的方式(在上面一个小坑里有讲)

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos03 centos /bin/bash b65544cf33c7be0495fe10c104ee21f8c8dfb96148bd89811aff2d0f49e58e98 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b65544cf33c7 centos "/bin/bash" 4 seconds ago Up 3 seconds centos03 ca5d44e0a844 centos "/bin/bash" 2 hours ago Up 2 hours angry_albattani [root@iZuf61n8ywv9zx27oeoajoZ /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:16:93:3d brd ff:ff:ff:ff:ff:ff inet 172.19.14.174/20 brd 172.19.15.255 scope global dynamic eth0 valid_lft 315295582sec preferred_lft 315295582sec 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:64:79:d4:89 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 6: br-a8b173597bb8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:c3:7c:be:ea brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a8b173597bb8 valid_lft forever preferred_lft forever 2176: veth9a1d701@if2175: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 16:85:4a:83:39:57 brd ff:ff:ff:ff:ff:ff link-netnsid 0 2184: vethba9afa3@if2183: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 52:a3:09:4b:af:a3 brd ff:ff:ff:ff:ff:ff link-netnsid 1 # 可以发现, 当我又启动一个容器之后,发现又多了一对网卡 2184: vethba9afa3@if2183 #我们发现这个容器带来网卡, 都是一对对的 #evth-pair 就是一对的虚拟设备接口, 它们都是成对出现的, 一段接着协议, 一段彼此连接 #正因为有了这个特性, evth-pair 充当一个桥梁, 连接各种虚拟网络设备的 #OpenStac, Docker容器之间的连接, ovs的连接,都是使用 evth-pair技术

我们在测试一下 centos03 和 angry_albattani(第一个创建的centos容器,忘记起名了) 是否可以 ping 通

注:172.17.0.3就是 centos03 的地址

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it angry_albattani ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.070 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.050 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.052 ms # 结论: 容器和容器之间是可以互相 ping 通的 !

网络模型图

结论:

tomcat01 和 tomcat02 是公用的一个路由器 , docker0所有的容器不指定网络的情况下, 都是docker0 路由的, docker 会给我们的容器分配一个默认的可用ip再来个图

Docker中所有的网络接口都是虚拟的。 虚拟的转发效率高!(内网传递文件!)

(注: 由上图还可以知道bridge 是 默认的)

只要容器删除, 对应的网桥就没了

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b65544cf33c7 centos "/bin/bash" 29 minutes ago Up 29 minutes centos03 ca5d44e0a844 centos "/bin/bash" 2 hours ago Up 2 hours angry_albattani [root@iZuf61n8ywv9zx27oeoajoZ /]# docker stop ca5d44e0a844 ca5d44e0a844 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b65544cf33c7 centos "/bin/bash" 29 minutes ago Up 29 minutes centos03 [root@iZuf61n8ywv9zx27oeoajoZ /]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:16:3e:16:93:3d brd ff:ff:ff:ff:ff:ff inet 172.19.14.174/20 brd 172.19.15.255 scope global dynamic eth0 valid_lft 315293800sec preferred_lft 315293800sec 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:64:79:d4:89 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 6: br-a8b173597bb8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:c3:7c:be:ea brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a8b173597bb8 valid_lft forever preferred_lft forever 2184: vethba9afa3@if2183: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 52:a3:09:4b:af:a3 brd ff:ff:ff:ff:ff:ff link-netnsid 1 # 我们可以发现, 一开始的centos镜像的那对网卡 2176: veth9a1d701@if2175: 没了

–link

思考一个场景, 我们编写了一个微服务, database url=ip:,项目不重启, 数据库ip换掉了, 我么希望可以处理这个问题,可以用名字来进行访问容器?

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos04 centos /bin/bash 43d1f86349ce46b03a091761fd6ff4a97b192e7b642c6463173f3f7316616337 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 43d1f86349ce centos "/bin/bash" 6 seconds ago Up 5 seconds centos04 b65544cf33c7 centos "/bin/bash" 38 minutes ago Up 38 minutes centos03 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos03 ping centos04 ping: centos04: Name or service not known # 我们可以发现, 直接用容器名 ping 另一个容器是行不通的 #如何解决呢? #通过 --link 即可以解决网络连通问题 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos05 --link centos04 centos /bin/bash 1260d728cb24544185c37b0eb60bae4f4d662ffb21cbb1174a763bc518e29d92 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos05 ping centos04 PING centos04 (172.17.0.2) 56(84) bytes of data. 64 bytes from centos04 (172.17.0.2): icmp_seq=1 ttl=64 time=0.083 ms 64 bytes from centos04 (172.17.0.2): icmp_seq=2 ttl=64 time=0.060 ms 64 bytes from centos04 (172.17.0.2): icmp_seq=3 ttl=64 time=0.056 ms ^C --- centos04 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2ms rtt min/avg/max/mdev = 0.056/0.066/0.083/0.013 ms #反向可以ping通吗? [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos04 ping centos05 ping: centos05: Name or service not known # 显然不可以, 因为 04没有配置

探究(inspect)

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker network ls NETWORK ID NAME DRIVER SCOPE 7059ad9236ba bridge bridge local 96c9192b5221 host host local 8756c5d558ef none null local a8b173597bb8 test_default bridge local [root@iZuf61n8ywv9zx27oeoajoZ /]# docker inspect 7059ad9236ba [ { "Name": "bridge", "Id": "7059ad9236bad2eee836e13703a8f05325ed6b5e5cdbe112f1481014efc3cf5b", "Created": "2020-10-14T19:30:30.253219699+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { # 这里面是docker为我们的容器创建的ip "1260d728cb24544185c37b0eb60bae4f4d662ffb21cbb1174a763bc518e29d92": { "Name": "centos05", "EndpointID": "180cd2dc4850406edbd3291bdcbdfddd23bfc50bbc8f1c8b4fd3388c3f27d6d3", "MacAddress": "02:42:ac:11:00:04", "IPv4Address": "172.17.0.4/16", "IPv6Address": "" }, "43d1f86349ce46b03a091761fd6ff4a97b192e7b642c6463173f3f7316616337": { "Name": "centos04", "EndpointID": "804900ff82149ea805e5e337b729a673542e35288bd804bad9688ee9ab5e13d4", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" }, "b65544cf33c7be0495fe10c104ee21f8c8dfb96148bd89811aff2d0f49e58e98": { "Name": "centos03", "EndpointID": "f5ad654d67967d5282920f342072c55aeaa378de9b4b3634dc8ce88c10cc53bc", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ]

link的原理

其实这个centos05 就是在本地配置了centos04的配置?

#查看 hosts 配置,在这里发现了! [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos05 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 centos04 43d1f86349ce #### 172.17.0.4 1260d728cb24 # 所以说, --link就是在我们在hosts配置中增加了一个172.17.0.2 centos04 43d1f86349ce

但是,现在docker已经不建议使用 --link了!

我们现在用

自定义网络! 不适用docker0

docker0问题:它不支持容器名连接访问!

自定义网络

容器互联(–link 和 自定义网络)

#查看所有的docker网络 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network ls NETWORK ID NAME DRIVER SCOPE 7059ad9236ba bridge bridge local 96c9192b5221 host host local 8756c5d558ef none null local a8b173597bb8 test_default bridge local

网络模式

bridge:桥接docker(默认,自己创建也使用这个模式)

none:不配置网络

host:和宿主机共享网络

container:容器内网络连通!(用得少!局限很大)

测试

#我们直接启动的命令 --net bridge,而这个就是我们的docker0 docker run -d -P --name tomcat01 tomcat docker run -d -P --name tomcat01 --net bridge tomcat #docker0特点, 默认,域名不能访问, --link可以打通连接! #我们可以自定义一个网络! #--driver bridge #--subnet 192.168.0.0/16 #--gateway 192.168.0.1 # mynet是网络名字 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet f706d88435d522786ea60d5777241e31b2daefc4c458ce0d49d18c2741407a51 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network ls NETWORK ID NAME DRIVER SCOPE 7059ad9236ba bridge bridge local 96c9192b5221 host host local f706d88435d5 mynet bridge local 8756c5d558ef none null local a8b173597bb8 test_default bridge local [root@iZuf61n8ywv9zx27oeoajoZ /]# docker inspect mynet [ { "Name": "mynet", "Id": "f706d88435d522786ea60d5777241e31b2daefc4c458ce0d49d18c2741407a51", "Created": "2020-10-15T14:35:54.0864644+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", #跟我们设置的一样 "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ]

再次测试(用mynet)

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos-net-01 --net mynet centos /bin/bash d89d299fd40b33457a8530a90b9d4c673ad30c984ad1b1abe18d97919a6bd243 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos-net-02 --net mynet centos /bin/bash 4f7674333b67301b03e32578f1d205fa43f096d83d2a51205b4942f5b5740ebc [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network inspect mynet [ { "Name": "mynet", "Id": "f706d88435d522786ea60d5777241e31b2daefc4c458ce0d49d18c2741407a51", "Created": "2020-10-15T14:35:54.0864644+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { # 我们自己创建的网络下有刚刚创建的两个容器ip "4f7674333b67301b03e32578f1d205fa43f096d83d2a51205b4942f5b5740ebc": { "Name": "centos-net-02", "EndpointID": "a4460f7d21cfd606eaaf299c22cf18e38e30b788f9d7bad1927187e5b3899274", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16",# 并且ip范围在我们设置的区间里 "IPv6Address": "" }, "d89d299fd40b33457a8530a90b9d4c673ad30c984ad1b1abe18d97919a6bd243": { "Name": "centos-net-01", "EndpointID": "2efbfb4dd6b21eceb02736d87893be12070445853b7fec45eb7c9fb638e6ca12", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", #ip范围在我们设置的区间里 "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] # 再次进行--link中的测试 (通过ip 和 名称ping) [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos-net-01 ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.065 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.052 ms ^C --- 192.168.0.3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.052/0.058/0.065/0.010 ms #现在不使用--link也可以ping名字了 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos-net-01 ping centos-net-02 PING centos-net-02 (192.168.0.3) 56(84) bytes of data. 64 bytes from centos-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.041 ms 64 bytes from centos-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.055 ms 64 bytes from centos-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.056 ms ^C --- centos-net-02 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.041/0.050/0.056/0.010 ms

我们自定义的网络docker都已经帮我们维护好了相对应的关系, 推荐我们平时这样使用网络!

好处:

redis-不同的集群使用不同的网络 , 保证集群是安全和健康的

mysql-不同的集群使用不同的网络 , 保证集群是安全和健康的

网络连通

[root@iZuf61n8ywv9zx27oeoajoZ /]# docker network --help Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network create Create a network disconnect Disconnect a container from a network inspect Display detailed information on one or more networks ls List networks prune Remove all unused networks rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command. # 我们可以用 docker network connect 来连通其它网络 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network connect --help Usage: docker network connect [OPTIONS] NETWORK CONTAINER Connect a container to a network Options: --alias strings Add network-scoped alias for the container --driver-opt strings driver options for the network --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --link list Add link to another container --link-local-ip strings Add a link-local address for the container #我们先在docker0下面创建两个容器 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos-net-01 --net mynet centos /bin/bash d89d299fd40b33457a8530a90b9d4c673ad30c984ad1b1abe18d97919a6bd243 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker run -dit --name centos-net-02 --net mynet centos /bin/bash 4f7674333b67301b03e32578f1d205fa43f096d83d2a51205b4942f5b5740ebc [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos02 ping centos-net-01 ping: centos-net-01: Name or service not known # 可以发现,不同网段的容器之间是ping不通的 mynet是192.168.0.0/16 docker0是 172.17.0.0/16

测试

#测试打通 centos01 和 mynet #连通之后就是将 centos01 放到了mynet网络下? #一个容器两个ip地址! 阿里云服务:公网ip 私网ip [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network connect mynet centos01 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker network inspect mynet 。。。 "Containers": { "4f7674333b67301b03e32578f1d205fa43f096d83d2a51205b4942f5b5740ebc": { "Name": "centos-net-02", "EndpointID": "a4460f7d21cfd606eaaf299c22cf18e38e30b788f9d7bad1927187e5b3899274", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" }, "d89d299fd40b33457a8530a90b9d4c673ad30c984ad1b1abe18d97919a6bd243": { "Name": "centos-net-01", "EndpointID": "2efbfb4dd6b21eceb02736d87893be12070445853b7fec45eb7c9fb638e6ca12", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "e2ce4f39344b9c97086ca872f3af86648dcd17a4e55a68ebbc6d3ee5688658fb": { "Name": "centos01", #我们可以发现,centos01 被放到了mynet网络下 "EndpointID": "a0557f498b6c443b20220c1726f3bb5c6bc9d761a88531e5880a86436e0dff6a", "MacAddress": "02:42:c0:a8:00:04", "IPv4Address": "192.168.0.4/16", "IPv6Address": "" } }, 。。。 #1、连通ok [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos01 ping centos-net-01 PING centos-net-01 (192.168.0.2) 56(84) bytes of data. 64 bytes from centos-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.062 ms 64 bytes from centos-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.053 ms 64 bytes from centos-net-01.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.055 ms ^C --- centos-net-01 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.053/0.056/0.062/0.009 ms #2、是依旧打不通的 [root@iZuf61n8ywv9zx27oeoajoZ /]# docker exec -it centos02 ping centos-net-01 ping: centos-net-01: Name or service not known

结论:假设要跨网络操作别人, 就需要使用 docker network connect连通!

最新回复(0)