linuxea:白话容器之docker网络名称空间(10)


此前我们知道在容器中一共有6个名称空间是被隔离的,其中NET,UTS,ITC是能够共享的。

其中网络也有多种方式,现在我们可以使用ip route模拟容器的名称空间。ip netns命令来进行添加,编辑等。

I. 网络名称空间

我们手动创建名称空间,网络名称空间

添加linuxea-r1和linuxea-r2网络名称空间,并进行配置虚拟网卡对,而后配置ip,模拟

先添加linuxea-r1和linuxea-r2网络名称空间

[root@linuxea.com146 ~]# ip netns add linuxea-r1
[root@linuxea.com146 ~]# ip netns add linuxea-r2

列出网络名称空间

[root@linuxea.com146 ~]# ip netns list
linuxea-r2
linuxea-r1

使用exec 和ip a查看,在netnamespace中是没有任何接口的

[root@linuxea.com146 ~]#  ip netns exec linuxea-r1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@linuxea.com146 ~]#  ip netns exec linuxea-r2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

现在,可以使用ip命令,创建虚拟网卡对,而后手动分配到这个网络名称空间中

name指明名称veth1.1,指明类型type veth,peer另外一半的veth1.2

[root@linuxea.com146 ~]# ip link add name veth1.1 type  veth peer name veth1.2

虚拟网卡是成对出现的

[root@linuxea.com146 ~]# ip link sh
....
1198: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 2e:4a:03:95:ab:e3 brd ff:ff:ff:ff:ff:ff
1199: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 26:fb:90:88:02:91 brd ff:ff:ff:ff:ff:ff
....    

现在可以将verh1.2 放到刚创建的名称空间linuxea-r1中

[root@linuxea.com146 ~]# ip link set dev veth1.2 netns linuxea-r1

verh1.2已经没有了,只剩下veth1.1,一个设备只能属于是一个名称空间

[root@linuxea.com146 ~]# ip link show
...
1199: veth1.1@if1198: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 26:fb:90:88:02:91 brd ff:ff:ff:ff:ff:ff link-netnsid 0

而后切入到linuxea-r1中查看,veth1.2已在此中了。这样就完成了网卡调用

[root@linuxea.com146 ~]#  ip netns exec linuxea-r1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1198: veth1.2@if1199: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 2e:4a:03:95:ab:e3 brd ff:ff:ff:ff:ff:ff link-netnsid 0

可以修改网卡名称,veth1.2 成 eth0

[root@linuxea.com146 ~]#  ip netns exec linuxea-r1 ip link set dev veth1.2 name eth0

在查看已经被修改了

[root@linuxea.com146 ~]# ip netns exec linuxea-r1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1198: eth0@if1199: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 2e:4a:03:95:ab:e3 brd ff:ff:ff:ff:ff:ff link-netnsid 0

配置一个ip地址,并且激活

[root@linuxea.com146 ~]# ip addr add 10.10.240.147/24 dev veth1.1
[root@linuxea.com146 ~]# ip link set veth1.1 up
[root@linuxea.com146 ~]# ip a
...
1199: veth1.1@if1198: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN qlen 1000
    link/ether 26:fb:90:88:02:91 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.10.240.147/24 scope global veth1.1
       valid_lft forever preferred_lft forever

而后将 linuxea-r1 中的eth0也设置ip

[root@linuxea.com146 ~]# ip netns exec linuxea-r1 ip  addr add 10.10.240.148/24 dev eth0

并且up

[root@linuxea.com146 ~]# ip netns exec linuxea-r1 ip  link set eth0 up

现在 linuxea-r1就有了这个10.10.240.148ip地址

[root@linuxea.com146 ~]# ip netns exec linuxea-r1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1198: eth0@if1199: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 2e:4a:03:95:ab:e3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.10.240.148/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2c4a:3ff:fe95:abe3/64 scope link 
       valid_lft forever preferred_lft forever

在宿主机并且可以Ping通

[root@linuxea.com146 ~]# ping 10.10.240.148
PING 10.10.240.148 (10.10.240.148) 56(84) bytes of data.
64 bytes from 10.10.240.148: icmp_seq=1 ttl=64 time=0.062 ms

且mac地址就是 linuxea-r1的10.10.240.148的mac地址。

[root@linuxea.com146 ~]# arping -I veth1.1 10.10.240.148 
ARPING 10.10.240.148 from 10.10.240.147 veth1.1
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.525ms
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.534ms
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.532ms
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.534ms
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.543ms
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.533ms
Unicast reply from 10.10.240.148 [2E:4A:03:95:AB:E3]  0.539ms
^CSent 7 probes (1 broadcast(s))
Received 7 response(s)
[root@linuxea.com146 ~]# 

那我们如法炮制,把另外一张网卡对也加入到linuxea-r2中

[root@linuxea.com146 ~]# ip link set dev veth1.1 netns linuxea-r2

现在本机就么有了

[root@linuxea.com146 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 88:88:2f:5e:7d:24 brd ff:ff:ff:ff:ff:ff
    inet 10.10.240.146/8 brd 10.255.255.255 scope global dynamic eth0
       valid_lft 56314sec preferred_lft 56314sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 02:42:44:e6:6c:9d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
1193: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN 
    link/ether aa:fd:72:43:fc:f7 brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
1194: cni0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 0a:58:ac:10:02:01 brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.1/24 scope global cni0
       valid_lft forever preferred_lft forever

回到linuxea-r2内,veth1.1尚未激活

[root@linuxea.com146 ~]# ip netns exec linuxea-r2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1199: veth1.1@if1198: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 26:fb:90:88:02:91 brd ff:ff:ff:ff:ff:ff link-netnsid 0

我们这次设置ip是10.10.240.149,并且激活

[root@linuxea.com146 ~]# ip netns exec linuxea-r2 ip addr add 10.10.240.149/24 dev veth1.1
[root@linuxea.com146 ~]# ip netns exec linuxea-r2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1199: veth1.1@if1198: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 26:fb:90:88:02:91 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.10.240.149/24 scope global veth1.1
       valid_lft forever preferred_lft forever

激活

[root@linuxea.com146 ~]# ip netns exec linuxea-r2  ip link set veth1.1 up

回到linuxea-r1 ping linuxea-r2的10.10.240.149,也就是10.10.240.148 ping 149

[root@linuxea.com146 ~]# ip netns exec linuxea-r1 ping 10.10.240.149
PING 10.10.240.149 (10.10.240.149) 56(84) bytes of data.
64 bytes from 10.10.240.149: icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from 10.10.240.149: icmp_seq=2 ttl=64 time=0.042 ms
^C
--- 10.10.240.149 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1040ms
rtt min/avg/max/mdev = 0.042/0.047/0.052/0.005 ms

在用arping验证下10.10.240.149的mac地址

[root@linuxea.com146 ~]# ip netns exec linuxea-r1 arping -I eth0 10.10.240.149
ARPING 10.10.240.149 from 10.10.240.148 eth0
Unicast reply from 10.10.240.149 [26:FB:90:88:02:91]  0.532ms
Unicast reply from 10.10.240.149 [26:FB:90:88:02:91]  0.531ms
Unicast reply from 10.10.240.149 [26:FB:90:88:02:91]  0.533ms
^CSent 3 probes (1 broadcast(s))
Received 3 response(s)

当然, 这是没有问题的

那么,此前我们知道,默认是有三种网络,bridge,host,none,默认就是bridge,那也就是说指定网络就剩下host和none

II. none

none就是不创建网络设备

[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network none --rm alpine
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

III. bridge

我们回到默认的bridge

[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network bridge --rm alpine
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # 

但使用hostname查看,你会发现

/ # hostname
bd95e817b0a6

这里的主机名和使用docker ps -a查看的CONTAINER ID一样,这个id是随机生成的。

当然, 也可以使用命令注入主机名到容器内,使用-h,如下:

[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network none --rm -h linuxea.com alpine
/ # hostname 
linuxea.com

如果这个主机需要通过主机名访问其他主机,可以通过DNS解析/etc/resolv.conf/etc/hosts文件

也可以进行run的时候注入--dns,如下:

[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network none --rm -h linuxea.com --dns 4.4.4.4  alpine
/ # cat /etc/resolv.conf 
nameserver 4.4.4.4

也可以设置search,--dns-search

[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network none --rm -h linuxea.com --dns 4.4.4.4 --dns-search linuxea.com  alpine
/ # cat /etc/resolv.conf 
search linuxea.com
nameserver 4.4.4.4

甚至于可以在添加hosts,--add-host

[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network none --rm -h linuxea.com --dns 4.4.4.4 --dns-search linuxea.com --add-host linuxea.com:9.9.9.9  alpine
/ # cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
9.9.9.9 linuxea.com
1 分享

您可以选择一种方式赞助本站

支付宝扫码赞助

支付宝扫码赞助

日期: 2019-01-03分类: Docker

标签: 白话容器

发表评论