Docker容器网络前提提要

docker exec -it kvstor1 /bin/sh   ##【进入一个redis容器】

docker exec -it web1 /bin/sh   ##【进入一个nginx容器】

###docker网络管理

##网络命令

[root@localhost ~]# ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
       ip [ -force ] -batch filename
where  OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
                   tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
                   netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
                   vrf }
       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
                    -h[uman-readable] | -iec |
                    -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
                    -4 | -6 | -I | -D | -B | -0 |
                    -l[oops] { maximum-addr-flush-attempts } | -br[ief] |
                    -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
                    -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}

[root@localhost ~]# ip netns help
Usage: ip netns list
       ip netns add NAME
       ip netns set NAME NETNSID
       ip [-all] netns delete [NAME]
       ip netns identify [PID]
       ip netns pids NAME
       ip [-all] netns exec [NAME] cmd ...
       ip netns monitor
       ip netns list-id

[root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.166  netmask 255.255.255.0  broadcast 192.168.163.255
        inet6 fe80::c6bd:2a97:fd69:bcb  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:b3:14:bf  txqueuelen 1000  (Ethernet)
        RX packets 843  bytes 61473 (60.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 256  bytes 29536 (28.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:71:f8:50  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

#设置虚拟区域

[root@localhost ~]# ip netns add r1
[root@localhost ~]# ip netns add r2
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# ip netns list
r2
r1

[root@localhost ~]# ip netns exec r1 ifconfig
[root@localhost ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK>  mtu 65536
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# ip netns exec r2 ifconfig -a
lo: flags=8<LOOPBACK>  mtu 65536
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

#增加虚拟网卡相关命令

[root@localhost ~]# ip link help
Usage: ip link add [link DEV] [ name ] NAME
                   [ txqueuelen PACKETS ]
                   [ address LLADDR ]
                   [ broadcast LLADDR ]
                   [ mtu MTU ] [index IDX ]
                   [ numtxqueues QUEUE_COUNT ]
                   [ numrxqueues QUEUE_COUNT ]
                   type TYPE [ ARGS ]

       ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]

       ip link set { DEVICE | dev DEVICE | group DEVGROUP }
                      [ { up | down } ]
                      [ type TYPE ARGS ]
                      [ arp { on | off } ]
                      [ dynamic { on | off } ]
                      [ multicast { on | off } ]
                      [ allmulticast { on | off } ]
                      [ promisc { on | off } ]
                      [ trailers { on | off } ]
                      [ carrier { on | off } ]
                      [ txqueuelen PACKETS ]
                      [ name NEWNAME ]
                      [ address LLADDR ]
                      [ broadcast LLADDR ]
                      [ mtu MTU ]
                      [ netns { PID | NAME } ]
                      [ link-netnsid ID ]
              [ alias NAME ]
                      [ vf NUM [ mac LLADDR ]
                   [ vlan VLANID [ qos VLAN-QOS ] [ proto VLAN-PROTO ] ]
                   [ rate TXRATE ]
                   [ max_tx_rate TXRATE ]
                   [ min_tx_rate TXRATE ]
                   [ spoofchk { on | off} ]
                   [ query_rss { on | off} ]
                   [ state { auto | enable | disable} ] ]
                   [ trust { on | off} ] ]
                   [ node_guid { eui64 } ]
                   [ port_guid { eui64 } ]
              [ xdp { off |
                  object FILE [ section NAME ] [ verbose ] |
                  pinned FILE } ]
              [ master DEVICE ][ vrf NAME ]
              [ nomaster ]
              [ addrgenmode { eui64 | none | stable_secret | random } ]
                      [ protodown { on | off } ]

       ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE]

       ip link xstats type TYPE [ ARGS ]

       ip link afstats [ dev DEVICE ]

       ip link help [ TYPE ]

TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |
          bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |
          gre | gretap | ip6gre | ip6gretap | vti | nlmon | team_slave |
          bond_slave | ipvlan | geneve | bridge_slave | vrf | macsec }

#操作

[root@localhost ~]# ip link show   ##未增加前
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:b3:14:bf brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:71:f8:50 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:71:f8:50 brd ff:ff:ff:ff:ff:ff

[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# ip link show  ##增加后
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:b3:14:bf brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:71:f8:50 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:71:f8:50 brd ff:ff:ff:ff:ff:ff
5: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 2a:af:6b:95:fe:a7 brd ff:ff:ff:ff:ff:ff
6: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 72:bc:29:d1:c8:50 brd ff:ff:ff:ff:ff:ff

[root@localhost ~]# ip link set dev veth1.2 netns r1  ##把网卡放在区域1

[root@localhost ~]# ip netns exec r1 ifconfig -a  ##未激活
lo: flags=8<LOOPBACK>  mtu 65536
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth1.2: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 2a:af:6b:95:fe:a7  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# ifconfig veth1.1 10.1.0.1/24 up  ##激活
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.163.166  netmask 255.255.255.0  broadcast 192.168.163.255
        inet6 fe80::c6bd:2a97:fd69:bcb  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:b3:14:bf  txqueuelen 1000  (Ethernet)
        RX packets 2717  bytes 187497 (183.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 774  bytes 92894 (90.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth1.1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.1.0.1  netmask 255.255.255.0  broadcast 10.1.0.255
        ether 72:bc:29:d1:c8:50  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:71:f8:50  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# ip netns exec r1 ifconfig veth1.2 10.1.0.2/24 up  ##区域1的网卡也激活
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# ip netns exec r1 ifconfig
veth1.2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.0.2  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe80::28af:6bff:fe95:fea7  prefixlen 64  scopeid 0x20<link>
        ether 2a:af:6b:95:fe:a7  txqueuelen 1000  (Ethernet)
        RX packets 14  bytes 1766 (1.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 656 (656.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# ping 10.1.0.2  ##veth1.1和区域1的网卡veth1.2通信
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.108 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.079 ms
64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.040 ms

##操作2

[root@localhost ~]# ip link set dev veth1.1 netns r2  ##将网卡移向区域2

[root@localhost ~]# ip netns exec r2 ifconfig veth1.1 10.1.0.3/24 up  ##在区域2激活网卡

[root@localhost ~]# ip netns exec r2 ifconfig
veth1.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.0.3  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe80::70bc:29ff:fed1:c850  prefixlen 64  scopeid 0x20<link>
        ether 72:bc:29:d1:c8:50  txqueuelen 1000  (Ethernet)
        RX packets 13  bytes 1034 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27  bytes 2800 (2.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# ip netns exec r2 ping 10.1.0.2  ##区域2的ping区域1的网卡
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.049 ms