Docker containers assign static IP

Recently, because of job requirements need to learn to use Docker, and finally stuck in the network configuration this piece. By default, when the container is started, the Docker container uses bridge policies such as:

Docker Run-ti ubuntu:latest/bin/-ti--net=bridge Ubuntu:latest/bin/bash

Bridge policy, the Docker container automatically assigns us an IP address and connects to Docker0 's bridge. However, there is a problem here, this IP address is not statically allocated, which poses some difficulties for our network management of container instances. Here the author does not want to give a solution directly, because that is not what the egg, understanding the principle, step by step practical walk is.

Readers who have seen Docker's introduction know that Docker uses Cgroup and namespace technology to control and isolate resources. Before you begin, readers need to look at the use of namespace on Linux, and this article does not want to bring in too many other unrelated topics. Now, assuming you already know namespace, you'll want to know how Docker uses namespace to tamper with the web. The general process should be consistent with the following: (The following is just a guess, because the author does not have much time to study its source code)

1. Create a net Namespace netns1.

2, create a pair of Veth, add Peer to netns1, the other end of the connection to the bridge BRIDGE0.

3. Assign IP to these two veth.

4. Use NETNS1 to start the procedure in the container such as/bin/bash.

Unfortunately, the Docker run does not have an option to specify the assigned IP, because the network is really a big problem. Then you have to get your hands on your own.

From the above we know that Docker uses net Namespace,veth and bridge bridges here on the web. Note If you intend to use the IP Netns list to view Docker using that netns when launching the container, you will be disappointed to find that there is no corresponding netns. In fact, not without, but Docker in order to cover up some details, after the initialization work, Docker will remove this netns from the/var/run/netns, we can completely use the following way to get it back to the prototype:

Ln-s/proc/${container ' s pid}/ns/net/var/run/netns/${the ' s name you want to display}
IP Netns List

OK, now let's talk about the idea of assigning a static IP to a container:

1, the--net=none way to start the container, so that the container has its own namespace (this step we can not intervene, so let it go!)

2. Get the process number PID of the container and then use the PID to return its net namespace to prototype.

3, create a bridge0, with the Brctl tool (can be implemented by installing the Bridge-utils tool).

4, create a pair of Veth:vethbridge,vethcontainer, add peer Vethcontainer to the window's net namespace, Vethbridge access to BRIDGE0: Brctl add ...

5, set the IP vethcontainer.

6. Restart the network service of the container.

Take my machine as an example (Deepin kernel 4.5.0)

1. Start the container:

2. Get the process number of the container:

3, according to the process number of the container net namespace back to prototype:

4. Create a bridge BRIDGE0

5, create the Veth, configure the corresponding Veth, and finally restart the container network Service

6, in the container can see the static distribution of ip:192.168.9.10

Note that the container is not yet able to communicate with the host because the host does not have a device to bridge, and if it needs to communicate with the host, you can add a pair of Veth to connect one end to bridge. If the container requires my external communication, you can enable the kernel forwarding and add the appropriate forwarding rules to the iptables.

Docker containers assign static IP