Ubuntu fixed IP configuration and bridging under the Docker

Ubuntu fixed IP configuration and bridging under the Docker

First, Docker's four types of network mode

Docker has four network modes when creating a container, and bridge is not required to be specified by default with--net, while the other three modes need to be specified using--net when creating the container.

Bridge mode, using--net=bridge to specify the default settings.

None mode, specified using--net=none.

Host mode, specified using--net=host.

Container mode, specified with--net=container: container name or ID. (eg:--net=container:30b668ccb630)

Bridge mode: Docker network isolation is based on network namespaces < networksNamespace; When you create a Docker container on a physical machine, a network namespace is assigned to each Docker container. And the container IP is bridged to the virtual Bridge of the physical machine.

None Mode: Creating a container in this mode will not configure any network parameters for the container, such as: Container network card, IP, communication routing, etc., all need to configure themselves.

Host mode: The container created by this mode does not have its own independent network namespace and is shared with a physical machine Network Namespace, and shares all ports and IPs of the physical machine, and this mode is considered unsafe.

Container mode: This mode is similar to the host mode, except that this mode creates the container to share the IP and port of the other container instead of the physical machine, and this mode container itself is not configured with the network and port, after creating this pattern container inside, You will find that the IP inside is the container IP you specified and the ports are shared, and others are isolated, such as processes.

Second, Docker configures its own bridge

1), Custom new bridge

[Email protected]:~# dpkg-l | grep bridge* #查看是否有安装brctl命令包

II Bridge-utils 1.5-6UBUNTU2 AMD64 Utilities for configuring the Linux Ethernet Bridge

[Email protected]:~# apt-get Install bridge-utils #安装brctl命令包

[Email protected]:~# docker-v #docker版本

Docker version 1.5.0, build A8a31ef

[Email protected]:~# ps-ef | grep Docker #正在运行

Root 6834 1 0 16:28? 00:00:00/usr/bin/docker-d

[Email protected]:~# service Docker Stop #停止

[Email protected]:~# ifconfig | grep Docker0 #docker默认网桥

Docker0 Link ENCAP: Ethernet Hardware Address 56:84:7a:fe:97:99

[Email protected]:~# ifconfig Docker0 down #停止docker默认网桥

[Email protected]:~# brctl Show #查看物理机上有哪些网桥

[Email protected]:~# brctl DELBR Docker0 #删除docker默认网桥

[Email protected]:~# brctl ADDBR docker_new0 #自定义网桥

[Email protected]:~# ifconfig docker_new0 192.168.6.1 netmask 255.255.255.0 #给自定义网桥指定IP和子网

[Email protected]:~# ifconfig | grep docker_new0 #查看发现自定义网桥已经启动

Docker_new0 Link ENCAP: Ethernet Hardware Address 0a:5b:26:48:dc:04

inet Address: 192.168.6.1 Broadcast: 192.168.6.255 Mask: 255.255.255.0

[Email protected]:~# echo ' docker_opts= '-b=docker_new0 ' >>/etc/default/docker #指定网桥写入docker配置文件

[Email protected]:~# service Docker start #启动docker

[Email protected]:~# ps-ef | grep Docker #成功启动, and successfully loaded the DOCKER_NEW0

Root 21345 1 0 18:44? 00:00:00/usr/bin/docker-d -b=docker_new0

[Email protected]:~# brctl Show #查看当前网桥下是否有容器连接

Bridge name Bridge ID STP enabled interfaces

Docker_new0 8000.FA3CE276C3B9 No

[Email protected]:~# Docker RUN-ITD Centos:centos6/bin/bash #创建容器测试

[Email protected]:~# docker Attach 7f8ff622237f #进入容器

[Email protected]/]# ifconfig eth0 | grep addr #容器IP已经和自定义网桥一个网段, the container IP is automatically assigned to DHCP and does not belong to the specified fixed IP

Eth0 Link encap:ethernet HWaddr 02:42:c0:a8:06:02

inet addr:192.168.6.2 bcast:0.0.0.0 mask:255.255.255.0

Inet6 ADDR:FE80::42:C0FF:FEA8:602/64 Scope:link

[Email protected]:~# brctl Show #该网桥上已经连接着一个网络设备了

Bridge name Bridge ID STP enabled interfaces

Docker_new0 8000.fa3ce276c3b9 no veth17f560a

Note:veth devices are paired, one end of the container is named Eth0, one end is added to the bridge and named veth17f560a(usually named veth*) , they form a data transmission channel, one end in the end, the Veth device connects two network devices and realizes data communication.

2), pipework configuration docker fixed IP

We do a fixed IP configuration on the basis of custom bridges

Pipework has a drawback is to specify the container fixed IP, if the container restarts, then the fixed IP will disappear, also need to be re-specified, a large container can write a script to complete

[Email protected]:~# wget https://github.com/jpetazzo/pipework/archive/master.zip #下载 Pipework

[Email protected]:~# unzip Master.zip #解压

[Email protected]:~# cp pipework-master/pipework/usr/bin/#拷贝pipework到/usr/bin/

[Email protected]:~# chmod +x/usr/bin/pipework #赋予该命令执行权限

[Email protected]:~# pipework docker_new0-i eth1 $ (Docker run-itd-p 9197:80 Centos:centos6/bin/bash) 192.168.6.27/[ema Il protected] #创建容器 and specify a fixed IP

format:pipework Bridge name-I specify on the NIC configuration < container name or container id> within the specified container ip/subnet @ Gateway Note : container intranet off is the IP of the physical machine bridge

[Email protected]:~# docker Attach 2966430e2dbe #进入新容器

[Email protected]/]# ifconfig #容器内IP为指定的IP 192.168.6.27

Eth0 Link encap:ethernet HWaddr 02:42:c0:a8:06:05

inet addr:192.168.6.7 bcast:0.0.0.0 mask:255.255.255.0 #docker_new0网桥创建容器时DHCP分配的IP

eth1 Link encap:ethernet HWaddr 82:db:f7:a3:33:92

inet addr:192.168.6.27 bcast:0.0.0.0 mask:255.255.255.0 #pipework指定的固定IP, bridge or Docker_new0

[Email protected]/]# route-n #查看路由路径

Kernel IP Routing Table

Destination Gateway genmask Flags Metric Ref use Iface

0.0.0.0 192.168.6.1 0.0.0.0 UG 0 0 0 eth0

192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

[Email protected]/]# Ping www.baidu.com #测试网络

PING www.a.shifen.com (119.75.218.70) bytes of data.

Bytes from 119.75.218.70:icmp_seq=1 ttl=127 time=3.98 ms

Bytes from 119.75.218.70:icmp_seq=2 ttl=127 time=2.98 ms

[Email protected]/]# NETSTAT-ANPTU | grep #容器内80端口已经开启

TCP 0 0::: +:::* LISTEN-

[Email protected]:~# telnet 192.168.6.27 #物理机上测试指定的IP是否和映射的端口等通信正常

Trying 192.168.6.27 ...

Connected to 192.168.6.27.

Escape character is ' ^] '.

[Email protected]:~# iptables-save > Iptables-rules #拷贝防火墙规则到本地文件

[Email protected]:~# vi iptables-rules #打开规则文件查看

You will find that your physical machine firewall automatically added a lot of rules, this is the container to the bridge to the local network card to the public network address translation traffic rules

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/59/C6/wKioL1Thk97Avv7eAATaEAPqUcg495.jpg "title=" 2222222.png "alt=" Wkiol1thk97avv7eaataeapqucg495.jpg "/>

Pipework More command usage please refer to:

Https://github.com/jpetazzo/pipework

This article is from the "on the Road" blog, please be sure to keep this source http://beijing0414.blog.51cto.com/8612563/1614660

Ubuntu fixed IP configuration and bridging under the Docker