Test the connectivity of virtual network cards in different namespaces :~# ping 10.0.0.2 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 :~# ifconfig veth1.1 Now that there is only veth1.1 this virtual network card on the host, it has veth1.2 been moved to the ns01 namespace.Ĭonfigure IP addresses for two virtual devices and activate them :~# ifconfig veth1.1 10.0.0.1/24 up :~# ip netns exec ns01 ifconfig eth0 10.0.0.2/24 up :~# ip netns exec ns01 ifconfig TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 :~# ip netns exec ns01 ip link set dev veth1.2 name eth0 # 还可以修改设备名称 :~# ip netns exec ns01 ifconfig -a TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Įther 4a:1c:b7:38:0f:5e txqueuelen 1000 (Ethernet) Link/ether 36:72:d3:88:4c:5d brd ff:ff:ff:ff:ff:ffĪssign a virtual network card to the ns01 namespace :~# ip link set dev veth1.2 netns ns01 :~# ip link showġ: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 Link/ether 4a:1c:b7:38:0f:5e brd ff:ff:ff:ff:ff:ffĤ: : mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
![docker ip multicast docker ip multicast](https://programmer.group/images/article/285d8f268c25133224e831d3504d1920.jpg)
First create two network namespaces :~# ip netns add ns01 :~# ip netns add ns02 :~# ip netns listĬreate a pair of virtual network devices :~# ip link add name veth1.1 type veth peer name veth1.2 :~# ip link show type vethģ: : mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 In order not to affect node01 the environment, open another host node02.
![docker ip multicast docker ip multicast](https://cdn.zymr.com/zymr-w8x/production/wp-content/uploads/2021/04/27140403/Docker-Swarm-Elastic.jpg)
The fourth type: Open container, open network, shared host's network namespace Network namespace exploration The third type: Joined container, federated network, means that multiple containers share the three namespaces of UTC, IPC, and NET, that is, multiple containers have the same host name and the same network device The second type: Bridged container, bridged network, which is the default network method when creating a container The first type: Closed container, which means that this type of container only has a Loopback address and cannot make network-related requests. Indicates that data from 172.17.0.0/16 any address source in the network, if you want to access resources that are not from the docker0 device, that is, access to resources other than the host will do MASQUERADE. Pkts bytes target prot opt in out source destinationĤ 256 DOCKER all - * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALĬhain INPUT (policy ACCEPT 18 packets, 2046 bytes)Ĭhain OUTPUT (policy ACCEPT 1545 packets, 116K bytes)Ġ 0 DOCKER all - * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCALĬhain POSTROUTING (policy ACCEPT 1545 packets, 116K bytes)ģ 202 MASQUERADE all - * !docker0 172.17.0.0/16 0.0.0.0/0Ġ 0 RETURN all - docker0 * 0.0.0.0/0 0.0.0.0/0Īmong them Chain POSTROUTING (policy ACCEPT 1545 packets, 116K bytes) The default is to use iptable to achieve :~# iptables -t nat -vnLĬhain PREROUTING (policy ACCEPT 21 packets, 2248 bytes) If you want to access resources outside the host in the container, address masquerading will be performed. Link/ether 26:8d:9e:92:aa:a6 brd ff:ff:ff:ff:ff:ff link-netnsid 0Ģ1: : mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default Link/ether 02:42:57:49:87:3b brd ff:ff:ff:ff:ff:ffġ3: : mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default Veth9f1b4f7 :~# ip link showģ: docker0: mtu 1500 qdisc noqueue state UP mode DEFAULT group default
#Docker ip multicast install
# 安装网桥管理工具 :~# apt-get install bridge-utils :~# brctl show # 查看网桥īridge name bridge id STP enabled interfaces :~# docker container lsĬONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESį705f6f4779a busybox:latest "sh" 7 minutes ago Up 7 minutes bbox01Ĩ3436ed405c7 busybox-httpd:v0.2 "/bin/httpd -f -h /d…" 45 minutes ago Up 45 minutes httpd-01 The default IP assigned by the virtual network card in the container is within the network 172.17.0.0/16 segment. When you create a container (the default network mode is brigde), it will Create one at the same time 虚拟的网络连接, with one end connected to the container and the other end connected to docker0 the virtual switch. You can think of it as a virtual switch (bridge). There will be a virtual network device on the host where the docker engine is installed docker0.