Docker applications run in a container, between each other or how the communication between the external, which involves knowledge, this sort of content. Due to network face more involved in this, so only from the perspective of everyday use or understand, too professional not explored in depth.
1. Docker default network topology
Docker in Note (2): The managed objects Docker introduced or implemented Docker interconnection between the container and the outer container by some drivers, including Bridge (bridge default virtual form), Host (shared with the host network stack) , overlay (cross-Docker Daemon interconnection between the container), macvlan (mac address assigned to the vessel), none (disabling all network) and so on.
By default, it creates a virtual bridge docker0 when Docker start, can be understood as a software switch. When creating a Docker container when the pair is created at the interface veth pair (when a packet is sent to the interface, another interface may receive the same data packet). This end of the interface in the container, i.e. eth0; forward at the other end and is mounted to the local host docker0 bridge name begins Veth, such veth340c305, docker0 will mount thereon between the network port, enabling mutual communication between the host and the container and between the container and the container. Docker default network topology is as follows:
We can view the network interfaces ifconfig on the host,
By brctl show to see mount the network interface,
~$ brctl show
As can be seen from the above network interface veth340c305, veth6c803b7 hanged on the virtual bridge docker0.
2. container and external interconnection
We start in front of many containers commands have similar add -p 8080: 8080 parameter to specify the host port mapping to the container port, so by accessing the host IP: host port address to access the corresponding service container port. Full format ported to the host IP: host port: the port of the container, wherein both the first two can be taken, or just choose one
IP host: the host port: the port of the container: a designated IP port specified host port mapped to a container, such as 192.168.40.205:8090:8080
Host IP: :Container port: Map a random port of the specified host IP to the container port. If the host has multiple IPs, this format allows you to specify one of the host IPs to be bound with a random port range of 49000~49900
Host port: the port of the container: the host all network interface IP maps to the specified port of the container port, 8090: 8080 is equivalent to 0.0.0.0:8090:8080(0.0.0.0 means that all the network interface address)
Container ID may be used docker port names or port or container docker ps port mapping command to view the situation, such as
~$ docker port test-dev 8080
When the container starts, can be repeatedly used to specify the mapping -p plurality of ports.
If the host port is not particularly specified, it is used -P (upper case) were randomly assigned to a port of the host (in the range of 49,000 ~ 49,900), as docker run -d -P –name test-dev test: dev, then to see the specific mapping to which port the vessel by docker port ID or name of the container port or docker ps command.
3. The interconnection between the container
Container under the same Docker Daemon, between each other through the container can visit each other’s IP (IP how to view the container? Docker inspect containers with name ID or command), the name can be accessed directly through the container between the two containers if you want to achieve, it can be self-built a docker network.
Clear from the name of the container can be accessed by each other through the container custom bridge connection. If desired interconnection between the plurality of containers, can be used Docker Compose.
4. Configuring DNS for Containers
If you want to customize all containers DNS, you can increase the /etc/docker/daemon.json
You can also specify a single container vessel at startup by DNS configuration parameters, – dns = IP_ADDRESS, which will specify the DNS address to the /etc/resolv.conf file container, the container to use this DNS server to resolve all not in the / etc / hostname hosts in.
5. Docker underlying implementations of networks
Container network access control is mainly implemented and managed through the IPtables firewall on Linux.
1. container vessel access the external network to access the external network, you need to, you can view the following command forwarding by forwarding the local system is turned on
All container access to the external network, the source address will be NAT as the IP address of the local system. This is achieved using the source address of iptables camouflage operation,
~# iptables -t nat -nL
The above rules dynamically disguise traffic from all network segments with a source address at 172.17.0.0/16 (the network segment on which the container IP is located) to any network segment (including the external network) as originating from the system network card. The advantage of MASQUERADE and traditional SNAT is that it dynamically obtains addresses from a network card.
2. External access to the container
Specify port mapping via -p or -P to allow external access to container ports, essentially adding appropriate rules to the nat table of the local iptable, such as
~# iptables -t nat -nL
The rule here maps 0.0.0.0, meaning that traffic from the host will be accepted from all network interfaces.
3. There are two conditions that need to be met: 1) whether the container’s network topology is connected. By default, the container is connected to the docker0 bridge, which is connected by default. 2) Whether the firewall iptables of the local system is allowed through. When the container is connected via —link, the corresponding rules are created in iptables.
This article has collated the Docker network knowledge, and should have a certain understanding of the communication mechanism between containers and between containers and outside. In addition to the default network implementation, Docker also provides configuration and customization of the network. For the sake of space, this article describes it here.
Docker Note (a): What is the Docker
Docker Note (2): The Object Management Docker Docker notes (c): Installation and Configuration Docker Docker notes (four): Notes Docker Docker image management (e): a whole image Docker own notes (VI): Management container
Docker notes (seven): Common Services installation –Nginx, MySql, Redis
Docker notes (VIII): Data Management
My micro-channel public number: jboost-ksxy (a technique not only dry numbers of the public are welcome attention, timely access to updates)