配置Docker的网络模型—none

配置Docker的网络模型—none

在启动容器时指定—net=none，表明在启动的Container中不配置任何网络信息，启动后看到的Container内的信息如下所示：没有eth0接口只有一个lo回环接口。但还是有自己独立的network namespace。
root@10-10-63-106 ~]# docker run -i -t --rm--net=none centos6.3-base-v2 /bin/bash

[root@4685a85d0e11/]# ifconfig

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

docker run -i -t --rm --net=nonefrankzfz/centos6.3-base-v1 /bin/bash

[root@0861fd7f405a /]# ifconfig

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

获取容器的进程号，

[root@10-10-63-106 ~]# docker inspect -f'{{.State.Pid}}' 0861fd7f405a

695

[root@10-10-63-106 ~]# docker inspect -f'{{.State.Pid}}' 4685a85d0e11

638

创建网络命名空间的跟踪文件

[root@10-10-63-106 ~]# mkdir -p/var/run/netns

[root@10-10-63-106 ~]# ln -s/proc/695/ns/net /var/run/netns/695

[root@10-10-63-106 ~]# ln -s/proc/638/ns/net /var/run/netns/638

创建一对peer接口，A指定为Container_ID=0861fd7f405a的接口名，B指定为Container_ID=4685a85d0e11，并添加路由信息，他们的下一跳都是指向对端IP地址。

[root@10-10-63-106 ~]# ip link add A typeveth peer name B

[root@10-10-63-106 ~]# ip link set A netns695

[root@10-10-63-106 ~]# ip netns exec 695 ipaddr add 10.1.1.1/32 dev A

[root@10-10-63-106 ~]# ip netns exec 695 iplink set A up

[root@10-10-63-106 ~]# ip netns exec 695 iproute add 10.1.1.2/32 dev A

[root@0861fd7f405a /]# ifconfig

ALink encap:Ethernet HWaddrCA:39:26:CD:24:BD

inet addr:10.1.1.1 Bcast:0.0.0.0Mask:255.255.255.255

UP BROADCAST MULTICASTMTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

[root@10-10-63-106 ~]# ip link set B netns638

[root@10-10-63-106 ~]# ip netns exec 638 ip addr add 10.1.1.2/32 devB

[root@10-10-63-106 ~]# ip netns exec 638 iplink set B up

[root@10-10-63-106 ~]# ip netns exec 638 iproute add 10.1.1.1/32 dev B

[root@4685a85d0e11 /]# ifconfig

BLink encap:Ethernet HWaddrFE:38:13:D9:2F:87

inet addr:10.1.1.2Bcast:0.0.0.0Mask:255.255.255.255

inet6 addr: fe80::fc38:13ff:fed9:2f87/64 Scope:Link

UP BROADCAST RUNNING MULTICASTMTU:1500 Metric:1

RX packets:8 errors:0 dropped:0 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:648 (648.0 b) TXbytes:648 (648.0 b)

loLink encap:Local Loopback

inet addr:127.0.0.1Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNINGMTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:0(0.0 b)

在其中一台Container中ping另一台的IP地址，保证两台Container可以通信。

[root@4685a85d0e11/]# ping 10.1.1.1

PING 10.1.1.1 (10.1.1.1) 56(84) bytes ofdata.

64 bytes from 10.1.1.1: icmp_seq=1 ttl=64time=0.084 ms

64 bytes from 10.1.1.1: icmp_seq=2 ttl=64time=0.071 ms

64 bytes from 10.1.1.1: icmp_seq=3 ttl=64time=0.073 ms

64 bytes from 10.1.1.1: icmp_seq=4 ttl=64time=0.069 ms

^C

--- 10.1.1.1 ping statistics ---

4 packets transmitted, 4 received, 0%packet loss, time 3505ms

rtt min/avg/max/mdev =0.069/0.074/0.084/0.008 ms

参考文献：

https://docs.docker.com/articles/networking/