跳至主要內容

host和none网络

添码座原创大约 3 分钟CI&CDDockerCI&CDDocker

创建一个使用bridge网络的容器box1

> docker run -d --rm --name box1 busybox /bin/sh -c "while true; do sleep 3600; done"

创建一个使用host网络的容器box2

> docker run -d --rm --name box2 --network host busybox /bin/sh -c "while true; do sleep 3600; done"

查看box1的详情。

> docker inspect box1
> docker exec -it box1 sh
"Networks": {
    "bridge": {
        "IPAMConfig": null,
        "Links": null,
        "Aliases": null,
        "NetworkID": "708ad429f52de0c2efc2a7a993e66558f2704e4c508b3ab3edc77b2f22b0d2cd",
        "EndpointID": "5d68b91d8a2f447ad782f0338e155a29e20f3c46447cdce0d290abb78af75c8c",
        "Gateway": "172.17.0.1",
        "IPAddress": "172.17.0.2",
        "IPPrefixLen": 16,
        "IPv6Gateway": "",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "MacAddress": "02:42:ac:11:00:02",
        "DriverOpts": null
    }
}

进入容器box1

/> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
376: eth0@if377: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

查看box2的详情。

> docker inspect box2
"Networks": {
    "host": {
        "IPAMConfig": null,
        "Links": null,
        "Aliases": null,
        "NetworkID": "6cd9d1f477629b564b5a271dbc3acb2335ab33fecb9a1b51d5e2c99061acad3a",
        "EndpointID": "0a6374a95f4641f7c45f4afdb42f7f44ba6f2aea52dc181142bbfbaee6988adc",
        "Gateway": "",
        "IPAddress": "",
        "IPPrefixLen": 0,
        "IPv6Gateway": "",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "MacAddress": "",
        "DriverOpts": null
    }
}

进入容器box2

/> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:20:ec:b4 brd ff:ff:ff:ff:ff:ff
    inet 172.16.185.166/24 brd 172.16.185.255 scope global dynamic noprefixroute ens33
       valid_lft 1525sec preferred_lft 1525sec
    inet6 fe80::250:56ff:fe20:ecb4/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue qlen 1000
    link/ether 52:54:00:24:35:e0 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 qlen 1000
    link/ether 52:54:00:24:35:e0 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
    link/ether 02:42:66:e4:99:1b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:66ff:fee4:991b/64 scope link 
       valid_lft forever preferred_lft forever
360: br-7984433eed3c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue 
    link/ether 02:42:8f:88:ab:0c brd ff:ff:ff:ff:ff:ff
367: br-350f49ef3d90: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue 
    link/ether 02:42:19:8f:7e:eb brd ff:ff:ff:ff:ff:ff
377: veth6c191e0@if376: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master docker0 
    link/ether 2a:0a:a3:68:33:38 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::280a:a3ff:fe68:3338/64 scope link 
       valid_lft forever preferred_lft forever

可以看到,box2完全就是宿主机(虚拟机)的网络配置。

因此,host接口就是让容器和宿主机共享同一个网络。

删除box1box2,分别创建Nginx容器web1web2

> docker run -d --name web1 nginx
> docker run -d --name web2 --network host nginx
CONTAINER ID   IMAGE     COMMAND                   	CREATED         	STATUS         	PORTS     	NAMES
7cbe860a00f2   nginx     "/docker-entrypoint.…"   	2 seconds ago   	Up 1 second              		web2
ae44245bea81   nginx     "/docker-entrypoint.…"   	2 minutes ago   	Up 2 minutes   	80/tcp    	web1

web2没有显示出端口信息。

这说明:web2直接把80端口监听到了宿主机的80端口上,而没有经过端口转发。

none网络极少使用。

创建一个使用none网络的box3。

> docker run -d --rm --name box3 --network none busybox /bin/sh -c "while true; do sleep 3600; done"
CONTAINER ID   IMAGE     COMMAND                   	CREATED         STATUS         	PORTS     	NAMES
acae4f221fd2   busybox   "/bin/sh -c 'while t…"   	2 seconds ago   Up 1 second             		box3

box3同样没有端口,同时查看其网络详情。

> docker inspect box3
"Networks": {
    “none”: {
        "IPAMConfig": null,
        "Links": null,
        "Aliases": null,
        "NetworkID": "9a820ca021936012be7f61e908932ba19cdfdcb45410347f65f68b0c254fcdaf",
        "EndpointID": "b6a5d9392612f66139ab29ba2246d40f9940bc93fb8071f3a499b86a7bb5912f",
        "Gateway": "",
        "IPAddress": "",
        "IPPrefixLen": 0,
        "IPv6Gateway": "",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "MacAddress": "",
        "DriverOpts": null
    }
}

它和host非常相似,然后进到容器中查看ip

> docker exec -it box3 sh
/> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

除了本地127.0.0.1回环地址,什么都没有。

这类网络一般用于第三方服务,编排容器,仅利用容器的功能,但是无需网络通信。



感谢支持

更多内容,请移步《超级个体》