Doker Custom Network 2.1 docker default network list ~]# docker network list
The bridge mode is the docker's default network mode, and the Write-net parameter is the bridge mode.When using docker run-p, docker actually makes DNA T rules in iptables to implement port forwarding.You can view it using iptables-t nat-vnL.Ģ. Docker places one end of the veth pair device in the newly created container, named eth0 (the container's network card), and the other end in the host, named vethxxx after a similar name, and adds this network device to the docker0 bridge.You can view it through the brctl show command. When the Docker process starts, a virtual network bridge named docker0 is created on the host, and the Docker container started on the host connects to the virtual network bridge.Virtual bridges work like physical switches so that all containers on the host are connected to a two-tier network through the switches.Īssign an IP from the docker0 subnet to the container for use, and set the IP address of the docker0 as the default gateway for the container.Create a pair of virtual network card veth pair devices on the host. This pattern specifies that the newly created container and an existing container share a Network Namespace instead of sharing it with the host.The newly created container does not create its own network card, configure its own IP, but shares IP, port range, and so on with a specified container.Similarly, the two containers are isolated except for network aspects, such as file systems, process lists, and so on.The processes of the two containers can communicate through the lo network card device. The most advantage of hosts is that network performance is better, but ports already used on docker host can no longer be used and network isolation is poor.
Service ports inside the container can also use the host's port without NAT. If the host mode is used when starting a container, the container will not get a separate Network Namespace but will share a Network Namespace with the host.Containers will not virtual out their own network cards, configure their own IP, etc., but use the host's IP and port.However, other aspects of the container, such as the file system, process list, and so on, are isolated from the host.Ĭontainers using host mode can communicate with the outside world directly using the host's IP address. Share a network namespace between containersĬontainers have separate network namespaces but do not have any network settings for them, such as assigning Veth pairs and bridge connections, configuring IP, and so on.
Four Network Modes of Docker Network modeĬontainer shares a network namespace and network protocol stack with host
0 kommentar(er)
