Costa Chen
2023-06-15|閱讀時間 ‧ 約 16 分鐘

認識 Docker bridge network

    Docker network 會影響 Container:
    1. 是否可以透過網路存取其它的 Container。
    2. 是否可以存取網際網路(Internet)。
    3. 是否可以存取實體網路(Physical Network)。
    這篇文章會介紹 Docker bridge network。

    Docker bridge network 的目的

    Isolation 就是 Docker bridget network 的目的。就像是規劃公司的網路一樣,對不同部門規劃不同的網段(subnet),財務部的電腦都在 subnet-1 上;營運部的電腦都在 subnet-2;開發部的電腦都在 subnet-3 上。
    這樣的規劃有以下好處:
    1. 安全性:不同部門的電腦互相存取。
    2. 效率:封包僅在一個網段上運行,不影響別的部門。
    建立一個 Docker bridge network 就很像建立一個網段,在該網段上的 Container 可以互相溝通,但是不同網段上的 Container 無法溝通。

    使用 Docker bridge network

    建立新的 bridge network,名字是 alpine-net: 
    docker network create --driver bridge alpine-net
    檢視當下的網路,可以看到 apline-net bridge network 成功建立: 
    $ docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    e9261a8c9a19        alpine-net          bridge              local
    17e324f45964        bridge              bridge              local
    6ed54d316334        host                host                local
    7092879f2cc8        none                null                local
    建立以下 Container:
    1. alpine1 在 alpine-net 上。
    2. alpine2 在 alpine-net 上。
    3. alpine3 在 default bridge 上。
    4. alpine4 在 alpine-net, default bridge 上。 
    docker run -dit --name alpine1 --network alpine-net alpine ash
    docker run -dit --name alpine2 --network alpine-net alpine ash
    docker run -dit --name alpine3 alpine ash
    docker run -dit --name alpine4 --network alpine-net alpine ash
    docker network connect bridge alpine4
    檢視 Container 是否正常運行,4 個 container 都正常運行: 
    $ docker container ls
    CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
    156849ccd902        alpine              "ash"               41 seconds ago       Up 41 seconds                           alpine4
    fa1340b8d83e        alpine              "ash"               51 seconds ago       Up 51 seconds                           alpine3
    a535d969081e        alpine              "ash"               About a minute ago   Up About a minute                       alpine2
    0a02c449a6e9        alpine              "ash"               About a minute ago   Up About a minute                       alpine1
    檢視 default bridge network,從 Containers 欄位可以看到 alpine3, alpine4 都在 default bridge 上: 
    docker network inspect bridge

    [
        {
            "Name": "bridge",
         ...
            "IPAM": {
                "Driver": "default",
                "Options": null,
                "Config": [
                    {
                        "Subnet": "172.17.0.0/16",
                        "Gateway": "172.17.0.1"
                    }
                ]
            },
         ...
            "Containers": {
                "156849ccd902b812b7d17f05d2d81532ccebe5bf788c9a79de63e12bb92fc621": {
                    "Name": "alpine4",
                    "EndpointID": "7277c5183f0da5148b33d05f329371fce7befc5282d2619cfb23690b2adf467d",
                    "MacAddress": "02:42:ac:11:00:03",
                    "IPv4Address": "172.17.0.3/16",
                    "IPv6Address": ""
                },
                "fa1340b8d83eef5497166951184ad3691eb48678a3664608ec448a687b047c53": {
                    "Name": "alpine3",
                    "EndpointID": "5ae767367dcbebc712c02d49556285e888819d4da6b69d88cd1b0d52a83af95f",
                    "MacAddress": "02:42:ac:11:00:02",
                    "IPv4Address": "172.17.0.2/16",
                    "IPv6Address": ""
                }
            },
            "Options": {
                "com.docker.network.bridge.default_bridge": "true",
                "com.docker.network.bridge.enable_icc": "true",
                "com.docker.network.bridge.enable_ip_masquerade": "true",
                "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
                "com.docker.network.bridge.name": "docker0",
                "com.docker.network.driver.mtu": "1500"
            },
            "Labels": {}
        }
    ]
    從 Containers 可以看到 alpine1, 2, 4 都到 alpine-net network 上: 
    docker network inspect alpine-net

    [
        {
            "Name": "alpine-net",
            ...
            "IPAM": {
                "Driver": "default",
                "Options": {},
                "Config": [
                    {
                        "Subnet": "172.18.0.0/16",
                        "Gateway": "172.18.0.1"
                    }
                ]
            },
            ...
            "Containers": {
                "0a02c449a6e9a15113c51ab2681d72749548fb9f78fae4493e3b2e4e74199c4a": {
                    "Name": "alpine1",
                    "EndpointID": "c83621678eff9628f4e2d52baf82c49f974c36c05cba152db4c131e8e7a64673",
                    "MacAddress": "02:42:ac:12:00:02",
                    "IPv4Address": "172.18.0.2/16",
                    "IPv6Address": ""
                },
                "156849ccd902b812b7d17f05d2d81532ccebe5bf788c9a79de63e12bb92fc621": {
                    "Name": "alpine4",
                    "EndpointID": "058bc6a5e9272b532ef9a6ea6d7f3db4c37527ae2625d1cd1421580fd0731954",
                    "MacAddress": "02:42:ac:12:00:04",
                    "IPv4Address": "172.18.0.4/16",
                    "IPv6Address": ""
                },
                "a535d969081e003a149be8917631215616d9401edcb4d35d53f00e75ea1db653": {
                    "Name": "alpine2",
                    "EndpointID": "198f3141ccf2e7dba67bce358d7b71a07c5488e3867d8b7ad55a4c695ebb8740",
                    "MacAddress": "02:42:ac:12:00:03",
                    "IPv4Address": "172.18.0.3/16",
                    "IPv6Address": ""
                }
            },
            "Options": {},
            "Labels": {}
        }
    ]
    用 alpine1 container,測試是否可以透過 container name: alpine2 溝通,結果是可正常溝通(在相同的 bridge network,所以可以溝通): 
    $ docker container attach alpine1
    # ping -c 2 alpine2
    PING alpine2 (172.18.0.3): 56 data bytes
    64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.085 ms
    64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.090 ms
    --- alpine2 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 0.085/0.087/0.090 ms
    用 alpine1 container 測試是否可以和 alpine3 container 溝通,結果是不能(因為在不同的 bridge network): 
    # ping -c 2 alpine3
    ping: bad address 'alpine3'
    用 alpine4 container 測試連線,可以和 apline1 溝通(都在 alpine-net bridget network 上); 
    $ docker container attach alpine4
    # ping -c 2 alpine1
    PING alpine1 (172.18.0.2): 56 data bytes
    64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.074 ms
    64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.082 ms
    --- alpine1 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 0.074/0.078/0.082 ms
    分享至
    成為作者繼續創作的動力吧!
    Costa Chen
    追蹤
    Costa Chen
    追蹤
    從 Google News 追蹤更多 vocus 的最新精選內容從 Google News 追蹤更多 vocus 的最新精選內容

    作者的相關文章

    C# 工匠的 DevOps 旅程 的其他內容

    你可能也想看

    發表回應

    成為會員 後即可發表留言
    © 2024 vocus All rights reserved.