一.单台宿主机,两个不同网段的容器能够通信
1.创建自定义的网络
- 先查看已有的网络,防止重名
docker network ls
[root@rocky86 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f74257ad041f bridge bridge local
febf075940dc host host local
6d24e1d0923e none null local
- 然后创建
docker network create -d bridge --subnet 172.18.2.0/24 --gateway 172.18.2.1 test
- 再次查看docker网络,多了一个叫test的桥接网络
[root@rocky86 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f74257ad041f bridge bridge local
febf075940dc host host local
6d24e1d0923e none null local
5fc7082cb626 test bridge local
- 删除自定义的网络,如果有需要在删除
docker network rm test
2.利用自定义的网络创建容器b1
docker run -it --rm --name b1 --network test alpine sh
- 查看ip ,得到ip
[root@rocky86 ~]# docker run -it --rm --name b1 --network test alpine sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:02:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.2.2/24 brd 172.18.2.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
3.默认网络创建容器b2
docker run -it --rm --name b2 alpine sh
- 查看ip,并ping b1的ip ,ping 172.18.2.2,发现ping不通
[root@rocky86 ~]# docker run -it --rm --name b2 alpine sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
37: eth0@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:1e:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.30.0.2/24 brd 172.30.0.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 172.18.2.2
PING 172.18.2.2 (172.18.2.2): 56 data bytes
^C
4.让默认网络中容器b2可以连通自定义网络test的容器b1
- 指定容器b2连接容器b1的自定义网络test 但是只能单向,只能b2访问b1
- 相当于b2新增了一块网卡
docker network connect test b2
- 要是双向,则指定容器b1连接容器b2的网络
docker network connect bridge b1
5.然后默认网络中容器b2再次ping自定义网络test的容器b1,发现可以连通
/ # ping 172.18.2.2
PING 172.18.2.2 (172.18.2.2): 56 data bytes
64 bytes from 172.18.2.2: seq=0 ttl=64 time=0.159 ms
64 bytes from 172.18.2.2: seq=1 ttl=64 time=0.076 ms
^C
6.断开网络
docker network disconnect bridge b1
docker network disconnect test b2
二.两台宿主机,两个不同网段的容器能够通信
- 这种方式不建议,太麻烦了
- A宿主机10.0.0.150 启动的容器b1 172.30.0.2
- B宿主机10.0.0.156 启动的容器b2 172.40.0.2
1.两台宿主机启动一台容器
- A宿主机
docker run -it --name b1 busybox sh
[root@rocky86 ~]# docker run -it --name b1 busybox sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:1e:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.30.0.2/24 brd 172.30.0.255 scope global eth0
valid_lft forever preferred_lft forever
- B宿主机
docker run -it --name b2 busybox sh
[root@rocky86 ~]# docker run -it --name b2 busybox sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:28:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.40.0.2/24 brd 172.40.0.255 scope global eth0
valid_lft forever preferred_lft forever
2.A宿主机b1 ping b2
PING 172.40.0.2 (172.40.0.2): 56 data bytes
^C
--- 172.40.0.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
3.双方各加路由
- A宿主机
route add -net 172.40.0.0/16 gw 10.0.0.156
- B宿主机
route add -net 172.30.0.0/16 gw 10.0.0.150
- 删除路由(这步不用做)
- A宿主机
route del -net 172.40.0.0/16 gw 10.0.0.156
- B宿主机
route del -net 172.30.0.0/16 gw 10.0.0.150
4. 修改防火墙
- A宿主机 B宿主机都要修改
- 修改FORWARD默认规则
iptables -P FORWARD ACCEPT
- 再次A宿主机
- b1 ping b2 发现可以ping 同
[root@rocky86 ~]# docker run -it --name b1 busybox sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:1e:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.30.0.2/24 brd 172.30.0.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 172.40.0.2
PING 172.40.0.2 (172.40.0.2): 56 data bytes
^C
/ # ping 172.40.0.2
PING 172.40.0.2 (172.40.0.2): 56 data bytes
64 bytes from 172.40.0.2: seq=0 ttl=62 time=0.569 ms
64 bytes from 172.40.0.2: seq=1 ttl=62 time=2.748 ms
^C
三.通过物理网卡加入网桥的方法实现不同主机间的容器互相ping通
- 变成下图,即可
1.两台都添加bridge30
docker network create -d bridge --subnet 172.30.0.0/16 --gateway 172.30.0.1 bridge30
- A宿主机
docker run --net bridge30 --ip 172.30.0.100 -it --name c1 busybox sh
- B宿主机
docker run --net bridge30 --ip 172.30.0.200 -it --name c2 busybox sh
2.安装brctl和查看网桥名字
apt install bridge-utils
- 查看网桥名字
brctl show
- A宿主机
root@ubuntu20:~# brctl show
bridge name bridge id STP enabled interfaces
br-8e9f6c9200ef 8000.0242358675fa no vethbe51c8e
docker0 8000.0242ee7d3285 no
- B宿主机
root@ub20:~# brctl show
bridge name bridge id STP enabled interfaces
br-fd175e562d51 8000.0242ccaaaa49 no vethd869e45
docker0 8000.02427734c2f9 no
3.将物理网卡加入网桥中
- A宿主机
- br-8e9f6c9200ef #网桥名字 ens33 #物理网卡
- 将物理网卡加入网桥中
brctl addif br-8e9f6c9200ef ens33
- 再次查看网桥,发现加入成功
brctl show
root@ubuntu20:~# brctl show
bridge name bridge id STP enabled interfaces
br-8e9f6c9200ef 8000.0242358675fa no ens33
vethbe51c8e
docker0 8000.0242ee7d3285 no
- B宿主机
- br-fd175e562d51 #网桥名字 ens33 #物理网卡
- 将物理网卡加入网桥中
brctl addif br-fd175e562d51 ens33
- 再次查看网桥,发现加入成功
brctl show
root@ub20:~# brctl show
bridge name bridge id STP enabled interfaces
br-fd175e562d51 8000.0242ccaaaa49 no ens33
vethd869e45
docker0 8000.02427734c2f9 no
4.测试容器间的网络
- 再次容器c1与c2互ping,发现可以ping通
/ # ping 172.30.0.100
PING 172.30.0.100 (172.30.0.100): 56 data bytes
64 bytes from 172.30.0.100: seq=0 ttl=64 time=0.323 ms
^C
/ # ping 172.30.0.200
PING 172.30.0.200 (172.30.0.200): 56 data bytes
64 bytes from 172.30.0.200: seq=0 ttl=64 time=0.590 ms
^C
5.将物理网卡移除网桥
- 不移除的话,会出现scrt等连不上rocky8
- A宿主机
brctl delif br-8e9f6c9200ef ens33
- B宿主机
brctl delif br-fd175e562d51 ens33