Linux中的網(wǎng)卡
1. 查看網(wǎng)卡
ip link show
ip a
2. 網(wǎng)卡
2.1 ip a 解讀
狀態(tài): UP/DOWN/UNKOWN等
link/ether: MAC地址
inet: 綁定的ip地址
2.2 配置文件
在Linux中網(wǎng)卡對應(yīng)的其實就是文件,所以找到對應(yīng)的網(wǎng)卡文件即可
比如:cat /etc/sysconfig/network-scripts/ifcfg-eth0
2.3 給網(wǎng)卡添加IP地址
當然确憨,這塊可以直接修改ifcfg-*文件废离,但是我們通過命令添加試試
(1)ip addr add 192.168.0.100/24 dev eth0
(2)刪除IP地址
ip addr delete 192.168.0.100/24 dev eth0
2.4 網(wǎng)卡啟動與關(guān)閉
重啟網(wǎng)卡 :service network restart / systemctl restart network
啟動/關(guān)閉某個網(wǎng)卡 :ifup/ifdown eth0 or ip link set eth0 up/down
在linux上,網(wǎng)絡(luò)的隔離是通過network namespace來管理的,不同的network namespace是互相隔離的
ip netns list:查看當前機器上的network namespace
network namespace的管理
ip netns list #查看
ip netns add ns1 #添加
ip netns delete ns1 #刪除
Network Namespace
1.1 namespace實戰(zhàn)
(1)創(chuàng)建一個network namespace
ip netns add ns1
(2)查看該namespace下網(wǎng)卡的情況
ip netns exec ns1 ip a
(3)啟動ns1上的lo網(wǎng)卡
ip netns exec ns1 ifup lo
or
ip netns exec ns1 ip link set lo up
(4)再次查看 可以發(fā)現(xiàn)state變成了UNKOWN
ip netns exec ns1 ip a
(5)再次創(chuàng)建一個network namespace
ip netns add ns2
(6)此時想讓兩個namespace網(wǎng)絡(luò)連通起來
veth pair :Virtual Ethernet Pair缀踪,是一個成對的端口井氢,可以實現(xiàn)上述功能
(7)創(chuàng)建一對link,也就是接下來要通過veth pair連接的link
ip link add veth-ns1 type veth peer name veth-ns2
(8)查看link情況
ip link
(9)將veth-ns1加入ns1中裙椭,將veth-ns2加入ns2中
ip link set veth-ns1 netns ns1
ip link set veth-ns2 netns ns2
(10)查看宿主機和ns1躏哩,ns2的link情況
ip link
ip netns exec ns1 ip link
ip netns exec ns2 ip link
(11)此時veth-ns1和veth-ns2還沒有ip地址,顯然通信還缺少點條件
ip netns exec ns1 ip addr add 192.168.0.11/24 dev veth-ns1
ip netns exec ns2 ip addr add 192.168.0.12/24 dev veth-ns2
container網(wǎng)絡(luò)-Bridge
1 docker0默認bridge
(1)查看centos的網(wǎng)絡(luò):ip a揉燃,可以發(fā)現(xiàn)
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:43:7b:1b:bd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:43ff:fe7b:1bbd/64 scope link
valid_lft forever preferred_lft forever
(2)查看容器tomcat01的網(wǎng)絡(luò):docker exec -it tomcat01 ip a扫尺,可以發(fā)現(xiàn)
[root@bogon ~]# docker exec -it tomcat01 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
(3)在centos中ping一下tomcat01的網(wǎng)絡(luò),發(fā)現(xiàn)可以ping通
[root@bogon ~]# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.120 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.060 ms
(3)既然可以ping通炊汤,而且centos和tomcat1又屬于不同的network namespace正驻,是怎么連接的?
很顯然抢腐,跟之前的network namespace實戰(zhàn)是一樣的姑曙,畫個圖
(4)也就是說,在tomcat01中有一個eth0和centos的docker0中有一個veth3是成對的迈倍,類似于之前實戰(zhàn)中的 veth-ns1和veth-ns2伤靠,不妨再通過一個命令確認下:brctl
安裝一下:yum install bridge-utils
brctl show
(5)那為什么tomcat01和tomcat02能ping通呢?不多說啼染,直接上圖
(5)這種網(wǎng)絡(luò)連接方法我們稱之為Bridge宴合,其實也可以通過命令查看docker中的網(wǎng)絡(luò)模式:docker network ls bridge也是docker中默認的網(wǎng)絡(luò)模式
(6)不妨檢查一下bridge:docker network inspect bridge
"Containers": {
"6ad312b32f62b48935f3c95c58ae061df710bfebbd3d721b467507b9516eeb81": {
"Name": "tomcat02",
"EndpointID": "aa9c612c79f867e874d0cae1aab45374373b61e9cdbe79925d07ae2e89a1cca0",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"f49fc396d8e04f2b330163d91bb5d1482715202b4e2fd0c7f42833722787742a": {
"Name": "tomcat01",
"EndpointID": "c5440b063e8fc0c9c44f3f61bf68f577283417eb23cfa9a361d37973d01a8ba5",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
}
(6)在tomcat01容器中是可以訪問互聯(lián)網(wǎng)的,順便把這張圖畫一下咯提完,NAT是通過iptables實現(xiàn)的
2 創(chuàng)建自己的network
(1)創(chuàng)建一個network形纺,類型為bridge
docker network create tomcat-net
or
docker network create --subnet=172.18.0.0/24 tomcat-net
(2)查看已有的network:docker network ls
NETWORK ID NAME DRIVER SCOPE
a1aad54 bridge bridge local
058bf85 host host local
0601224 none null local
30dd264 tomcat-net bridge local
(3)查看tomcat-net詳情信息:docker network inspect tomcat-net
(4)創(chuàng)建tomcat的容器,并且指定使用tomcat-net
docker run -d --name custom-net-tomcat --network tomcat-net tomcat
(5)查看custom-net-tomcat的網(wǎng)絡(luò)信息
docker exec -it custom-net-tomcat ip a
(6)查看網(wǎng)卡信息
ip a
(7)查看網(wǎng)卡接口
brctl show
bridge name bridge id STP enabled interfaces
br-3012e3afd264 8000.02429780e75d no vethf223a4b
docker0 8000.0242437b1bbd no veth3b72761
veth9d8c470
(8)此時在custom-net-tomcat容器中ping一下tomcat01的ip會如何徒欣?發(fā)現(xiàn)無法ping通
docker exec -it custom-net-tomcat ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
^C
--- 172.17.0.2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms
(9)此時如果tomcat01容器能夠連接到tomcat-net上應(yīng)該就可以咯
docker network connect tomcat-net tomcat01
10)查看tomcat-net網(wǎng)絡(luò)逐样,可以發(fā)現(xiàn)tomcat01這個容器也在其中
(11)此時進入到tomcat01或者custom-net-tomcat中,不僅可以通過ip地址ping通,而且可以通過名字ping 到脂新,這時候因為都連接到了用戶自定義的tomcat-net bridge上
docker exec -it tomcat01 bash
root@f49fc396d8e0:/usr/local/tomcat# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.040 ms
root@f49fc396d8e0:/usr/local/tomcat# ping custom-net-tomcat
PING custom-net-tomcat (172.18.0.2) 56(84) bytes of data.
64 bytes from custom-net-tomcat.tomcat-net (172.18.0.2): icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from custom-net-tomcat.tomcat-net (172.18.0.2): icmp_seq=2 ttl=64 time=0.264 ms
Container端口映射
1 端口映射
(1)創(chuàng)建一個tomcat容器挪捕,名稱為port-tomcat
docker run -d --name port-tomcat tomcat
(2)思考一下要訪問該tomcat怎么做?肯定是通過ip:port方式
docker exec -it port-tomcat bash
curl localhost:8080
(3)那如果要在centos7上訪問呢争便?
docker exec -it port-tomcat ip a ---->得到其ip地址级零,比如172.17.0.4
curl 172.17.0.4:8080
小結(jié) :之所以能夠訪問成功,是因為centos上的docker0連接了port-tomcat的network namespace
(4)那如果要在centos7通過curl localhost方式訪問呢滞乙?顯然就要將port-tomcat的8080端口映射到centos上
docker rm -f port-tomcat
docker run -d --name port-tomcat -p 8090:8080 tomcat
curl localhost:8090
2 折騰
(1)centos7是運行在win10上的虛擬機奏纪,如果想要在win10上通過ip:port方式訪問呢?
#此時需要centos和win網(wǎng)絡(luò)在同一個網(wǎng)段斩启,所以在Vagrantfile文件中
#這種方式等同于橋接網(wǎng)絡(luò)序调。也可以給該網(wǎng)絡(luò)指定使用物理機哪一塊網(wǎng)卡,比如
#config.vm.network"public_network",:bridge=>'en1: Wi-Fi (AirPort)'
config.vm.network"public_network"
centos7: ip a --->192.168.8.118
win10:瀏覽器訪問 192.168.8.118:9080
(2)如果也想把centos7上的8090映射到win10的某個端口呢兔簇?然后瀏覽器訪問localhost:port
#此時需要將centos7上的端口和win10上的端口做映射
config.vm.network"forwarded_port",guest:8098,host:8090
#記得vagrant reload生效一下
win10:瀏覽器訪問 localhost:8098
3 畫個圖強化一下
Container網(wǎng)絡(luò)-Host & None
1 Host
(1)創(chuàng)建一個tomcat容器发绢,并且指定網(wǎng)絡(luò)為Host
docker run -d --name my-tomcat-host --network host tomcat
(2)查看ip地址
docker exec -it my-tomcat-host ip a
可以發(fā)現(xiàn)和centos是一樣的
(3)檢查host網(wǎng)絡(luò)
"Containers": {
"e1f00d47db344b6688e99c0f5b393e232309fbe1a4d9c3fc3e1ce7c107f3312d": {
"Name": "my-tomcat-host",
"EndpointID": "f08456d9dca024cf6f911f8d32329ba2587ea89554c96b77c32698ace6998525",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
}
2 None
(1)創(chuàng)建一個tomcat容器,并且指定網(wǎng)絡(luò)為none
docker run -d --name my-tomcat-none --network none tomcat
(2)查看ip地址
docker exec -it my-tomcat-none ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
(3)檢查none網(wǎng)絡(luò)
"Containers": {
"bb3f0db4fa76a25b5377da9c3bbf087ac7ef0de0a3f9c37a4ae959983d33105c": {
"Name": "my-tomcat-none",
"EndpointID": "26055c08c968f9d6d03d10b3b66dfea004c35f5d2bd4067a2306566973e92f9e",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
}
