Network Management and Network Isolation for Docker Containers

1. Management of Docker Network

1. How Docker containers work

1) Docker Access to External Networks

The Docker container connects to the host's Docker0 bridge to access the external network; by default, the docker0 bridge is automatically added to the docker container.

2) Communication between containers and containers

Administrators are required to create bridges; different containers are connected to the bridges to allow access between containers and containers.

3) External Network Access Container

Communicate through port mapping or synchronizing the docker host network configuration.

2. Mode of Docker Container Network Communication

1)bridge

Default container access for external network communication use; dependent on docker0 bridge.

2)none

A separate network namespace needs to be created for the container; TCP/IP information will not be configured for the created container.

3)container

Containers communicate with containers; containers need to share container namespaces to communicate with different containers.

4)host

Container internal network and host remain synchronized.

3. Configure bridge network communication mode

[root@centos01 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo  
              <!--install centos7 source-->
[root@centos01 ~]# Yum-y install docker <!--install docker-->
[root@centos01 ~]# Systemctl start docker <!--Start docker-->
[root@centos01 ~]# Systemctl enable docker <!--Set docker to start automatically-->
[root@centos01 ~]# Echo "net.ipv4.ip_forward = 1" >/etc/sysctl.conf <!--Turn on routing-->
[root@centos01 ~]# Sysctl-p <!--Refresh Configuration-->
net.ipv4.ip_forward = 1
[root@centos01 ~]# Docker pull hub.c.163.com/public/centos:7.2-tools <!--Download mirror-->
[root@centos01 ~]# Docker images <!--View mirror-->
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
hub.c.163.com/public/centos   7.2-tools           4a4618db62b9        3 years ago         515 MB
[root@centos01 ~]# docker run -d --net=bridge --name centos7.201 hub.c.163.com/public/centos:7.2-tools   
           <!--Configure the container bridge network communication created by the container to access the Internet using-->
b308fb5c097fd455073f2f4a280d2660e6943fe1a62d6409e8ebcd3b86469438
[root@centos01 ~]# Docker PS <!--View running containers-->
CONTAINER ID        IMAGE                                   COMMAND                  CREATED             STATUS              PORTS               NAMES
b308fb5c097f        hub.c.163.com/public/centos:7.2-tools   "/usr/bin/supervisord"   20 seconds ago      Up 19 seconds       22/tcp              centos7.201
[root@centos01 ~]# Ifconfig <!--View Docker host IP address information-->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
[root@centos01 ~]# Docker exec-it centos7.201/bin/bash <!--Log on to centos7.201 container-->
[root@b308fb5c097f /]# Ifconfig <!--View IP address-->
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 0.0.0.0
[root@b308fb5c097f /]# ping www.baidu.com <!--centos7.201 Container ping public network test-->
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18: icmp_seq=1 ttl=50 time=18.4 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=50 time=18.3 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=50 time=16.9 ms
[root@b308fb5c097f /]# Ping 192.168.100.10 <!--ping host IP test-->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.043 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.086 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.150 ms

4. Configure none network communication mode

[root@centos01 ~]# docker run -d --net=none --name centos7.202 hub.c.163.com/public/centos:7.2-tools   
            <!--To configure docker Containers do not need to be connected to the network and cannot communicate-->
e2c4837d67818e7ef4d7cedf964db21d98cabb594d12091d7f69da4e8fb3f30f
[root@centos01 ~]# Docker PS <!--View running containers-->
CONTAINER ID        IMAGE                                   COMMAND                  CREATED             STATUS              PORTS               NAMES
e2c4837d6781        hub.c.163.com/public/centos:7.2-tools   "/usr/bin/supervisord"   57 seconds ago      Up 56 seconds                           centos7.202
b308fb5c097f        hub.c.163.com/public/centos:7.2-tools   "/usr/bin/supervisord"   7 minutes ago       Up 7 minutes        22/tcp              centos7.201
[root@centos01 ~]# Docker exec-it centos7.202/bin/bash <!--Log on to centos7.202 container-->
[root@e2c4837d6781 /]# Ifconfig <!--View IP address-->
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
[root@e2c4837d6781 /]# Ping www.baidu.com <!--ping public network discovery is not correct-->
ping: unknown host www.baidu.com
[root@e2c4837d6781 /]# 
[root@e2c4837d6781 /]# Ping 192.168.100.10 <!--ping host IP address discovery is not correct-->
connect: Network is unreachable

5. Configure host network communication mode

[root@centos01 ~]# docker run -d --net=host --name centos7.203 -v /data1 hub.c.163.com/public/centos:7.2-tools   
       <!--Configure running containers and host network to be synchronized-->
2911358be486720c4ee93c8de22cd77301236f48c5baf22ea63bb3c54450032e
[root@centos01 ~]# Ls/var/lib/docker/volumes/ <!--View the created data volume-->
dc755f3b6036f167471435629918d06264e1c2c6a8b175426fa80da36143a87e  metadata.db
[root@centos01 ~]# Docker PS <!--View running containers-->
CONTAINER ID        IMAGE                                   COMMAND                  CREATED              STATUS              PORTS               NAMES
2911358be486        hub.c.163.com/public/centos:7.2-tools   "/usr/bin/supervisord"   About a minute ago   Up About a minute                       centos7.203
e2c4837d6781        hub.c.163.com/public/centos:7.2-tools   "/usr/bin/supervisord"   15 minutes ago       Up 15 minutes                           centos7.202
b308fb5c097f        hub.c.163.com/public/centos:7.2-tools   "/usr/bin/supervisord"   21 minutes ago       Up 21 minutes       22/tcp              centos7.201
[root@centos01 ~]# Docker exec-itCentos7.203/bin/bash <!--Log on toCentos7.203Container-->
[root@centos01 /]# Ifconfig <!--View IP address-->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.10  netmask 255.255.255.0  broadcast 192.168.100.255

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.126  netmask 255.255.255.0  broadcast 192.168.0.255

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0

vethc39178a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::7c4b:a6ff:fe1c:a37f  prefixlen 64  scopeid 0x20<link>

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
[root@centos01 ~]# Docker exec-itCentos7.203/bin/bash <!--Log onCentos7.203Container-->
[root@centos01 /]# PingWww.baidu.com<!--ping public network test-->
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14: icmp_seq=1 ttl=51 time=20.0 ms
64 bytes from 39.156.66.14: icmp_seq=2 ttl=51 time=19.1 ms
64 bytes from 39.156.66.14: icmp_seq=3 ttl=51 time=15.9 ms
[root@centos01 /]# Ping192.168.100.10<!--ping host IP address test-->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.030 ms
          <!---Centos7.203 erection of tank Nginx-->
[root@centos01 ~]# Cp/mnt/nginx-1.6.0.tar.gz. / <!--Copy Nginx package-->
[root@centos01 ~]# ls 
anaconda-ks.cfg  initial-setup-ks.cfg  nginx-1.6.0.tar.gz
[root@centos01 ~]# cp nginx-1.6.0.tar.gz  /var/lib/docker/volumes/dc755f3b6036f167471435629918d06264e1c2c6a8b175426fa80da36143a87e/_data/  
        <!--take Nginx Compressed packages are shared to through data volumes centos7.203 container-->
[root@centos01 ~]# Docker exec-itCentos7.203/bin/bash <!--Log on toCentos7.203Container-->
[root@centos01 /]# ls
anaconda-post.log  bin  data1  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@centos01 /]# CD data1/ <!--View data shared by hosts-->
[root@centos01 data1]# ls   
nginx-1.6.0.tar.gz
[root@centos01 /]# Yum-y install pcre-devel zlib-devel <!--Install Nginx dependent programs-->
[root@centos01 /]# Useradd-M-s/sbin/nologin nginx <!--Create an administrative Nginx user-->
[root@centos01 /]# Tar zxvf/data1/nginx-1.6.0.tar.gz-C/usr/src/ <!--Unzip the Nginx package-->
[root@centos01 /]#Yum-y install GCC pcre-devel zlib-devel make <!--Install dependencies first-->
[root@centos01 /]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module && make && make install    
               <!--To configure Nginx And compile the installation nginx-->
[root@centos01 nginx-1.6.0]# Ln-s/usr/local/nginx/sbin/nginx/usr/local/sbin/<!--Optimize Nginx execution command-->
[root@centos01 nginx-1.6.0]# echo "www.docker.nginx.com" > /usr/local/nginx/html/index.html           
                      <!--modify Nginx Site Home Page Content-->
[root@centos01 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/  
         <!--stay centos7.203 Start in Container Nginx service-->
[root@centos01 nginx-1.6.0]# Netstat-anptu | grep nginx <!--Listen for Nginx service port number running-->
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6268/nginx: master  
[root@centos01 ~]# CurlHttp://192.168.100.10<!--docker host accessCentos7.203Nginx in container-->
www.docker.nginx.com
[root@centos01 nginx-1.6.0]# cat /usr/local/nginx/logs/access.log    
          <!--See centos7.203 Successful access in container Nginx Log-->
192.168.100.10 - - [12/May/2020:21:42:47 +0800] "GET / HTTP/1.1" 200 21 "-" "curl/7.29.0"

6. Configure docker0 network card parameters

[root@centos01 ~]# Ifconfig <!--View docker host IP address-->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
[root@centos01 ~]# Systemctl stop docker <!--Stop docker service-->
[root@centos01 ~]# IP link set dev docker0 down <!--Stop docker0 bridge-->
[root@centos01 ~]# Brctl delbr docker0 <!--Delete system default docker0 bridge-->
[root@centos01 ~]# Brctl addbr docker0 <!--Create a new bridge named docker0-->
[root@centos01 ~]# IP addr add192.168.20.1/24Dev dokcer0 <!--New Bridge docker0 Configuration IP Address-->
[root@centos01 ~]# IP link set dev docker0 up <!--Start a new docker0 bridge-->
[root@centos01 ~]# vim /etc/docker/daemon.json    
       <!--modify docker Profile Load New Bridge docker0-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]}
{"bip":"192.168.20.1/24"}    <!--Add this line-->
[root@centos01 ~]# Systemctl start docker <!--Start docker service-->
[root@centos01 ~]# Ifconfig <!--View docker host IP details-->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.20.1  netmask 255.255.255.0  broadcast 0.0.0.0
[root@centos01 ~]# Docker run-it-d --name centos7.2v1 hub.c.163.com/public/centos:7.2-tools <!--Create a container to run in the background-->
d0b5392e60cef37f3c44d79a9fb73916720cfc44faa7b73862bee05fb2d6ce7b
[root@centos01 ~]# Docker exec-it centos7.2v1/bin/bash <!--Log on to centos7.2v1 container-->
[root@d0b5392e60ce /]# Ifconfig <!--View IP address details-->
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.20.2  netmask 255.255.255.0  broadcast 0.0.0.0

2. Docker Network Isolation

1. Docker Network Isolation Principle

You need to manage the creation of network space names; load different containers into different network space names for isolation; and do not configure network isolation for docker0 network space names assigned by default to containers.

2. The type of network space name that comes with the Docker container

Bridge: the container bridge is connected to the docker0 bridge;

Host: The container synchronizes the network configuration information of the docker host;

none: The docker container does not need to configure TCP/IP information without creating a network;

3. Configure Docker network namespace isolation

[root@centos01 ~]# Docker network LS <!--View docker's default network namespace-->
NETWORK ID          NAME                DRIVER              SCOPE
8bb953004416        bridge              bridge              local
2c18234cad82        host                host                local
67860e823c36        none                null                local
[root@centos01 ~]# Docker network create-d bridge liyanxin <!--create network namespace-->
0c69de4672ec173dc4c60b19e0bf93b361f45a804859f7bc2105d85ca83b1169
[root@centos01 ~]# Docker network create-d bridge gongsunli <!--create network namespace-->
35687468c9034262173a96e9c23e045cbb8b7ffa6648fc84e015504740815001
[root@centos01 ~]# Ifconfig <!--View docker host network card information-->
br-0c69de4672ec: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 0.0.0.0

br-35687468c903: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.19.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
[root@centos01 ~]# docker run -it -d --name centos6.701 --network=liyanxin hub.c.163.com/public/centos:6.7-tools    
         <!--Create a running container to add to liyanxin Isolation in Network Namespace-->
b85a2d8419a98756369ddc3b78247d3d42c178e8e563a936fe973f2f6611f951
[root@centos01 ~]# Docker exec-it centos6.701/bin/bash <!--Log on to centos6.701 container-->
[root@b85a2d8419a9 /]# Ifconfig <!--View IP address-->
eth0      Link encap:Ethernet  HWaddr 02:42:AC:12:00:02  
          inet addr:172.18.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
[root@centos01 ~]# docker run -it -d --name centos6.702 --network=gongsunli hub.c.163.com/public/centos:6.7-tools    
      <!--Create a running container to add to gongsunli Isolation in Network Namespace-->
9af0fb7b85af3270f3c7c44b62438f436b22289ac0a7604d6ed522604b7b185f
[root@centos01 ~]# Docker exec-it centos6.702/bin/bash <!--Log on to centos6.702 container-->
[root@9af0fb7b85af /]# Ifconfig <!--View IP address-->
eth0      Link encap:Ethernet  HWaddr 02:42:AC:13:00:02  
          inet addr:172.19.0.2  Bcast:0.0.0.0  Mask:255.255.0.0

3. Configuring bridges to achieve network isolation

1. Configuring bridges for network isolation purposes

The container that implements the Docker host communicates across the containers of the Docker host.

2. Principle of Network Isolation by Configuring Network Bridge

Bridge the physical network card onto the created bridge network card; configure the IP address for the bridge network card; create a container to load the bridge network card implementation; docker host container communicates across docker host container; administrator manages docker host for remote management through the bridge network card

3. Configure docker bridge for network isolation

[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32  
         <!--modify docker Host Physical Network Card Bridges to Network Bridge Network Card br0-->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0    <!--Add this line-->
[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-br0   
         <!--Create and Generate br0 bridge-->
[root@centos01 ~]# Vim/etc/sysconfig/network-scripts/ifcfg-br0 <!--Edit BR0 network card profile-->
TYPE=Bridge   <!--Modify this line-->
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=br0      <!--Modify Name-->
DEVICE=br0    <!--Modify Name-->
ONBOOT=yes
IPADDR=192.168.100.10    <!--Add Host IP address-->
NETMASK=255.255.255.0 
[root@centos01 ~]# Systemctl restart network <!--Restart docker host network card service-->
[root@centos01 ~]# Ifconfig <!--View docker host network card information-->
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.10  netmask 255.255.255.0  broadcast 192.168.100.255

br-0c69de4672ec: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 0.0.0.0

br-35687468c903: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.19.0.1  netmask 255.255.0.0  broadcast 0.0.0.0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:18:d3:26  txqueuelen 1000  (Ethernet)

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::4ad2:dd37:4341:5d8e  prefixlen 64  scopeid 0x20<link>

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0

veth7b0bb5f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ccd3:86ff:fee6:5725  prefixlen 64  scopeid 0x20<link>

veth7e0f471: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::684c:fdff:fe13:b436  prefixlen 64  scopeid 0x20<link>

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
[root@centos01 ~]# Yum-y install git <!--docker host installation git-->
[root@centos01 ~]# git clone https://github.com/jpetazzo/pipework
            <!--download docker Container Network Management Tool pipework-->
[root@centos01 ~]# CP pipework/pipework/usr/local/bin/ <!--Optimize administration commands-->
[root@centos01 ~]# Chmod +x/usr/local/bin/pipework <!--Add Execution Rights-->
[root@centos01 ~]# docker run -d --name centos6.703 --network=none hub.c.163.com/public/centos:6.7-tools    
             <!--Run containers through mirroring-->
adea0ad48bdde947ec595382d96cba06eb6522ec046e9b3c7bfcb1edb5c84545
[root@centos01 ~]# pipework br0 centos6.703 192.168.100.101/24   
                   <!--to centos6.703 Container Configuration IP address-->
[root@centos01 ~]# Docker exec-it centos6.703/bin/bash <!--Log on to centos6.703 container-->
[root@adea0ad48bdd /]# Ifconfig <!--View IP address-->
eth1      Link encap:Ethernet  HWaddr FA:3A:9D:ED:C0:FF  
          inet addr:192.168.100.101  Bcast:192.168.100.255  Mask:255.255.255.0
[root@adea0ad48bdd /]# ping 192.168.100.10
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.097 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.039 ms

4. Configure communication between docker host container and docker host container

[root@centos02 ~]# Ping www.baidu.com <!--Open a new server, connect to the public network, install docker-->
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=1 ttl=51 time=19.5 ms
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=2 ttl=51 time=17.3 ms
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=3 ttl=51 time=18.1 ms
[root@centos02 ~]# cd /etc/yum.repos.d/
[root@centos02 yum.repos.d]# ls
local.repo
[root@centos02 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo  
        <!--download centos7 source-->
[root@centos02 ~]# Yum install docker-y <!--install docker-->
[root@centos02 ~]# Systemctl start docker <!--Start docker-->
[root@centos02 ~]# Systemctl enable docker <!--Set startup autostart-->
[root@centos02 ~]# Docker pull hub.c.163.com/public/centos:6.7-tools <!--Download mirror-->
[root@centos02 ~]# Docker images <!--View mirror-->
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
hub.c.163.com/public/centos   6.7-tools           b2ab0ed558bb        3 years ago         602 MB
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32   
             <!--modify docker Host Network Card Configuration Information Bridging br0 Network card -->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0    <!--Add this line-->
[root@centos02 ~]# Cp/etc/sysconfig/network-scripts/ifcfg-ens32/etc/sysconfig/network-scripts/ifcfg-br0 <!--Create and generate BR0 bridge-->
[root@centos02 ~]# Vim/etc/sysconfig/network-scripts/ifcfg-br0 <!--Edit BR0 network card profile-->
TYPE=Bridge   <!--Modify to Bridge-->
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=br0    <!--Modify Name-->
DEVICE=br0    <!--Modify to br0-->
ONBOOT=yes
IPADDR=192.168.100.20   <!--Add Host IP address-->
NETMASK=255.255.255.0
[root@centos02 ~]# Systemctl restart network <!--Restart docker host network card service-->
[root@centos02 ~]# Ifconfig <!--View docker host network card information-->
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.20  netmask 255.255.255.0  broadcast 192.168.100.255

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:97:5c:9f  txqueuelen 1000  (Ethernet)

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.104  netmask 255.255.255.0  broadcast 192.168.0.255

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
[root@centos02 ~]# Yum-y install git <!--install git-->
[root@centos02 ~]# git clone https://github.com/jpetazzo/pipework   
         <!--download docker Container Network Management Tool pipework-->
[root@centos02 ~]# CP pipework/pipework/usr/local/bin/ <!--Optimize administration commands-->
[root@centos02 ~]# Chmod +x/usr/local/bin/pipework <!--Add Execution Rights-->
[root@centos02 ~]# Docker run-d --name centos6.7 --network=none hub.c.163.com/public/centos:6.7-tools <!--by running containers-->
abec0a6bd3822a2fd702dc44d1cf3043648aadd1a661e577c23701e30ee9df7a
[root@centos02 ~]# pipework br0 centos6.7 192.168.100.102/24   
          <!--to centos6.7 Container Configuration IP address-->
[root@centos02 ~]# Docker exec-it centos6.7/bin/bash <!--Log on to centos6.7 container-->
[root@abec0a6bd382 /]# Ifconfig <!--View IP address-->
eth1      Link encap:Ethernet  HWaddr EE:01:B7:99:90:1C  
          inet addr:192.168.100.102  Bcast:192.168.100.255  Mask:255.255.255.0
[root@abec0a6bd382 /]# ping 192.168.100.101   <!---->
PING 192.168.100.101 (192.168.100.101) 56(84) bytes of data.
64 bytes from 192.168.100.101: icmp_seq=1 ttl=64 time=0.660 ms
64 bytes from 192.168.100.101: icmp_seq=2 ttl=64 time=0.865 ms
64 bytes from 192.168.100.101: icmp_seq=3 ttl=64 time=0.382 ms
[root@abec0a6bd382 /]# ping 192.168.100.10    <!---->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.632 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.732 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.796 ms
[root@abec0a6bd382 /]# ping 192.168.100.20    <!---->
PING 192.168.100.20 (192.168.100.20) 56(84) bytes of data.
64 bytes from 192.168.100.20: icmp_seq=1 ttl=64 time=0.144 ms
64 bytes from 192.168.100.20: icmp_seq=2 ttl=64 time=0.094 ms
64 bytes from 192.168.100.20: icmp_seq=3 ttl=64 time=0.043 ms

_________

Tags: Linux Docker network Nginx CentOS

Posted on Sun, 17 May 2020 13:35:15 -0400 by Toneboy