docker Bridge0详解（14）

一、 两个容器的通信原理

列出docker网络情况，会有一个bridge类型

[[email protected] ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
189c7cd427cf        bridge              bridge              local
fc342b7c0300        host                host                local
7ed63a8db096        none                null                local

[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
 1000    link/ether 08:00:27:86:e3:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.28.58.4/16 brd 172.28.255.255 scope global dynamic enp0s3
       valid_lft 35896sec preferred_lft 35896sec
    inet6 fe80::f8da:1de:daac:3ce0/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qle
n 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state D
OWN qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:cd:60:93:0c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:cdff:fe60:930c/64 scope link 
       valid_lft forever preferred_lft forever
69: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue maste
r docker0 state UP     link/ether 9e:8a:9c:01:e4:44 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::9c8a:9cff:fe01:e444/64 scope link 
       valid_lft forever preferred_lft forever

[[email protected] ~]# docker exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default ql
en 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
68: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP gro
up default     link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

可以看出，容器test1中的[email protected]与宿主机[email protected]是一对Veth-pair，建立了连接，然后链接到宿主机docker0。

[[email protected] ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242cd60930c	no		vethc586dda

二、容器是如何访问外网的