docker网络

docker网络 docker 网络介绍 两个简单的container 示例

docker-compose.yml如下：（dockerfile 简单安装几个常用工具）

services:
  box1:
    image: box1
    command: /bin/sh -c "while true; do sleep 3600; done"
  
  box2:
    image: box1
    command: /bin/sh -c "while true; do sleep 3600; done"

进入box1
ping box2或者ping container的name都可以ping通，为什么？

在box1继续执行dig 命令后输出如下：

; <<>> DiG 9.16.20 <<>> box2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63898
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;box2.                          IN      A

;; ANSWER SECTION:
box2.                   600     IN      A       172.24.0.3

;; Query time: 1 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Thu Nov 11 11:36:14 UTC 2021
;; MSG SIZE  rcvd: 42

实际上docerengine维护了一个DNS服务，service的name和container的name都写到了该DNS上,这个DNS本机也可以ping 通
在box1继续执行ip a 查看网络

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE:  mtu 1480 qdisc noop state DOWN qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE:  mtu 1452 qdisc noop state DOWN qlen 1000
    link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
68: eth0@if69:  mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:19:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.25.0.2/16 brd 172.25.255.255 scope global eth0
       valid_lft forever preferred_lft forever

etho 就是box1中指定的网络