详细讲解Docker的Braidge模式

首先介绍几个概念

然后从现象去分析本质

通过ip address命令可以发现在我们的Ubuntu中存在两个网络接口，分别是1: lo 它主要用于网络测试。2: enp42s0 它是我们主机的以太网接口.

root@tty199:/export/docker# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp42s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether d8:bb:c1:a5:73:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.21/24 brd 192.168.1.255 scope global dynamic noprefixroute enp42s0
       valid_lft 256587sec preferred_lft 256587sec
    inet6 240e:3bb:a6e:56f0:3393:2e5e:bb93:6b53/64 scope global temporary dynamic 
       valid_lft 86077sec preferred_lft 83594sec
    inet6 240e:3bb:a6e:56f0:6942:ecca:2d8a:a4e1/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 86077sec preferred_lft 86077sec
    inet6 fe80::4156:f8a5:5fc4:37ae/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

当我们安装完Docker之后再通过ip address会发现生成了3: docker0 这个网络接口，实际上它是docker创建的一个网关接口，我们后面讲。

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3e:fc:07:58 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:3eff:fefc:758/64 scope link 
       valid_lft forever preferred_lft forever

然后我们启动一个容器后继续查看ip信息会发现,网络接口编号4 不见了，直接来到了5: vethf16ef0e@if4. 其中概念解释veth(Vertrual Ethernet Device) 虚拟以太网,在下面的这一段内容中我们可以发现Docker0是我们熟悉的。

5: vethf16ef0e@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 96:b5:24:d8:e9:8b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::94b5:24ff:fed8:e98b/64 scope link 
       valid_lft forever preferred_lft forever

通过Json解析后发现ip -json -detail address show dev vethf16ef0e| jq . ifindex 5 的名字是vethf16ef0e确实是我们当前的虚拟机地址。然后还有一个参数link_index:4实际上就是没有显示出来的编号为4的网络接口。并且本容器的master:docker0表示容器关联到docker0中。

[
  {
    "ifindex": 5,
    "link_index": 4,
    "ifname": "vethf16ef0e",
    "flags": [
      "BROADCAST",
      "MULTICAST",
      "UP",
      "LOWER_UP"
    ],
    "mtu": 1500,
    "qdisc": "noqueue",
    "master": "docker0",
    "operstate": "UP",
    "group": "default",
    "link_type": "ether",
    "address": "96:b5:24:d8:e9:8b",
    "broadcast": "ff:ff:ff:ff:ff:ff",
    "link_netnsid": 0,
    "promiscuity": 1,
    "min_mtu": 68,
    "max_mtu": 65535,
    "linkinfo": {
      "info_kind": "veth",
      "info_slave_kind": "bridge",
      "info_slave_data": {
        "state": "forwarding",
        "priority": 32,
        "cost": 2,
        "hairpin": false,
        "guard": false,
        "root_block": false,
        "fastleave": false,
        "learning": true,
        "flood": true,
        "id": "0x8001",
        "no": "0x1",
        "designated_port": 32769,
        "designated_cost": 0,
        "bridge_id": "8000.2:42:3e:fc:7:58",
        "root_id": "8000.2:42:3e:fc:7:58",
        "hold_timer": 0,
        "message_age_timer": 0,
        "forward_delay_timer": 0,
        "topology_change_ack": 0,
        "config_pending": 0,
        "proxy_arp": false,
        "proxy_arp_wifi": false,
        "multicast_router": 1,
        "mcast_flood": true,
        "mcast_to_unicast": false,
        "neigh_suppress": false,
        "group_fwd_mask": "0",
        "group_fwd_mask_str": "0x0",
        "vlan_tunnel": false,
        "isolated": false
      }
    },
    "num_tx_queues": 32,
    "num_rx_queues": 32,
    "gso_max_size": 65536,
    "gso_max_segs": 65535,
    "addr_info": [
      {
        "family": "inet6",
        "local": "fe80::94b5:24ff:fed8:e98b",
        "prefixlen": 64,
        "scope": "link",
        "valid_life_time": 4294967295,
        "preferred_life_time": 4294967295
      }
    ]
  }
]

我们还可以列出Docker容器信息,还可以发现容器确实与Docker0处于同一个网络环境中。

[
    {
        "Name": "bridge",
        "Id": "a850a71f800fc2d0275a3cd8cc409b8941a34682e8df167308ceb828db7bb4c7",
        "Created": "2024-01-28T11:43:53.589965622+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "a9dc3fadaa797adbd357d83e35986b742e0599255c9b9d4a36c8942b50b0d01f": {
                "Name": "tender_faraday",
                "EndpointID": "781a3e83c42e72f7ea63b249ac9bd78e892165b22590aad80a4811991cb04d33",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

因此我们得出了以下关系图

此处docker0就充当了桥的作用。我们的容器也可以访问真实以太网了。