Docker-网络管理-命令入门

一、命令入门

1 创建网络

1.1 语法

bash 复制代码

docker network create [options] network_name

-d，--driver：网络驱动：bridge、host、container、none
--subnet：指定该网络分配的网段（CIDR 格式，如：127.0.0.1/16）
--gateway：指定该网络的网关，该网络下，所有网络通信通过该网关路由
--ipv6：启动IPV6

小提示：

网关地址必须在设定的网段内

若不设定网段，docker会自动为其分配网段，且网段第一位为网关地址

docker网络设定的网段，独立于宿主机的网段，由docker虚拟出来的网段

1.2 演示

创建一个bridge类型的网络，并且分配指定网段，然后查看该网络信息：

bash 复制代码

docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
4961851d7f3b   bridge    bridge    local
a6be76bcbdde   host      host      local
f446ebf2ce52   none      null      local

docker network create \
> --driver bridge \
> --subnet 192.178.0.0/16 \
> --gateway 192.178.0.1 \
> network_create_stu
9dc97a4b2fad7472081eff385cc2180177c8a1b5f89a664ce11b76a700c5a670
docker network ls
NETWORK ID     NAME                 DRIVER    SCOPE
4961851d7f3b   bridge               bridge    local
a6be76bcbdde   host                 host      local
9dc97a4b2fad   network_create_stu   bridge    local
f446ebf2ce52   none                 null      local
docker network inspect network_create_stu
[
    {
        "Name": "network_create_stu",
        "Id": "9dc97a4b2fad7472081eff385cc2180177c8a1b5f89a664ce11b76a700c5a670",
        "Created": "2026-02-18T14:43:55.392875116+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv4": true,
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.178.0.0/16",
                    "Gateway": "192.178.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

2 查看网络信息

2.1 语法

bash 复制代码

docker network inspect network_id [options]

-f，--format：指定格式输出

2.2 演示

bash 复制代码

docker network ls
NETWORK ID     NAME                 DRIVER    SCOPE
4961851d7f3b   bridge               bridge    local
a6be76bcbdde   host                 host      local
9dc97a4b2fad   network_create_stu   bridge    local
f446ebf2ce52   none                 null      local
docker network inspect -f json  network_create_stu
[{"Name":"network_create_stu","Id":"9dc97a4b2fad7472081eff385cc2180177c8a1b5f89a664ce11b76a700c5a670","Created":"2026-02-18T14:43:55.392875116+08:00","Scope":"local","Driver":"bridge","EnableIPv4":true,"EnableIPv6":false,"IPAM":{"Driver":"default","Options":{},"Config":[{"Subnet":"192.178.0.0/16","Gateway":"192.178.0.1"}]},"Internal":false,"Attachable":false,"Ingress":false,"ConfigFrom":{"Network":""},"ConfigOnly":false,"Containers":{},"Options":{},"Labels":{}}]
root@iZ2ze8ve39i30yl0dhbqneZ:~#

3 连接/关闭网络

3.1 语法

bash 复制代码

docker network connect [options] network_name container_name

--ip：指定该网络下，容器的ip地址
--ipv6：指定该网络下，容器的ipv6地址

bash 复制代码

docker network disconnect [options] network_name container_name

-f：强制退出

3.2 演示

操作说明

创建两个网络 net1和net2
启动c1容器，连接上述两个网络，查看c1网络信息
启动c2网络，连接net2，指定ip地址，查看c2网络信息
测试c1和c2连通性
c2断开网络，查看c2网络信息
测试c1和c2连通性

操作演示

bash 复制代码

# 1. 创建net1 net2
docker network create \
> --driver bridge \
> --subnet 192.158.0.0/16 \
> --gateway 192.158.0.1 \
> net1
787b12b8fcc3a0f1317924bfdd683933b8f07d07c6b4ab5a82d0bfb31a1950b4
docker network create \
> --driver bridge \
> --subnet 192.178.0.0/16 \
> --gateway 192.178.0.1 \
> net2
33e2c9c18e6cd15271b2323394c6a00e3b23e9598041f742b8e4e183b5a8d297
docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
4961851d7f3b   bridge    bridge    local
a6be76bcbdde   host      host      local
787b12b8fcc3   net1      bridge    local
33e2c9c18e6c   net2      bridge    local
f446ebf2ce52   none      null      local

# 2. 启动c1，连接两个网络，查看c1网络信息
docker run -itd --network=net1 --ip 192.158.0.4 --name c1 busybox:latest 
bba37ca3c78e50d728be8c0c92c927097e61a2f35aa1008b4dcb4cedfc2b0efe
docker network connect --ip 192.178.0.3 net2 c1
docker ps
CONTAINER ID   IMAGE            COMMAND   CREATED          STATUS          PORTS     NAMES
bba37ca3c78e   busybox:latest   "sh"      50 seconds ago   Up 49 seconds             c1
docker exec -it c1 sh
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if462: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 96:32:1d:a6:18:34 brd ff:ff:ff:ff:ff:ff
    inet 192.158.0.4/16 brd 192.158.255.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1@if463: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 5e:b7:87:b9:d3:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.178.0.3/16 brd 192.178.255.255 scope global eth1
       valid_lft forever preferred_lft forever

# 3. 启动c2，连接net2，查看c2网络信息
docker run --network=net2 --ip 192.178.0.2 --name c2 -itd busybox:latest
c659f4aaa1739609a9d9ae797e3c24e2fbce3b2418e9a377f832b2e6db828cca
docker exec -it c2 sh
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if464: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 6e:64:40:58:bc:e7 brd ff:ff:ff:ff:ff:ff
    inet 192.178.0.2/16 brd 192.178.255.255 scope global eth0
       valid_lft forever preferred_lft forever

# 4. 测试c1和c2连通性
docker exec -it c2 sh
ping c1
PING c1 (192.178.0.3): 56 data bytes
64 bytes from 192.178.0.3: seq=0 ttl=64 time=0.067 ms
64 bytes from 192.178.0.3: seq=1 ttl=64 time=0.102 ms
64 bytes from 192.178.0.3: seq=2 ttl=64 time=0.096 ms
^C
docker ecec -it c1 sh
ping c2
PING c2 (192.178.0.2): 56 data bytes
64 bytes from 192.178.0.2: seq=0 ttl=64 time=0.196 ms
64 bytes from 192.178.0.2: seq=1 ttl=64 time=0.093 ms
64 bytes from 192.178.0.2: seq=2 ttl=64 time=0.094 ms
64 bytes from 192.178.0.2: seq=3 ttl=64 time=0.098 ms
^C

# 5 断开c2和net2的连接，查看c2网络信息
docker network disconnect net2 c2
docker exec -it c2 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever


# 6 测试c1和c2连通性
docker exec -it c2 sh
ping c1
ping: bad address 'c1'

4 删除网络

4.1 语法

指定删除：

bash 复制代码

docker network rm [options] [network_name...]

-f 强制删除

批量清理：

bash 复制代码

# 删除未被使用/悬空的网络
docker network prune [options]

f：删除时，不提示信息，直接删除

4.2 演示

bash 复制代码

docker network ls 
NETWORK ID     NAME      DRIVER    SCOPE
4961851d7f3b   bridge    bridge    local
a6be76bcbdde   host      host      local
787b12b8fcc3   net1      bridge    local
33e2c9c18e6c   net2      bridge    local
f446ebf2ce52   none      null      local
docker network rm -f 787b12b8fcc3 33e2c9c18e6c
787b12b8fcc3
33e2c9c18e6c

# 批量删除（悬空网络）
docker network ls -f "dangling=true"
NETWORK ID     NAME      DRIVER    SCOPE
435ea5e8545d   n1        bridge    local
863f8c1b5fd4   n2        bridge    local
5d619d9dbfa9   n3        bridge    local
docker network prune
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Networks:
n2
n3
n1
docker network ls -f "dangling=true" # dangling是否查看悬空
NETWORK ID   NAME      DRIVER    SCOPE