实验简介
一、实验目的
- 掌握 Docker 安装后默认的三种网络(bridge、host、none)的工作原理与使用方式。
- 理解默认 bridge 网络的局限,学会创建自定义 bridge 网络,实现容器名 DNS 解析与稳定互联。
- 掌握容器加入多个网络、joined(container)共享网络栈模式的使用。
- 理解容器访问外网、外部访问容器的端口映射(-p)与 NAT 转发机制。
- 了解 Docker CNM 模型,初步掌握 macvlan 跨主机容器网络配置。
二、实验环境
- 操作系统:CentOS/RHEL 7/9
- 软件:Docker 社区版
- 节点:单节点演示默认 / 自定义网络,双节点演示 macvlan 跨主机网络
三、核心实验内容
1. 原生默认网络
- bridge(docker0):容器默认网络,独立网络 Namespace,需端口映射对外提供服务,容器间仅 IP 互通。
- host:共享宿主机网络栈,性能高、无隔离,端口与宿主机冲突。
- none:仅本地回环 lo,无网络功能,适用于高安全隔离场景。
2. 自定义 bridge 网络
- 创建自定义子网、网关的桥接网络。
- 解决默认网络 IP 动态变化问题,支持容器名 DNS 自动解析。
- 实现不同网络隔离,通过
docker network connect实现容器多网卡跨网通信。
3. 特殊网络模式
- joined(container)模式:容器共享同一网络栈,本地回环直接通信,示例:phpMyAdmin 与 MySQL 共用网络。
4. 容器内外网访问
- 容器访问外网:iptables/nftables 地址伪装(MASQUERADE)。
- 外网访问容器:
-p端口映射,DNAT 转发 + docker-proxy 代理。
5. 跨主机网络
- 基于 Linux macvlan 技术,容器直接挂载物理网卡,二层互通,无 NAT 损耗。
- 配置网卡混杂模式,创建 macvlan 网络,实现不同宿主机容器直接通信。
四、实验结论
- 默认 bridge 网络简单但缺少 DNS 解析,IP 不稳定,生产推荐自定义 bridge。
- host 网络性能最优但隔离性差,none 网络隔离最强但无网络能力。
- 容器间互联优先使用自定义网络 + 容器名访问,joined 模式适合紧密耦合应用。
- 端口映射与 NAT 实现内外网访问,macvlan/overlay 满足跨主机容器通信需求。
docker网络类型
[root@docker-node1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
58d00c7c60c5 bridge bridge local
3b745dc3cdb8 host host local
26501e37f962 none null localdocker原生bridge网络
[root@docker-node1 ~]# ip link show type bridge
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 56:d7:18:67:8d:03 brd ff:ff:ff:ff:ff:ff
4: br-d1a82367264d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 3a:3d:93:51:fa:35 brd ff:ff:ff:ff:ff:ff
[root@docker-node1 ~]# docker run -d --name web -p 80:80 nginx:1.26
323db76f4aafe438599dbe3dcc3fd6a273ec839d5e27ef5972cc9a607c446679
[root@docker-node1 ~]# ifconfig
br-d1a82367264d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::383d:93ff:fe51:fa35 prefixlen 64 scopeid 0x20<link>
ether 3a:3d:93:51:fa:35 txqueuelen 0 (Ethernet)
RX packets 3 bytes 84 (84.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 3326 (3.2 KiB)
TX errors 0 dropped 15 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::54d7:18ff:fe67:8d03 prefixlen 64 scopeid 0x20<link>
ether 56:d7:18:67:8d:03 txqueuelen 0 (Ethernet)
RX packets 3 bytes 84 (84.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 3326 (3.2 KiB)
TX errors 0 dropped 15 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::a040:c605:cb54:9f20 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4b:b9:fd txqueuelen 1000 (Ethernet)
RX packets 338 bytes 29610 (28.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 420 bytes 47069 (45.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 53 bytes 4241 (4.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 53 bytes 4241 (4.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth15980f4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 #容器使用的网卡
inet6 fe80::10bc:bbff:fe61:48e4 prefixlen 64 scopeid 0x20<link>
ether 12:bc:bb:61:48:e4 txqueuelen 0 (Ethernet)
RX packets 3 bytes 126 (126.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37 bytes 5454 (5.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethd7830b0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 #容器使用的网卡
inet6 fe80::d4fc:6ff:fec4:fa37 prefixlen 64 scopeid 0x20<link>
ether d6:fc:06:c4:fa:37 txqueuelen 0 (Ethernet)
RX packets 3 bytes 126 (126.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 7504 (7.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@docker-node1 mnt]# bridge link
5: vethd7830b0@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-d1a82367264d state forwarding priority 32 cost 2
6: veth15980f4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master docker0 state forwarding priority 32 cost 2
[root@docker-node1 mnt]# ip link show type bridge
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 56:d7:18:67:8d:03 brd ff:ff:ff:ff:ff:ff
4: br-d1a82367264d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 3a:3d:93:51:fa:35 brd ff:ff:ff:ff:ff:ffdocker原生host网络
[root@docker-node1 mnt]# docker run -it --rm --name test --network host busybox
/ # ifconfig
br-d1a82367264d Link encap:Ethernet HWaddr 3A:3D:93:51:FA:35
inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0
inet6 addr: fe80::383d:93ff:fe51:fa35/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:9 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:84 (84.0 B) TX bytes:4490 (4.3 KiB)
docker0 Link encap:Ethernet HWaddr 56:D7:18:67:8D:03
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::54d7:18ff:fe67:8d03/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:15 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:84 (84.0 B) TX bytes:3326 (3.2 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:4B:B9:FD
inet addr:172.25.254.10 Bcast:172.25.254.255 Mask:255.255.255.0
inet6 addr: fe80::a040:c605:cb54:9f20/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1172 errors:0 dropped:0 overruns:0 frame:0
TX packets:1346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:96462 (94.2 KiB) TX bytes:125113 (122.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4241 (4.1 KiB) TX bytes:4241 (4.1 KiB)
veth15980f4 Link encap:Ethernet HWaddr 12:BC:BB:61:48:E4
inet6 addr: fe80::10bc:bbff:fe61:48e4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:126 (126.0 B) TX bytes:5804 (5.6 KiB)
vethd7830b0 Link encap:Ethernet HWaddr D6:FC:06:C4:FA:37
inet6 addr: fe80::d4fc:6ff:fec4:fa37/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:126 (126.0 B) TX bytes:7574 (7.3 KiB)
/ #docker 原生none网络
[root@docker-node1 ~]# docker run -it --name test --rm --network none busybox
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)docker的自定义网络
自定义桥接网络
#在建立自定以网络时,默认使用桥接模式
[root@docker-node1 ~]# docker network create my_net1
90255a65568c4383d4f8b6aa3371567d4ac771f38b757dd821fe03a4f9729cac
[root@docker-node1 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
58d00c7c60c5 bridge bridge local
d1a82367264d harbor_harbor bridge local
3b745dc3cdb8 host host local
90255a65568c my_net1 bridge local
26501e37f962 none null local
#桥接默认是单调递增
[root@docker-node1 ~]# ifconfig
br-90255a65568c: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255
ether e6:bf:7f:86:cb:d9 txqueuelen 0 (Ethernet)
RX packets 3 bytes 126 (126.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 5804 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-d1a82367264d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::383d:93ff:fe51:fa35 prefixlen 64 scopeid 0x20<link>
ether 3a:3d:93:51:fa:35 txqueuelen 0 (Ethernet)
RX packets 3 bytes 84 (84.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 3326 (3.2 KiB)
TX errors 0 dropped 15 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::54d7:18ff:fe67:8d03 prefixlen 64 scopeid 0x20<link>
ether 56:d7:18:67:8d:03 txqueuelen 0 (Ethernet)
RX packets 3 bytes 84 (84.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 3326 (3.2 KiB)
TX errors 0 dropped 15 overruns 0 carrier 0 collisions 0
#桥接也支持自定义子网和网关
[root@docker-node1 ~]# docker network create my_net2 --subnet 172.25.0.0/24 --gateway 172.25.0.100
5b0d1590f3472f6b104fbefa365e8a096ab8c06c519eee34a9e0ce897ca1edb8
[root@docker-node1 ~]# docker network inspect my_net2
[
{
"Name": "my_net2",
"Id": "5b0d1590f3472f6b104fbefa365e8a096ab8c06c519eee34a9e0ce897ca1edb8",
"Created": "2026-03-21T15:01:15.647657182+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv4": true,
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.25.0.0/24",
"Gateway": "172.25.0.100"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Options": {},
"Labels": {},
"Containers": {},
"Status": {
"IPAM": {
"Subnets": {
"172.25.0.0/24": {
"IPsInUse": 3,
"DynamicIPsAvailable": 253
}
}
}
}
}
]为什么要自定义桥接
[root@docker-node1 ~]# docker run -d --name web1 nginx
c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14
[root@docker-node1 ~]# docker run -d --name web2 nginx
a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c
[root@docker-node1 ~]# docker inspect web1
[
{
"Id": "c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14",
"Created": "2026-03-21T07:02:29.93863216Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4834,
"ExitCode": 0,
"Error": "",
"StartedAt": "2026-03-21T07:02:29.972603461Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:bc45d248c4e1d1709321de61566eb2b64d4f0e32765239d66573666be7f13349",
"ResolvConfPath": "/var/lib/docker/containers/c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14/hostname",
"HostsPath": "/var/lib/docker/containers/c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14/hosts",
"LogPath": "/var/lib/docker/containers/c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14/c0c5c86d905db2385e49761255268dbd72898fe44901127a05ae39a348a0cb14-json.log",
"Name": "/web1",
"RestartCount": 0,
"Driver": "overlayfs",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "bridge",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
50,
89
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": null,
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": [],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/acpi",
"/proc/asound",
"/proc/interrupts",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/sched_debug",
"/proc/scsi",
"/proc/timer_list",
"/proc/timer_stats",
"/sys/devices/virtual/powercap",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"Storage": {
"RootFS": {
"Snapshot": {
"Name": "overlayfs"
}
}
},
"Mounts": [],
"Config": {
"Hostname": "c0c5c86d905d",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.29.6",
"NJS_VERSION=0.9.6",
"NJS_RELEASE=1~trixie",
"ACME_VERSION=0.3.1",
"PKG_RELEASE=1~trixie",
"DYNPKG_RELEASE=1~trixie"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"SandboxID": "f710cd482bc21dac0b287e20e6467d6b1717082d398390529f1440d01e296ee2",
"SandboxKey": "/var/run/docker/netns/f710cd482bc2",
"Ports": {
"80/tcp": null
},
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"DriverOpts": null,
"GwPriority": 0,
"NetworkID": "58d00c7c60c54c9366051b55909b06cf01d4d6fedb14e5c0a278ceec7f44b93c",
"EndpointID": "dcfe9a11f002172ed60952e50ab12b07f0fe3626bcaad969a9e1a7b506d1e716",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"MacAddress": "42:d0:ac:fb:d9:db",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
}
}
},
"ImageManifestDescriptor": {
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:a6bead2c897e9e39ca1a2dbd241f96dc181c8d32adcb6201258624fb37d2c7fe",
"size": 2290,
"annotations": {
"com.docker.official-images.bashbrew.arch": "amd64",
"org.opencontainers.image.base.digest": "sha256:b29a157cc8540addda9836c23750e389693bf3b6d9a932a55504899e5601a66b",
"org.opencontainers.image.base.name": "debian:trixie-slim",
"org.opencontainers.image.created": "2026-03-10T22:31:22Z",
"org.opencontainers.image.revision": "4b41a5f5e05939905d98a540a269046e862d8d03",
"org.opencontainers.image.source": "https://github.com/nginx/docker-nginx.git#4b41a5f5e05939905d98a540a269046e862d8d03:mainline/debian",
"org.opencontainers.image.url": "https://hub.docker.com/_/nginx",
"org.opencontainers.image.version": "1.29.6"
},
"platform": {
"architecture": "amd64",
"os": "linux"
}
}
}
]
[root@docker-node1 ~]# docker inspect web2
[
{
"Id": "a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c",
"Created": "2026-03-21T07:02:36.828729736Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4922,
"ExitCode": 0,
"Error": "",
"StartedAt": "2026-03-21T07:02:36.863011417Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:bc45d248c4e1d1709321de61566eb2b64d4f0e32765239d66573666be7f13349",
"ResolvConfPath": "/var/lib/docker/containers/a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c/hostname",
"HostsPath": "/var/lib/docker/containers/a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c/hosts",
"LogPath": "/var/lib/docker/containers/a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c/a8bb836f307354cba589802f7a906ce6712483ab95929c915ace5fbedb3b323c-json.log",
"Name": "/web2",
"RestartCount": 0,
"Driver": "overlayfs",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "bridge",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
50,
89
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": null,
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": [],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/acpi",
"/proc/asound",
"/proc/interrupts",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/sched_debug",
"/proc/scsi",
"/proc/timer_list",
"/proc/timer_stats",
"/sys/devices/virtual/powercap",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"Storage": {
"RootFS": {
"Snapshot": {
"Name": "overlayfs"
}
}
},
"Mounts": [],
"Config": {
"Hostname": "a8bb836f3073",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.29.6",
"NJS_VERSION=0.9.6",
"NJS_RELEASE=1~trixie",
"ACME_VERSION=0.3.1",
"PKG_RELEASE=1~trixie",
"DYNPKG_RELEASE=1~trixie"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"SandboxID": "a3bc7b3444c500fd1560db92814ec70ab43b6a902aa3bb15c7c1516fcda6cdf8",
"SandboxKey": "/var/run/docker/netns/a3bc7b3444c5",
"Ports": {
"80/tcp": null
},
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"DriverOpts": null,
"GwPriority": 0,
"NetworkID": "58d00c7c60c54c9366051b55909b06cf01d4d6fedb14e5c0a278ceec7f44b93c",
"EndpointID": "9e786c22fa4d2221283f047d5329db334a6b2f2356cd48f451d844172a8d764e",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.4",
"MacAddress": "16:9a:4e:de:19:44",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
}
}
},
"ImageManifestDescriptor": {
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:a6bead2c897e9e39ca1a2dbd241f96dc181c8d32adcb6201258624fb37d2c7fe",
"size": 2290,
"annotations": {
"com.docker.official-images.bashbrew.arch": "amd64",
"org.opencontainers.image.base.digest": "sha256:b29a157cc8540addda9836c23750e389693bf3b6d9a932a55504899e5601a66b",
"org.opencontainers.image.base.name": "debian:trixie-slim",
"org.opencontainers.image.created": "2026-03-10T22:31:22Z",
"org.opencontainers.image.revision": "4b41a5f5e05939905d98a540a269046e862d8d03",
"org.opencontainers.image.source": "https://github.com/nginx/docker-nginx.git#4b41a5f5e05939905d98a540a269046e862d8d03:mainline/debian",
"org.opencontainers.image.url": "https://hub.docker.com/_/nginx",
"org.opencontainers.image.version": "1.29.6"
},
"platform": {
"architecture": "amd64",
"os": "linux"
}
}
}
]
#关闭容器后重启容器,启动顺序调换
[root@docker-node1 ~]# docker stop web1 web2
web1
web2
[root@docker-node1 ~]# docker start web2
web2
[root@docker-node1 ~]# docker start web1
web1
#我们会发现容器ip颠倒
#docker原生网络是不支持dns解析的,自定义网络中内嵌了dns
[root@docker-node1 ~]# docker run -d --network my_net1 --name web nginx
a016c6f835fd054e571af78bc790253f0a0110df7b11485df6e4f6cd73f740b9
[root@docker-node1 ~]# docker run -it --network my_net1 --name test busybox
/ # ping web
PING web (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.124 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.100 ms
64 bytes from 172.19.0.2: seq=2 ttl=64 time=0.086 ms
#不同的自定义网络是不能通讯的
#在rhel7中使用的是iptables进行网络隔离,在rhel9中使用nftpables
[root@docker-node1 ~]# nft list ruleset
# Warning: table ip nat is managed by iptables-nft, do not touch!
table ip nat {
chain DOCKER {
ip daddr 127.0.0.1 iifname != "br-d1a82367264d" tcp dport 1514 counter packets 0 bytes 0 dnat to 172.18.0.2:10514
}
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
fib daddr type local counter packets 1 bytes 52 jump DOCKER
}
chain OUTPUT {
type nat hook output priority dstnat; policy accept;
ip daddr != 127.0.0.0/8 fib daddr type local counter packets 0 bytes 0 jump DOCKER
}
chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 172.25.0.0/24 oifname != "br-5b0d1590f347" counter packets 0 bytes 0 masquerade
ip saddr 172.19.0.0/16 oifname != "br-90255a65568c" counter packets 0 bytes 0 masquerade
ip saddr 172.17.0.0/16 oifname != "docker0" counter packets 0 bytes 0 masquerade
ip saddr 172.18.0.0/16 oifname != "br-d1a82367264d" counter packets 0 bytes 0 masquerade
}
}
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter {
chain DOCKER {
ip daddr 172.18.0.2 iifname != "br-d1a82367264d" oifname "br-d1a82367264d" tcp dport 10514 counter packets 0 bytes 0 accept
iifname != "br-d1a82367264d" oifname "br-d1a82367264d" counter packets 0 bytes 0 drop
iifname != "docker0" oifname "docker0" counter packets 0 bytes 0 drop
iifname != "br-90255a65568c" oifname "br-90255a65568c" counter packets 0 bytes 0 drop
iifname != "br-5b0d1590f347" oifname "br-5b0d1590f347" counter packets 0 bytes 0 drop
}
chain DOCKER-FORWARD {
counter packets 6 bytes 504 jump DOCKER-CT
counter packets 1 bytes 84 jump DOCKER-INTERNAL
counter packets 1 bytes 84 jump DOCKER-BRIDGE
iifname "br-d1a82367264d" counter packets 0 bytes 0 accept
iifname "docker0" counter packets 0 bytes 0 accept
iifname "br-90255a65568c" counter packets 1 bytes 84 accept
iifname "br-5b0d1590f347" counter packets 0 bytes 0 accept
}
chain DOCKER-BRIDGE {
oifname "br-d1a82367264d" counter packets 0 bytes 0 jump DOCKER
oifname "docker0" counter packets 0 bytes 0 jump DOCKER
oifname "br-90255a65568c" counter packets 1 bytes 84 jump DOCKER
oifname "br-5b0d1590f347" counter packets 0 bytes 0 jump DOCKER
}
chain DOCKER-CT {
oifname "br-d1a82367264d" ct state related,established counter packets 0 bytes 0 accept
oifname "docker0" ct state related,established counter packets 0 bytes 0 accept
oifname "br-90255a65568c" ct state related,established counter packets 5 bytes 420 accept
oifname "br-5b0d1590f347" ct state related,established counter packets 0 bytes 0 accept
}
chain DOCKER-INTERNAL {
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
counter packets 6 bytes 504 jump DOCKER-USER
counter packets 6 bytes 504 jump DOCKER-FORWARD
}
chain DOCKER-USER {
}
}
# Warning: table ip6 nat is managed by iptables-nft, do not touch!
table ip6 nat {
chain DOCKER {
}
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
fib daddr type local counter packets 0 bytes 0 jump DOCKER
}
chain OUTPUT {
type nat hook output priority dstnat; policy accept;
ip6 daddr != ::1 fib daddr type local counter packets 0 bytes 0 jump DOCKER
}
}
table ip6 filter {
chain DOCKER {
}
chain DOCKER-FORWARD {
counter packets 0 bytes 0 jump DOCKER-CT
counter packets 0 bytes 0 jump DOCKER-INTERNAL
counter packets 0 bytes 0 jump DOCKER-BRIDGE
}
chain DOCKER-BRIDGE {
}
chain DOCKER-CT {
}
chain DOCKER-INTERNAL {
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
counter packets 0 bytes 0 jump DOCKER-USER
counter packets 0 bytes 0 jump DOCKER-FORWARD
}
chain DOCKER-USER {
}
}
table ip raw {
chain PREROUTING {
type filter hook prerouting priority raw; policy accept;
ip daddr 172.18.0.2 iifname != "br-d1a82367264d" counter packets 0 bytes 0 drop
ip daddr 127.0.0.1 iifname != "lo" tcp dport 1514 counter packets 0 bytes 0 drop
ip daddr 172.17.0.3 iifname != "docker0" counter packets 0 bytes 0 drop
ip daddr 172.17.0.4 iifname != "docker0" counter packets 0 bytes 0 drop
ip daddr 172.19.0.2 iifname != "br-90255a65568c" counter packets 0 bytes 0 drop
}
}如何让不同的自定义网络互通?
[root@docker-node1 ~]# docker run -d --name web1 --network my_net1 nginx
758e16fa7bd8aa0e842b58313db0646c61ed96ac373095e351a7c6b571b1352f
[root@docker-node1 ~]# docker run -it --name test --network my_net2 busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 6E:CA:91:1D:91:C5
inet addr:172.25.0.1 Bcast:172.25.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5384 (5.2 KiB) TX bytes:126 (126.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1): 56 data bytes
64 bytes from 172.17.0.1: seq=0 ttl=64 time=0.062 ms
64 bytes from 172.17.0.1: seq=1 ttl=64 time=0.077 ms
64 bytes from 172.17.0.1: seq=2 ttl=64 time=0.096 ms
[root@docker-node1 ~]# docker start test
test
[root@docker-node1 ~]# docker exec -it test ifconfig
eth0 Link encap:Ethernet HWaddr D2:BB:F8:94:D5:F7
inet addr:172.25.0.1 Bcast:172.25.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2042 (1.9 KiB) TX bytes:126 (126.0 B)
eth1 Link encap:Ethernet HWaddr 46:81:BE:83:01:04
inet addr:172.19.0.4 Bcast:172.19.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1782 (1.7 KiB) TX bytes:126 (126.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)joined容器网络
[root@docker-node1 ~]# docker run -it --rm --network container:web1 busybox
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 7A:CB:6E:E0:94:5C
inet addr:172.19.0.3 Bcast:172.19.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2534 (2.4 KiB) TX bytes:126 (126.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@docker-node1 ~]# docker load -i centos7.tar
Loaded image: centos:7
[root@docker-node1 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
172.25.254.100:5000/busybox:latest b3255e7dfbcd 6.7MB 2.22MB U
172.25.254.10:443/busybox:latest b3255e7dfbcd 6.7MB 2.22MB U
172.25.254.10:5000/busybox:latest b3255e7dfbcd 6.7MB 2.22MB U
busybox-file:latest 429465e1ba22 6.71MB 2.21MB
busybox:latest b3255e7dfbcd 6.7MB 2.22MB U
centos:7 be65f488b776 299MB 76.1MB
goharbor/harbor-core:v2.14.0 32fb1bea30a8 412MB 204MB U
goharbor/harbor-db:v2.14.0 257d051f27d7 563MB 278MB U
goharbor/harbor-exporter:v2.14.0 7d050a6cbf58 270MB 134MB
goharbor/harbor-jobservice:v2.14.0 317294a42a01 363MB 180MB U
goharbor/harbor-log:v2.14.0 b208a659155f 335MB 166MB U
goharbor/harbor-portal:v2.14.0 f7edc122f9f3 327MB 162MB U
goharbor/harbor-registryctl:v2.14.0 3e4111e0aca6 334MB 166MB U
goharbor/nginx-photon:v2.14.0 a1287393aaa1 309MB 153MB U
goharbor/prepare:v2.14.0 941297444ea3 411MB 202MB
goharbor/redis-photon:v2.14.0 a35163ff2720 339MB 168MB U
goharbor/registry-photon:v2.14.0 ba892b6ec307 177MB 88.2MB U
goharbor/trivy-adapter-photon:v2.14.0 c2f4dbf5cad3 790MB 394MB U
lee:v5 ba189de866ec 6.71MB 2.22MB
lee:v6 e8bec3643fff 6.7MB 2.22MB
lee:v7 3298d4471757 6.71MB 2.22MB
nginx:1.26 41b194461e4b 279MB 75.2MB
nginx:latest bc45d248c4e1 237MB 65.8MB U
reg.timinglee.org/busybox:latest b3255e7dfbcd 6.7MB 2.22MB U
registry:latest 6c5666b861f3 77.3MB 18.8MB
timinglee.org/library/busybox:latest b3255e7dfbcd 6.7MB 2.22MB U
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB U
timinglee:v1 c42a715ffdf9 6.71MB 2.21MB
timinglee:v7 907c4cfd4c9f 6.71MB 2.22MB
[root@docker-node1 ~]# docker run -it --rm --network container:web1 centos:7
[root@758e16fa7bd8 /]# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, nginx is successfully installed and working.
Further configuration is required for the web server, reverse proxy,
API gateway, load balancer, content cache, or other features.</p>
<p>For online documentation and support please refer to
<a href="https://nginx.org/">nginx.org</a>.<br/>
To engage with the community please visit
<a href="https://community.nginx.org/">community.nginx.org</a>.<br/>
For enterprise grade support, professional services, additional
security features and capabilities please refer to
<a href="https://f5.com/nginx">f5.com/nginx</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>利用容器部署phpmyadmin管理mysql
#运行phpmysqladmin
[root@docker-node1 ~]# docker load -i mysql-8.0.tar
Loaded image: mysql:8.0
[root@docker-node1 ~]# docker load -i phpmyadmin-latest.tar.gz
Loaded image: phpmyadmin:latest
[root@docker-node1 ~]# docker run -d --name mysqladmin --network my_net1 \
-e PMA_ARBITRARY=1 \
-p 80:80 phpmyadmin:latest
6fd4eccad2e4bb230a6996cf45ac9c7aac2adceeb09b4531fec4f1ef7cfa55b3
[root@docker-node1 ~]# docker run -d --name mysql --network container:mysqladmin -e MYSQL_ROOT_PASSWORD='lee' mysql:8.0
4d08580d84eaea667042c45200f1538a954ee5906d98d8d59edf9df8f4cc2b44
容器内外网的访问
容器访问外网
[root@docker-node1 ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.25.0.0/24 0.0.0.0/0
MASQUERADE all -- 172.19.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.18.0.0/16 0.0.0.0/0 #内网访问外网策略
Chain DOCKER (2 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:1514 to:172.18.0.2:10514
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.19.0.5:80外网访问docker容器
#通过docker-proxy对数据包进行内转
[root@docker-node1 ~]# docker run -d --name webserver -p 8080:80 nginx
00dfc27971b56d7b377714b4456478cb9d209462adff8588b27e5befbacc2247
[root@docker-node1 ~]# ps ax
5662 ? Ss 0:00 nginx: master process nginx -g daemon off;
5721 ? S 0:00 nginx: worker process
5722 ? S 0:00 nginx: worker process
6057 ? Sl 0:00 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 758e16f
6080 ? Ss 0:00 nginx: master process nginx -g daemon off;
6140 ? S 0:00 nginx: worker process
6141 ? S 0:00 nginx: worker process
#通过dnat策略来完成浏览内转
[root@docker-node1 ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.25.0.0/24 0.0.0.0/0
MASQUERADE all -- 172.19.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.18.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:1514 to:172.18.0.2:10514
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.19.0.5:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.17.0.2:80docker跨主机网络
#在两台docker主机上各添加一块网卡,打开网卡混杂模式
[root@docker ~]# ip link set eth1 promisc on
[root@docker ~]# ip link set up eth1
[root@docker ~]# ifconfig eth1
eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
ether 00:0c:29:ec:fc:dd txqueuelen 1000 (Ethernet)
RX packets 83 bytes 8696 (8.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#添加macvlan网络
[root@docker ~]# docker network create \-d macvlan \--subnet 1.1.1.0/24 \--gateway 1.1.1.1 \-o parent=eth1 macvlan1
#测试
#在docker-node1中
[root@docker ~]# docker run -it --name busybox --network macvlan1 --ip 1.1.1.100 --rm busybox
/ # ping 1.1.1.200
#在docker-node2中
[root@docker-node2 ~]# docker run -it --name busybox --network macvlan1 --ip
1.1.1.200 --rm busybox
/ #