Container interconnection between Docker's multiple physical hosts
May 22, 2021 Docker From entry to practice
Docker's default bridge network card is docker0. It only locally bridges all container network cards, for example, the container's virtual network card is generally called * on the host, and Docker just bridges all of these cards together, as follows:
[root@opnvz ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no veth0889
veth3c7b
veth4061The addresses you see in containers are typically ones like this:
root@ac6474aeb31d:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 4a:7d:68:da:09:cf brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::487d:68ff:feda:9cf/64 scope link
valid_lft forever preferred_lft foreverThis allows you to think of this network as a private network that connects to the external network via nat, and if you want the extranet to connect to a container, you need to do port mapping, which is the -p parameter.
If you are applying within an enterprise, or clustering multiple physical hosts, you may need to group containers for multiple physical hosts into a physical network, then you need to bridge the bridge to the network card we specify.
Topology
Host A and Host B's network cards are connected to the same vlan 101 of the physical switch, so that bridge one and bridge three are equivalent to the same physical network, and container one, container three, container four are also in the same physical network, they can communicate with each other, and can be connected with other physical machines in the same vlan.
Example of ubuntu
Here's an example of ubuntu creating a container network for multiple hosts: Create your own bridge, edit the /etc/network/interface file
auto br0
iface br0 inet static
address 192.168.7.31
netmask 255.255.240.0
gateway 192.168.7.254
bridge_ports em1
bridge_stp off
dns-nameservers 8.8.8.8 192.168.6.1Bind Docker's default bridge to this new br0, so that the container on this machine is bound to the physical network corresponding to the em1 network card.
ubuntu modifies the /etc/default/docker file to add the last line of content
# Docker Upstart and SysVinit configuration file
# Customize location of Docker binary (especially for development testing).
#DOCKER="/usr/local/bin/docker"
# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"
DOCKER_OPTS="-b=br0"When you start Docker, use the -b parameter to bind the container to the physical network. After you restart the Docker service, you can see that it is already bound to your physical network.
root@ubuntudocker:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58b043aa05eb desk_hz:v1 "/startup.sh" 5 days ago Up 2 seconds 5900/tcp, 6080/tcp, 22/tcp yanlx
root@ubuntudocker:~# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.7e6e617c8d53 no em1
vethe6e5This exposes the container directly to the physical network, and the containers of multiple physical hosts can also be connected to the Internet. It is important to note that this requires you to ensure the network security of the container yourself.