what is the use of HOST and NONE network in docker

2020-01-30 11:48发布

站内问答 / Docker
810 3 6

Trying to understand the docker networks, Docker creates the following networks automatically:

# docker network ls 
NETWORK ID          NAME                DRIVER              SCOPE
67b4afa88032        bridge              bridge              local               
c88f997a2fa7        host                host                local               
1df2947aad7b        none                null                local

I understood that the bridge network represents the docker0 network present in all Docker installations, referring from the link.

Can someone help me in understanding other networks, host and none, If possible with examples.

3条回答
兄弟一词,经得起流年.
2楼-- · 2020-01-30 11:55

Bridge network: Bridge is the default network in docker which is also called as docker0. It is the default network that bridges through the NAT firewall to the physical that your host is connected to. But, we don't care about it as all the containers will attach to this network and worked.

If you have any containers running, you could inspect the bridge network as,

$ docker network inspect bridge

....
"Containers": {
        "145a2716d018c6fe8e9f93a81d88afd5a7437f0084ddb170c40761818e6d2f67": {
            "Name": "nginx",
            "EndpointID": "ea6cfa433f41e21e572f17473c8e5f5e5d82e9f19646e66fe23abda20a3836b8",
            "MacAddress": "02:42:ac:11:00:02",
            "IPv4Address": "172.17.0.2/16",
            "IPv6Address": ""
        }
    },

...

Note: You can see that automatic IP address assigned to the container which is from the IPAM config subnet.

Host Network: is a special network which skips the virtual networking of docker and attach the container directly to host interface. It's really not recommended but, in certain situations, can improve the performance of high throughput networking and in other, you will loose out of few benefits of containerization.

$ docker container run -it --net=host nginx:alpine /bin/bash

None Network: is kind of equivalent to having an interface on your machine that's not attched to anything, but we can create our own. The none network adds a container to a container-specific network stack. That container lacks a network interface.

$ docker container run -it --network=none nginx:alpine /bin/bash

root@8cb783cd4509:/# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
查看更多
0人赞 添加讨论(0) 举报
Root(大扎)
3楼-- · 2020-01-30 11:58

Docker by default supports 3 networks:

1) None:

This mode will not configure any IP for the container and doesn’t have any access to the external network as well as for other containers. It does have the loopback address and can be used for running batch jobs.

# docker run -it --network=none ubuntu:14.04 /bin/bash
root@66308c6686be:/# ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

# 
# docker inspect 66308c6686be | grep -i ipaddr
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "",

2) Host

In this mode container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s host name will match the host name on the host system

# docker run -it --net=host ubuntu:14.04 /bin/bash
root@labadmin-VirtualBox:/# hostname
labadmin-VirtualBox

Even the IP configuration is same as the host system's IP configuration

root@labadmin-VirtualBox:/# ip addr | grep -A 2 eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
root@labadmin-VirtualBox:/# exit
exit

HOST SYSTEM IP CONFIGURATION

# ip addr | grep -A 2 eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default

In host and none mode are not configured directly but default bridge network can be configured as well as create your own user-defined bridge networks.

3) Bridge Mode

It is the Docker default networking mode which will enable the connectivity to the other interfaces of the host machine as well as among containers.

# docker run -it --network=bridge ubuntu:14.04 /bin/bash
root@58b0b1f18b2e:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:ac:11:00:0c  
          inet addr:172.17.0.12  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2668 (2.6 KB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Accessibility to other containers is possible in bridge mode.

root@58b0b1f18b2e:/# ping 172.17.0.11
PING 172.17.0.11 (172.17.0.11) 56(84) bytes of data.
64 bytes from 172.17.0.11: icmp_seq=1 ttl=64 time=0.143 ms
64 bytes from 172.17.0.11: icmp_seq=2 ttl=64 time=0.050 ms

Connectivity to external network.

root@58b0b1f18b2e:/# ping google.com 
PING google.com (216.58.197.46) 56(84) bytes of data.
64 bytes from maa03s20-in-f46.1e100.net (216.58.197.46): icmp_seq=1 ttl=51 time=16.9 ms

Connectivity to host machine

root@labadmin-VirtualBox:~# ip a | grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0

root@58b0b1f18b2e:/# ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
64 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.113 ms

Along with these docker provides MACVLAN network which allows to configure multiple Layer 2(MAC) addresses on a single physical interface.

查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
4楼-- · 2020-01-30 12:02

Suppose your docker image support ifconfig, image name is "ubuntu/net"

Then, run docker for host & none:

sudo docker run -it --network=host ubuntu/net
root@localhost:/# ifconfig
     docker0   Link encap:Ethernet  HWaddr xxxxxxxxxxxxx
               inet addr:x.x.x.x  Bcast:0.0.0.0  Mask:255.255.0.0
     eth0      Link encap:Ethernet  HWaddr xxxxxxxxxxxx
               inet addr:y.y.y.y  Bcast:  Mask:255.255.254.0


sudo docker run -it --network=none ubuntu/net
root@localhost:/# ifconfig
     lo        Link encap:Local Loopback
               inet addr:127.0.0.1  Mask:255.0.0.0
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)