Network management and network isolation implementation of Docker containers

1. Docker network management

1. Docker container method

1) Docker accesses the external network

The Docker container is connected to the host's Docker0 bridge to access the external network; the docker0 bridge is automatically added to the Docker container by default.

2) Communication between containers requires the administrator to create a bridge; connect different containers to the bridge to enable mutual access between containers.

3) External network access containers achieve communication through port mapping or synchronization of Docker host network configuration.

2. Docker container network communication mode

1) Bridge
The default container access to the external network communication is used; it depends on the docker0 bridge.

2) none
An independent network namespace needs to be created for the container; TCP/IP information will not be configured for the created container.

3) Container
Used for communication between containers; containers need to share a container namespace, and communication between different containers is achieved through the shared container namespace.

4) host
The internal network of the container is synchronized with the host.

3. Configure bridge network communication mode

[root@centos01 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 
       <!--Install centos7 source-->
[root@centos01 ~]# yum -y install docker <!--Install docker-->
[root@centos01 ~]# systemctl start docker <!--Start docker-->
[root@centos01 ~]# systemctl enable docker <!--Set docker to start automatically at boot-->
[root@centos01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf <!--Enable routing function-->
[root@centos01 ~]# sysctl -p <!--Refresh configuration-->
net.ipv4.ip_forward = 1
[root@centos01 ~]# docker pull hub.c.163.com/public/centos:7.2-tools <!--Download the image-->
[root@centos01 ~]# docker images <!--View the image-->
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.c.163.com/public/centos 7.2-tools 4a4618db62b9 3 years ago 515 MB
[root@centos01 ~]# docker run -d --net=bridge --name centos7.201 hub.c.163.com/public/centos:7.2-tools  
      <!--Configure the created container bridge network communication, the container accesses the Internet using -->
b308fb5c097fd455073f2f4a280d2660e6943fe1a62d6409e8ebcd3b86469438
[root@centos01 ~]# docker ps <!--View the running container-->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b308fb5c097f hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 20 seconds ago Up 19 seconds 22/tcp centos7.201
[root@centos01 ~]# ifconfig <!--View the IP address information of the Docker host -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
[root@centos01 ~]# docker exec -it centos7.201 /bin/bash <!--Log in to the centos7.201 container-->
[root@b308fb5c097f /]# ifconfig <!--View IP address-->
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
[root@b308fb5c097f /]# ping www.baidu.com <!--centos7.201 container ping public network test-->
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18: icmp_seq=1 ttl=50 time=18.4 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=50 time=18.3 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=50 time=16.9 ms
[root@b308fb5c097f /]# ping 192.168.100.10 <!--Ping host IP test-->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.043 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.086 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.150 ms

4. Configure the none network communication mode

[root@centos01 ~]# docker run -d --net=none --name centos7.202 hub.c.163.com/public/centos:7.2-tools  
      <!--Configure docker container does not need to connect to the network, the container cannot communicate-->
e2c4837d67818e7ef4d7cedf964db21d98cabb594d12091d7f69da4e8fb3f30f
[root@centos01 ~]# docker ps <!--View the running container-->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e2c4837d6781 hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 57 seconds ago Up 56 seconds centos7.202
b308fb5c097f hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 7 minutes ago Up 7 minutes 22/tcp centos7.201
[root@centos01 ~]# docker exec -it centos7.202 /bin/bash <!--Log in to the centos7.202 container-->
[root@e2c4837d6781 /]# ifconfig <!--View IP address-->
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
[root@e2c4837d6781 /]# ping www.baidu.com <!--Ping the public network is not accessible-->
ping: unknown host www.baidu.com
[root@e2c4837d6781 /]# 
[root@e2c4837d6781 /]# ping 192.168.100.10 <!--Ping the host IP address is not accessible-->
connect: Network is unreachable

5. Configure host network communication mode

[root@centos01 ~]# docker run -d --net=host --name centos7.203 -v /data1 hub.c.163.com/public/centos:7.2-tools  
    <!--Configure the running container and host network to keep in sync-->
2911358be486720c4ee93c8de22cd77301236f48c5baf22ea63bb3c54450032e
[root@centos01 ~]# ls /var/lib/docker/volumes/ <!--View the created data volume-->
dc755f3b6036f167471435629918d06264e1c2c6a8b175426fa80da36143a87e metadata.db
[root@centos01 ~]# docker ps <!--View the running container-->
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2911358be486 hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" About a minute ago Up About a minute centos7.203
e2c4837d6781 hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 15 minutes ago Up 15 minutes centos7.202
b308fb5c097f hub.c.163.com/public/centos:7.2-tools "/usr/bin/supervisord" 21 minutes ago Up 21 minutes 22/tcp centos7.201
[root@centos01 ~]# docker exec -it centos7.203 /bin/bash <!--Log in to the centos7.203 container-->
[root@centos01 /]# ifconfig <!--View IP address-->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.0.126 netmask 255.255.255.0 broadcast 192.168.0.255

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0

vethc39178a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::7c4b:a6ff:fe1c:a37f prefixlen 64 scopeid 0x20<link>

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
[root@centos01 ~]# docker exec -it centos7.203 /bin/bash <!--Log in to the centos7.203 container-->
[root@centos01 /]# ping www.baidu.com <!--Ping public network test-->
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14: icmp_seq=1 ttl=51 time=20.0 ms
64 bytes from 39.156.66.14: icmp_seq=2 ttl=51 time=19.1 ms
64 bytes from 39.156.66.14: icmp_seq=3 ttl=51 time=15.9 ms
[root@centos01 /]# ping 192.168.100.10 <!--Ping host IP address test-->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.030 ms
     <!---Centos7.203 container installs Nginx-->
[root@centos01 ~]# cp /mnt/nginx-1.6.0.tar.gz ./ <!--Copy Nginx compressed package-->
[root@centos01 ~]# ls 
anaconda-ks.cfg initial-setup-ks.cfg nginx-1.6.0.tar.gz
[root@centos01 ~]# cp nginx-1.6.0.tar.gz /var/lib/docker/volumes/dc755f3b6036f167471435629918d06264e1c2c6a8b175426fa80da36143a87e/_data/ 
    <!--Share the Nginx compressed package to the centos7.203 container through the data volume-->
[root@centos01 ~]# docker exec -it centos7.203 /bin/bash <!--Log in to the centos7.203 container-->
[root@centos01 /]# ls
anaconda-post.log bin data1 dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@centos01 /]# cd data1/ <!--View the data shared by the host -->
[root@centos01 data1]# ls  
nginx-1.6.0.tar.gz
[root@centos01 /]# yum -y install pcre-devel zlib-devel <!--Install Nginx dependent programs-->
[root@centos01 /]# useradd -M -s /sbin/nologin nginx <!--Create and manage Nginx users-->
[root@centos01 /]# tar zxvf /data1/nginx-1.6.0.tar.gz -C /usr/src/ <!--Unzip the Nginx package-->
[root@centos01 /]#yum -y install gcc pcre-devel zlib-devel make <!--Install dependencies first-->
[root@centos01 /]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_stub_status_module && make && make install  
        <!--Configure Nginx and compile and install nginx-->
[root@centos01 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ <!--Optimize Nginx execution command-->
[root@centos01 nginx-1.6.0]# echo "www.docker.nginx.com" > /usr/local/nginx/html/index.html      
           <!--Modify the content of the Nginx website homepage-->
[root@centos01 nginx-1.6.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
     <!--Start Nginx service in centos7.203 container-->
[root@centos01 nginx-1.6.0]# netstat -anptu | grep nginx <!--Listen to the Nginx service port number to see if it is running-->
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6268/nginx: master 
[root@centos01 ~]# curl http://192.168.100.10 <!--Docker host accesses nginx in centos7.203 container-->
www.docker.nginx.com
[root@centos01 nginx-1.6.0]# cat /usr/local/nginx/logs/access.log  
     <!--View the log of successful access to Nginx in the centos7.203 container-->
192.168.100.10 - - [12/May/2020:21:42:47 +0800] "GET / HTTP/1.1" 200 21 "-" "curl/7.29.0"

6. Configure docker0 network card parameters

[root@centos01 ~]# ifconfig <!--View the IP address of the docker host -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
[root@centos01 ~]# systemctl stop docker <!--Stop docker service-->
[root@centos01 ~]# ip link set dev docker0 down <!--Stop docker0 bridge-->
[root@centos01 ~]# brctl delbr docker0 <!--Delete the system's default docker0 bridge-->
[root@centos01 ~]# brctl addbr docker0 <!--Create a new bridge named docker0-->
[root@centos01 ~]# ip addr add 192.168.20.1/24 dev dokcer0 <!-- New bridge docker0 configuration IP address -->
[root@centos01 ~]# ip link set dev docker0 up <!--Start a new docker0 bridge-->
[root@centos01 ~]# vim /etc/docker/daemon.json  
    <!--Modify the docker configuration file to load the new bridge docker0-->
{"registry-mirrors":["https://6kx4zyno.mirror.aliyuncs.com"]}
{"bip":"192.168.20.1/24"} <!--Add this line-->
[root@centos01 ~]# systemctl start docker <!--Start docker service-->
[root@centos01 ~]# ifconfig <!--View detailed IP information of docker host -->
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.20.1 netmask 255.255.255.0 broadcast 0.0.0.0
[root@centos01 ~]# docker run -it -d --name centos7.2v1 hub.c.163.com/public/centos:7.2-tools <!--Create a container to run in the background-->
d0b5392e60cef37f3c44d79a9fb73916720cfc44faa7b73862bee05fb2d6ce7b
[root@centos01 ~]# docker exec -it centos7.2v1 /bin/bash <!--Log in to the centos7.2v1 container-->
[root@d0b5392e60ce /]# ifconfig <!--View IP address details-->
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.20.2 netmask 255.255.255.0 broadcast 0.0.0.0

2. Docker network isolation

1. Docker network isolation principle

You need to manage and create network space names; load different containers into different network space names to achieve isolation; network isolation is not configured by default, and the docker0 network space name is assigned to the container by default.

2. Network space name type that comes with the Docker container

bridge: The container is bridged to the docker0 bridge;
host: The container synchronizes the network configuration information of the Docker host;
none: Do not create a network, and the Docker container does not need to configure TCP/IP information;

3. Configure Docker network namespace isolation

[root@centos01 ~]# docker network ls <!--View the default network namespace of docker-->
NETWORK ID NAME DRIVER SCOPE
8bb953004416 bridge bridge local
2c18234cad82 host host local
67860e823c36 none null local
[root@centos01 ~]# docker network create -d bridge liyanxin <!--Create a network namespace-->
0c69de4672ec173dc4c60b19e0bf93b361f45a804859f7bc2105d85ca83b1169
[root@centos01 ~]# docker network create -d bridge gongsunli <!--Create a network namespace-->
35687468c9034262173a96e9c23e045cbb8b7ffa6648fc84e015504740815001
[root@centos01 ~]# ifconfig <!--View the Docker host network card information-->
br-0c69de4672ec: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0

br-35687468c903: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
[root@centos01 ~]# docker run -it -d --name centos6.701 --network=liyanxin hub.c.163.com/public/centos:6.7-tools  
     <!--Create a running container and add it to the liyanxin network namespace for isolation-->
b85a2d8419a98756369ddc3b78247d3d42c178e8e563a936fe973f2f6611f951
[root@centos01 ~]# docker exec -it centos6.701 /bin/bash <!--Log in to the centos6.701 container-->
[root@b85a2d8419a9 /]# ifconfig <!--View IP address-->
eth0 Link encap:Ethernet HWaddr 02:42:AC:12:00:02 
     inet addr:172.18.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
[root@centos01 ~]# docker run -it -d --name centos6.702 --network=gongsunli hub.c.163.com/public/centos:6.7-tools  
   <!--Create a running container and add it to the gongsunli network namespace for isolation-->
9af0fb7b85af3270f3c7c44b62438f436b22289ac0a7604d6ed522604b7b185f
[root@centos01 ~]# docker exec -it centos6.702 /bin/bash <!--Log in to the centos6.702 container-->
[root@9af0fb7b85af /]# ifconfig <!--View IP address-->
eth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:02 
     inet addr:172.19.0.2 Bcast:0.0.0.0 Mask:255.255.0.0

3. Configure a bridge to achieve network isolation

1. Configure the bridge to achieve network isolation

Implement container communication between Docker hosts and other containers.

2. Configure the bridge to implement the network isolation principle <br /> Bridge the physical network card to the created bridge network card; configure the IP address for the bridge network card; create a container to load the bridge network card to implement; Docker host containers communicate across Docker host containers; administrators manage Docker hosts remotely through the bridge network card

3. Configure docker bridge to achieve network isolation

[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32 
     <!--Modify the docker host physical network card to bridge to the bridge network card br0-->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0 <!--Add this line-->
[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-br0  
     <!--Create and generate br0 bridge-->
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0 <!--Edit br0 network card configuration file-->
TYPE=Bridge <!--Modify this line-->
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=br0 <!--Change the name-->
DEVICE=br0 <!--Change the name-->
ONBOOT=yes
IPADDR=192.168.100.10 <!--Add the host IP address-->
NETMASK=255.255.255.0 
[root@centos01 ~]# systemctl restart network <!--Restart the docker host network card service-->
[root@centos01 ~]# ifconfig <!--View the Docker host network card information-->
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255

br-0c69de4672ec: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0

br-35687468c903: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    ether 00:0c:29:18:d3:26 txqueuelen 1000 (Ethernet)

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::4ad2:dd37:4341:5d8e prefixlen 64 scopeid 0x20<link>

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0

veth7b0bb5f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::ccd3:86ff:fee6:5725 prefixlen 64 scopeid 0x20<link>

veth7e0f471: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::684c:fdff:fe13:b436 prefixlen 64 scopeid 0x20<link>

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
[root@centos01 ~]# yum -y install git <!--Install git on the docker host-->
[root@centos01 ~]# git clone https://github.com/jpetazzo/pipework
      <!--Download the docker container network management tool pipework-->
[root@centos01 ~]# cp pipework/pipework /usr/local/bin/ <!--Optimize management commands-->
[root@centos01 ~]# chmod +x /usr/local/bin/pipework <!--Add execution permission-->
[root@centos01 ~]# docker run -d --name centos6.703 --network=none hub.c.163.com/public/centos:6.7-tools  
       <!--Run the container through the image-->
adea0ad48bdde947ec595382d96cba06eb6522ec046e9b3c7bfcb1edb5c84545
[root@centos01 ~]# pipework br0 centos6.703 192.168.100.101/24  
          <!--Configure IP address for centos6.703 container-->
[root@centos01 ~]# docker exec -it centos6.703 /bin/bash <!--Log in to the centos6.703 container-->
[root@adea0ad48bdd /]# ifconfig <!--View IP address-->
eth1 Link encap:Ethernet HWaddr FA:3A:9D:ED:C0:FF 
     inet addr:192.168.100.101 Bcast:192.168.100.255 Mask:255.255.255.0
[root@adea0ad48bdd /]# ping 192.168.100.10
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.097 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.039 ms

4. Configure Docker host container and Docker host container communication

[root@centos02 ~]# ping www.baidu.com <!--Open a new server, connect to the public network, and install docker-->
PING www.a.shifen.com (39.156.66.18) 56(84) bytes of data.
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=1 ttl=51 time=19.5 ms
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=2 ttl=51 time=17.3 ms
64 bytes from 39.156.66.18 (39.156.66.18): icmp_seq=3 ttl=51 time=18.1 ms
[root@centos02 ~]# cd /etc/yum.repos.d/
[root@centos02 yum.repos.d]# ls
local.repo
[root@centos02 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 
    <!--Download centos7 source-->
[root@centos02 ~]# yum install docker -y <!--Install docker-->
[root@centos02 ~]# systemctl start docker <!--Start docker-->
[root@centos02 ~]# systemctl enable docker <!--Set automatic startup-->
[root@centos02 ~]# docker pull hub.c.163.com/public/centos:6.7-tools <!--Download the image-->
[root@centos02 ~]# docker images <!--View the image-->
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.c.163.com/public/centos 6.7-tools b2ab0ed558bb 3 years ago 602 MB
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32  
       <!--Modify the Docker host network card configuration information to bridge to the br0 network card-->
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=ens32
DEVICE=ens32
ONBOOT=yes
BRIDGE=br0 <!--Add this line-->
[root@centos02 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-br0 <!--Create and generate br0 bridge-->
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-br0 <!--Edit br0 network card configuration file-->
TYPE=Bridge <!--Change to Bridge-->
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
NAME=br0 <!--Change the name-->
DEVICE=br0 <!--Change to br0-->
ONBOOT=yes
IPADDR=192.168.100.20 <!--Add the host IP address-->
NETMASK=255.255.255.0
[root@centos02 ~]# systemctl restart network <!--Restart the docker host network card service-->
[root@centos02 ~]# ifconfig <!--View the Docker host network card information-->
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.100.20 netmask 255.255.255.0 broadcast 192.168.100.255

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    ether 00:0c:29:97:5c:9f txqueuelen 1000 (Ethernet)

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.0.104 netmask 255.255.255.0 broadcast 192.168.0.255

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
    inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
[root@centos02 ~]# yum -y install git <!--Install git-->
[root@centos02 ~]# git clone https://github.com/jpetazzo/pipework  
     <!--Download the docker container network management tool pipework-->
[root@centos02 ~]# cp pipework/pipework /usr/local/bin/ <!--Optimize management commands-->
[root@centos02 ~]# chmod +x /usr/local/bin/pipework <!--Add execution permission-->
[root@centos02 ~]# docker run -d --name centos6.7 --network=none hub.c.163.com/public/centos:6.7-tools <!--Run the container by -->
abec0a6bd3822a2fd702dc44d1cf3043648aadd1a661e577c23701e30ee9df7a
[root@centos02 ~]# pipework br0 centos6.7 192.168.100.102/24  
     <!--Configure IP address for centos6.7 container-->
[root@centos02 ~]# docker exec -it centos6.7 /bin/bash <!--Log in to the centos6.7 container-->
[root@abec0a6bd382 /]# ifconfig <!--View IP address-->
eth1 Link encap:Ethernet HWaddr EE:01:B7:99:90:1C 
     inet addr:192.168.100.102 Bcast:192.168.100.255 Mask:255.255.255.0
[root@abec0a6bd382 /]# ping 192.168.100.101 <!---->
PING 192.168.100.101 (192.168.100.101) 56(84) bytes of data.
64 bytes from 192.168.100.101: icmp_seq=1 ttl=64 time=0.660 ms
64 bytes from 192.168.100.101: icmp_seq=2 ttl=64 time=0.865 ms
64 bytes from 192.168.100.101: icmp_seq=3 ttl=64 time=0.382 ms
[root@abec0a6bd382 /]# ping 192.168.100.10 <!---->
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.632 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.732 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.796 ms
[root@abec0a6bd382 /]# ping 192.168.100.20 <!---->
PING 192.168.100.20 (192.168.100.20) 56(84) bytes of data.
64 bytes from 192.168.100.20: icmp_seq=1 ttl=64 time=0.144 ms
64 bytes from 192.168.100.20: icmp_seq=2 ttl=64 time=0.094 ms
64 bytes from 192.168.100.20: icmp_seq=3 ttl=64 time=0.043 ms

This concludes this article on network management and network isolation implementation for Docker containers. For more information about Docker network management and network isolation, please search previous articles on 123WORDPRESS.COM or continue browsing the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Docker and iptables and implementation of bridge mode network isolation and communication operations
How to isolate users in docker containers
How to use Docker to limit container resources
Docker Modify Docker storage location Modify container image size limit operation
Implementation of Docker CPU Limit
How Docker limits the CPU available to containers
How to limit the memory available to a container in Docker
Introduction to Docker Isolation and Restriction Principles

<<: mysql 8.0.19 win10 quick installation tutorial

>>: Using group by in MySQL always results in error 1055 (recommended)