Container network: free days, don't buy an apartment and rent it together

How to integrate physical network into container network ？

Understand the technology behind the container , So let's see , How does the container network integrate into the physical network ？ If you use docker run Run a container , You should see such a topology .

Is it similar to virtual machine ？ There is a network card in the container , There is a network card outside the container , The network card outside the container is connected to docker0 bridge , Through this bridge , Containers directly implement mutual access . 

If you use brctl see docker0 bridge , You will find that it is connected with some network cards .

Is the network card connecting the container and the bridge the same as the virtual machine ？ In the virtual machine scenario , There is a virtualization software , adopt TUN/TAP The device virtualizes a network card to the virtual machine , But there is no virtualization software in the container scenario , What should I do ？

stay Linux Next , You can create a pair of veth pair Network card of , Send packets from one side , The other side will receive .

We first create such a pair through this command .

ip link add name veth1 mtu 1500 type veth peer name veth2 mtu 1500

  One side can hit docker0 On the bridge .

ip link set veth1 master testbr    
ip link set veth1 up

How to put the other end into the container ？ The startup of a container will correspond to one namespace, We need to find this first namespace. about docker Speaking of ,pid Namely namespace Name , You can get it from this command .

docker inspect '--format={
   { .State.Pid }}' test

Assume the result is 12065, This is namespace name .

Default Docker Network created namespace Not in the default path ,ip netns Out of sight , So we need to ln Soft link . After linking , We can go through ip netns The command operates .

rm -f /var/run/netns/12065    
ln -s /proc/12065/ns/net /var/run/netns/12065

  then , We can put the other end veth2 Plug into the namespace Inside .

ip link set veth2 netns 12065

then , Rename the network card in the container .

ip netns exec 12065 ip link set veth2 name eth0

  then , Set the network card in the container ip Address .

ip netns exec 12065 ip addr add 172.17.0.2/16 dev eth0    
ip netns exec 12065 ip link set eth0 up

There is no problem with the mutual access of containers inside a machine , How to access the Internet ？