docker 主机和容器中的网络设置使用用户定义的桥接网络,其中从主机到容器的 ping 失败
Network setting in docker host and container using user defined bridge network, where ping fails from host to container
我必须创建 IP 为 192.168.31.11 的容器。因此,我使用了用户定义的桥接网络并将 mynet 创建为:
docker network create \
--driver=bridge \
--subnet=192.168.31.0/24 \
--ip-range=192.168.31.0/24 \
--gateway=192.168.31.1 \
mynet
现在,使用命令
docker run --network mynet --name ca1 --ip 192.168.31.11 -itd -p 8002:80 -v $PWD:/build sc5
我已经创建了容器。
docker 主机现在有以下 ifconfig:
br-426eea85deb3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.31.1 netmask 255.255.255.0 **broadcast 192.168.31.255**
inet6 fe80::42:cfff:fe3e:d01b prefixlen 64 scopeid 0x20<link>
ether 02:42:cf:3e:d0:1b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 586 (586.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 metric 1
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:58:0e:02:97 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.31.101 netmask 255.255.255.0 **broadcast 192.168.31.255**
inet6 fe80::202:6bff:fe21:463c prefixlen 64 scopeid 0x20<link>
ether 00:02:6b:21:46:3c txqueuelen 1000 (Ethernet)
RX packets 16 bytes 1440 (1.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65 bytes 3216 (3.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xdf000000-df01ffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 509 bytes 37544 (36.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 509 bytes 37544 (36.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethda02539: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet6 fe80::f072:a4ff:fe51:18bb prefixlen 64 scopeid 0x20<link>
ether f2:72:a4:51:18:bb txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1172 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
但是,当我从主机到容器 ping 容器时,ping 失败了!!
但是当我使用/etc/sysconfig/network更改docker主机网络设置时,主机IP来自192.168.31.101 到 192.168.11.101。从主机到容器的 ping 成功!!.
我无法理解在第一种情况下是什么阻止了 ping 成功!?。
我已经在 ubuntu 机器上尝试了相同的方法,方法是使用与主机和容器 br-xxxx 广播相同的广播 xx.xx.xx.xx 创建 mynet。在这台 Ubuntu 机器上 ping 成功!!
ubuntu个案详情如下:
ifconfig:
br-7b1ed572fe95: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.2 netmask 255.255.255.0 **broadcast 10.0.2.255**
inet6 fe80::42:bff:fe9d:d6eb prefixlen 64 scopeid 0x20<link>
ether 02:42:0b:9d:d6:eb txqueuelen 0 (Ethernet)
RX packets 97 bytes 12767 (12.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61 bytes 6739 (6.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:11:f0:da:29 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 **broadcast 10.0.2.255**
inet6 fe80::365a:ddd:b83c:4abe prefixlen 64 scopeid 0x20<link>
ether 08:00:27:82:79:c2 txqueuelen 1000 (Ethernet)
RX packets 14188 bytes 15705468 (15.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3415 bytes 264989 (264.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1727 bytes 141367 (141.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1727 bytes 141367 (141.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth11ef32e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b014:feff:feaa:cea3 prefixlen 64 scopeid 0x20<link>
ether b2:14:fe:aa:ce:a3 txqueuelen 0 (Ethernet)
RX packets 97 bytes 14125 (14.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 87 bytes 9899 (9.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我很困惑,不知道为什么 ping 在 192.xx.xx.xx 的情况下失败,而在 Windows VM 上的 Ubuntu 的情况下成功?
我是否遗漏了 docker 主机的某些内容?
任何帮助或指导将不胜感激。请让我知道是否需要更多信息或详细信息来进一步理解相同的建议。
谢谢,
我已经彻底检查过了,VM 已经管理了具有相同目标地址以及 enpxsx 和 br-xxx 的路由。
但是在我的硬件上,当路由中有相同的目标地址时,路由会发生冲突。
路由命令详情:
$route -vn
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.31.31 0.0.0.0 UG 100 0 0 enp0s3
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 br-7b1ed572fe95
192.168.31.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
因此,enp0s3 和 br-xxxx 也有 192.168.31.0 目的地。哪个阻塞了路由!!为了验证这一点,我使用 192.168.11.x 设置创建了另一个用户定义的桥接网络,它按预期工作。
因此,主机和容器正在尝试使用 Iface ethX 和 br-xxxx 与目标地址 192.168.31.0 相同的硬件类型以太网。
不太可能使这个容器与 ip 192.168.31.11 一起工作。 (或者需要更改主机ip 192.168.11.X)
或者有什么我可以做的事情吗,在主机和容器上使用相同的 192.168.31.x ip 和 192.168.31.x?
我必须创建 IP 为 192.168.31.11 的容器。因此,我使用了用户定义的桥接网络并将 mynet 创建为:
docker network create \
--driver=bridge \
--subnet=192.168.31.0/24 \
--ip-range=192.168.31.0/24 \
--gateway=192.168.31.1 \
mynet
现在,使用命令
docker run --network mynet --name ca1 --ip 192.168.31.11 -itd -p 8002:80 -v $PWD:/build sc5
我已经创建了容器。 docker 主机现在有以下 ifconfig:
br-426eea85deb3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.31.1 netmask 255.255.255.0 **broadcast 192.168.31.255**
inet6 fe80::42:cfff:fe3e:d01b prefixlen 64 scopeid 0x20<link>
ether 02:42:cf:3e:d0:1b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 586 (586.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 metric 1
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:58:0e:02:97 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.31.101 netmask 255.255.255.0 **broadcast 192.168.31.255**
inet6 fe80::202:6bff:fe21:463c prefixlen 64 scopeid 0x20<link>
ether 00:02:6b:21:46:3c txqueuelen 1000 (Ethernet)
RX packets 16 bytes 1440 (1.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65 bytes 3216 (3.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xdf000000-df01ffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 509 bytes 37544 (36.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 509 bytes 37544 (36.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethda02539: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet6 fe80::f072:a4ff:fe51:18bb prefixlen 64 scopeid 0x20<link>
ether f2:72:a4:51:18:bb txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1172 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
但是,当我从主机到容器 ping 容器时,ping 失败了!!
但是当我使用/etc/sysconfig/network更改docker主机网络设置时,主机IP来自192.168.31.101 到 192.168.11.101。从主机到容器的 ping 成功!!.
我无法理解在第一种情况下是什么阻止了 ping 成功!?。
我已经在 ubuntu 机器上尝试了相同的方法,方法是使用与主机和容器 br-xxxx 广播相同的广播 xx.xx.xx.xx 创建 mynet。在这台 Ubuntu 机器上 ping 成功!!
ubuntu个案详情如下:
ifconfig:
br-7b1ed572fe95: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.2 netmask 255.255.255.0 **broadcast 10.0.2.255**
inet6 fe80::42:bff:fe9d:d6eb prefixlen 64 scopeid 0x20<link>
ether 02:42:0b:9d:d6:eb txqueuelen 0 (Ethernet)
RX packets 97 bytes 12767 (12.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61 bytes 6739 (6.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:11:f0:da:29 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 **broadcast 10.0.2.255**
inet6 fe80::365a:ddd:b83c:4abe prefixlen 64 scopeid 0x20<link>
ether 08:00:27:82:79:c2 txqueuelen 1000 (Ethernet)
RX packets 14188 bytes 15705468 (15.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3415 bytes 264989 (264.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1727 bytes 141367 (141.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1727 bytes 141367 (141.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth11ef32e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b014:feff:feaa:cea3 prefixlen 64 scopeid 0x20<link>
ether b2:14:fe:aa:ce:a3 txqueuelen 0 (Ethernet)
RX packets 97 bytes 14125 (14.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 87 bytes 9899 (9.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我很困惑,不知道为什么 ping 在 192.xx.xx.xx 的情况下失败,而在 Windows VM 上的 Ubuntu 的情况下成功?
我是否遗漏了 docker 主机的某些内容?
任何帮助或指导将不胜感激。请让我知道是否需要更多信息或详细信息来进一步理解相同的建议。 谢谢,
我已经彻底检查过了,VM 已经管理了具有相同目标地址以及 enpxsx 和 br-xxx 的路由。 但是在我的硬件上,当路由中有相同的目标地址时,路由会发生冲突。
路由命令详情:
$route -vn
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.31.31 0.0.0.0 UG 100 0 0 enp0s3
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 br-7b1ed572fe95
192.168.31.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
因此,enp0s3 和 br-xxxx 也有 192.168.31.0 目的地。哪个阻塞了路由!!为了验证这一点,我使用 192.168.11.x 设置创建了另一个用户定义的桥接网络,它按预期工作。 因此,主机和容器正在尝试使用 Iface ethX 和 br-xxxx 与目标地址 192.168.31.0 相同的硬件类型以太网。 不太可能使这个容器与 ip 192.168.31.11 一起工作。 (或者需要更改主机ip 192.168.11.X)
或者有什么我可以做的事情吗,在主机和容器上使用相同的 192.168.31.x ip 和 192.168.31.x?