问题描述
我正在尝试了解连接到主机的电线的网络数据包,并指向Docker容器内的应用程序。
I'm trying to understand what's happening under the hood to a network packet coming from the wire connected to the host machine and directed to an application inside a Docker container.
如果它是一个经典的VM,我知道到达主机的数据包将由虚拟机管理程序(例如VMware,VBox等)传输到虚拟机的虚拟NIC,并从那里通过TCP / IP协议栈客户操作系统,终于到达了应用程序。
If it were a classic VM, I know that a packet arriving on the host would be transmitted by the hypervisor (say VMware, VBox etc.) to the virtual NIC of the VM and from there through the TCP/IP stack of the guest OS, finally reaching the application.
在Docker的情况下,我知道主机上的数据包是从主机的网络接口转发到 docker0 bridge,它连接到以虚拟接口结尾的 veth 对 eth0 在容器内。但之后呢由于所有Docker容器都使用主机内核,假定分组由主机内核的TCP / IP堆栈处理是否正确?如果是这样,那么如何?
In the case of Docker, I know that a packet coming on the host machine is forwarded form the network interface of the host to the docker0 bridge, that is connected to a veth pair ending on the virtual interface eth0 inside the container. But after that? Since all Docker containers use the host kernel, is it correct to presume that the packet is processed by the TCP/IP stack of the host kernel? If so, how?
我真的很想阅读一个详细的说明(或者如果你知道一个资源可以自由链接)什么事情真的发生在引擎盖下。我已经仔细阅读了页面,但并没有说出一切
I would really like to read a detailed explanation (or if you know a resource feel free to link it) about what's really happening under the hood. I already carefully read this page, but it doesn't say everything.
提前感谢您的回复。
推荐答案
网络堆栈,如代码一样,绝对不在容器中,它在内核中只有一个由主机和所有容器共享(您已经知道了这一点)。每个容器都有自己的独立网络命名空间,这意味着它有自己的网络接口和路由表。
The network stack, as in "the code", is definitely not in the container, it's in the kernel of which there's only one shared by the host and all containers (you already knew this). What each container has is its own separate network namespace, which means it has its own network interfaces and routing tables.
这是一个简短的文章介绍有一些例子的概念:
我发现这篇文章也有帮助:
Here's a brief article introducing the notion with some examples: http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/and I found this article helpful too:http://containerops.org/2013/11/19/lxc-networking/
我希望这给你足够的指点,深入挖掘。
I hope this gives you enough pointers to dig deeper.
这篇关于docker容器有自己的TCP / IP协议栈吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!