tags: Study Circle Note, Docker in Action 2ed

Docker in Action 2ed 第四次 2021-07-24 - Ch5

討論

• overlay/underly 是不是剛好講相反

  • underlay

  you can use underlay networks provided by the macvlan or ipvlan network drivers.

  • overlay

  The overlay network driver is available on Docker engines where swarm mode is enabled.

• joined containers 是不是類似 host 模式到另一個 container 中？

  • 有點不太一樣，joined container 是讓 container 共用同一個 network namespace
  • host mode 是讓 container 跟 host 使用同一個 namespace

• 推薦好文：

  在 Linux 上目前其實也支援了非常多類型種類的 Virtual network interface https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking [name=Jerry Wang

• 為何 /etc/resolv.conf 會是 127.0.0.11 ?

  Docker 篡改的，程式碼似乎在這，詳細過程說明

補充 Lab

1. Install docker[1] with Ubuntu 20.04 server. Here is the docker version.

   ​​​​$ docker version
   ​​​​Client: Docker Engine - Community
   ​​​​Version:           20.10.7
   ​​​​API version:       1.41
   ​​​​Go version:        go1.13.15
   ​​​​Git commit:        f0df350
   ​​​​Built:             Wed Jun  2 11:56:38 2021
   ​​​​OS/Arch:           linux/amd64
   ​​​​Context:           default
   ​​​​Experimental:      true
   
   ​​​​Server: Docker Engine - Community
   ​​​​Engine:
   ​​​​Version:          20.10.7
   ​​​​API version:      1.41 (minimum version 1.12)
   ​​​​Go version:       go1.13.15
   ​​​​Git commit:       b0f5bc3
   ​​​​Built:            Wed Jun  2 11:54:50 2021
   ​​​​OS/Arch:          linux/amd64
   ​​​​Experimental:     false
   ​​​​containerd:
   ​​​​Version:          1.4.8
   ​​​​GitCommit:        7eba5930496d9bbe375fdf71603e610ad737d2b2
   ​​​​runc:
   ​​​​Version:          1.0.0
   ​​​​GitCommit:        v1.0.0-0-g84113ee
   ​​​​docker-init:
   ​​​​Version:          0.19.0
   ​​​​GitCommit:        de40ad0
   

2. Run a Nginx container.

   ​​​​$ docker run -d \
   ​​​​--name nginx\
   ​​​​-p 8080:80\
   ​​​​nginx
   

   ​​​​$ docker ps
   ​​​​CONTAINER ID   IMAGE     COMMAND                  CREATED              STATUS              PORTS                                   NAMES
   ​​​​4810764994ea   nginx     "/docker-entrypoint.…"   About a minute ago   Up About a minute   0.0.0.0:8080->80/tcp, :::8080->80/tcp   nginx
   
   ​​​​$ docker inspect 4810764994ea | grep "IPAddress"
   ​​​​            "SecondaryIPAddresses": null,
   ​​​​            "IPAddress": "172.17.0.2",
   ​​​​                    "IPAddress": "172.17.0.2",
   

   ​​​​$ ip a
   ​​​​1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   ​​​​    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   ​​​​    inet 127.0.0.1/8 scope host lo
   ​​​​    valid_lft forever preferred_lft forever
   ​​​​    inet6 ::1/128 scope host
   ​​​​    valid_lft forever preferred_lft forever
   ​​​​2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000
   ​​​​    link/ether 06:6d:9c:00:30:cf brd ff:ff:ff:ff:ff:ff
   ​​​​    inet 172.31.21.51/20 brd 172.31.31.255 scope global dynamic eth0
   ​​​​    valid_lft 3195sec preferred_lft 3195sec
   ​​​​    inet6 fe80::46d:9cff:fe00:30cf/64 scope link
   ​​​​    valid_lft forever preferred_lft forever
   ​​​​3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
   ​​​​    link/ether 02:42:fa:a5:24:4c brd ff:ff:ff:ff:ff:ff
   ​​​​    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
   ​​​​    valid_lft forever preferred_lft forever
   ​​​​    inet6 fe80::42:faff:fea5:244c/64 scope link
   ​​​​    valid_lft forever preferred_lft forever
   ​​​​5: vethaba889b@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
   ​​​​    link/ether a2:5f:fc:b2:f5:11 brd ff:ff:ff:ff:ff:ff link-netnsid 0
   ​​​​    inet6 fe80::a05f:fcff:feb2:f511/64 scope link
   ​​​​    valid_lft forever preferred_lft forever
   

3. Capture the packets on the sever side, which is running Nginx container.

   ​​​​$ sudo tcpdump -i any -w lab-nginx.pcap
   ​​​​tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
   ​​​​^C139 packets captured
   ​​​​142 packets received by filter
   ​​​​0 packets dropped by kernel
   

4. On client side 34.243.235.127(eth0: 172.31.15.47), request HTTP via curl command 3 times.

   sever and client are in the same subnet(VPC). 34.243.235.127(eth0: 172.31.15.47) <-> server 54.155.144.125(eth0: 172.31.21.51)

   ​​​​$ curl 54.155.144.125:8080
   

If you want to analyze the pcap file, pleaes download the file.

References:

1. https://docs.docker.com/engine/install/ubuntu/