亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

directory search
Compose About versions and upgrading (Compose) ASP.NET Core + SQL Server on Linux (Compose) CLI environment variables (Compose) Command-line completion (Compose) Compose(組成) Compose command-line reference(組合命令行參考) Control startup order (Compose) Django and PostgreSQL (Compose) Docker stacks and distributed application bundles (Compose) docker-compose build(docker-compose構(gòu)建) docker-compose bundle docker-compose config docker-compose create docker-compose down docker-compose events docker-compose exec docker-compose help docker-compose images docker-compose kill docker-compose logs docker-compose pause docker-compose port docker-compose ps docker-compose pull docker-compose push docker-compose restart docker-compose rm docker-compose run docker-compose scale docker-compose start docker-compose stop docker-compose top docker-compose unpause docker-compose up Environment file (Compose) Environment variables in Compose Extend services in Compose Frequently asked questions (Compose) Getting started (Compose) Install Compose Link environment variables (deprecated) (Compose) Networking in Compose Overview of Docker Compose Overview of docker-compose CLI Quickstart: Compose and WordPress Rails and PostgreSQL (Compose) Sample apps with Compose Using Compose in production Using Compose with Swarm Engine .NET Core application (Engine) About images, containers, and storage drivers (Engine) Add nodes to the swarm (Engine) Apply custom metadata (Engine) Apply rolling updates (Engine) apt-cacher-ng Best practices for writing Dockerfiles (Engine) Binaries (Engine) Bind container ports to the host (Engine) Breaking changes (Engine) Build your own bridge (Engine) Configure container DNS (Engine) Configure container DNS in user-defined networks (Engine) CouchDB (Engine) Create a base image (Engine) Create a swarm (Engine) Customize the docker0 bridge (Engine) Debian (Engine) Default bridge network Delete the service (Engine) Deploy a service (Engine) Deploy services to a swarm (Engine) Deprecated Engine features Docker container networking (Engine) Docker overview (Engine) Docker run reference (Engine) Dockerfile reference (Engine) Dockerize an application Drain a node (Engine) Engine FAQ (Engine) Fedora (Engine) Get started (Engine) Get started with macvlan network driver (Engine) Get started with multi-host networking (Engine) How nodes work (Engine) How services work (Engine) Image management (Engine) Inspect the service (Engine) Install Docker (Engine) IPv6 with Docker (Engine) Join nodes to a swarm (Engine) Legacy container links (Engine) Lock your swarm (Engine) Manage nodes in a swarm (Engine) Manage sensitive data with Docker secrets (Engine) Manage swarm security with PKI (Engine) Manage swarm service networks (Engine) Migrate to Engine 1.10 Optional Linux post-installation steps (Engine) Overview (Engine) PostgreSQL (Engine) Raft consensus in swarm mode (Engine) Riak (Engine) Run Docker Engine in swarm mode Scale the service (Engine) SDKs (Engine) Select a storage driver (Engine) Set up for the tutorial (Engine) SSHd (Engine) Storage driver overview (Engine) Store service configuration data (Engine) Swarm administration guide (Engine) Swarm mode key concepts (Engine) Swarm mode overlay network security model (Engine) Swarm mode overview (Engine) Understand container communication (Engine) Use multi-stage builds (Engine) Use swarm mode routing mesh (Engine) Use the AUFS storage driver (Engine) Use the Btrfs storage driver (Engine) Use the Device mapper storage driver (Engine) Use the OverlayFS storage driver (Engine) Use the VFS storage driver (Engine) Use the ZFS storage driver (Engine) Engine: Admin Guide Amazon CloudWatch logs logging driver (Engine) Bind mounts (Engine) Collect Docker metrics with Prometheus (Engine) Configuring and running Docker (Engine) Configuring logging drivers (Engine) Control and configure Docker with systemd (Engine) ETW logging driver (Engine) Fluentd logging driver (Engine) Format command and log output (Engine) Google Cloud logging driver (Engine) Graylog Extended Format (GELF) logging driver (Engine) Journald logging driver (Engine) JSON File logging driver (Engine) Keep containers alive during daemon downtime (Engine) Limit a container's resources (Engine) Link via an ambassador container (Engine) Log tags for logging driver (Engine) Logentries logging driver (Engine) PowerShell DSC usage (Engine) Prune unused Docker objects (Engine) Run multiple services in a container (Engine) Runtime metrics (Engine) Splunk logging driver (Engine) Start containers automatically (Engine) Storage overview (Engine) Syslog logging driver (Engine) tmpfs mounts Troubleshoot volume problems (Engine) Use a logging driver plugin (Engine) Using Ansible (Engine) Using Chef (Engine) Using Puppet (Engine) View a container's logs (Engine) Volumes (Engine) Engine: CLI Daemon CLI reference (dockerd) (Engine) docker docker attach docker build docker checkpoint docker checkpoint create docker checkpoint ls docker checkpoint rm docker commit docker config docker config create docker config inspect docker config ls docker config rm docker container docker container attach docker container commit docker container cp docker container create docker container diff docker container exec docker container export docker container inspect docker container kill docker container logs docker container ls docker container pause docker container port docker container prune docker container rename docker container restart docker container rm docker container run docker container start docker container stats docker container stop docker container top docker container unpause docker container update docker container wait docker cp docker create docker deploy docker diff docker events docker exec docker export docker history docker image docker image build docker image history docker image import docker image inspect docker image load docker image ls docker image prune docker image pull docker image push docker image rm docker image save docker image tag docker images docker import docker info docker inspect docker kill docker load docker login docker logout docker logs docker network docker network connect docker network create docker network disconnect docker network inspect docker network ls docker network prune docker network rm docker node docker node demote docker node inspect docker node ls docker node promote docker node ps docker node rm docker node update docker pause docker plugin docker plugin create docker plugin disable docker plugin enable docker plugin inspect docker plugin install docker plugin ls docker plugin push docker plugin rm docker plugin set docker plugin upgrade docker port docker ps docker pull docker push docker rename docker restart docker rm docker rmi docker run docker save docker search docker secret docker secret create docker secret inspect docker secret ls docker secret rm docker service docker service create docker service inspect docker service logs docker service ls docker service ps docker service rm docker service scale docker service update docker stack docker stack deploy docker stack ls docker stack ps docker stack rm docker stack services docker start docker stats docker stop docker swarm docker swarm ca docker swarm init docker swarm join docker swarm join-token docker swarm leave docker swarm unlock docker swarm unlock-key docker swarm update docker system docker system df docker system events docker system info docker system prune docker tag docker top docker unpause docker update docker version docker volume docker volume create docker volume inspect docker volume ls docker volume prune docker volume rm docker wait Use the Docker command line (Engine) Engine: Extend Access authorization plugin (Engine) Docker log driver plugins Docker network driver plugins (Engine) Extending Engine with plugins Managed plugin system (Engine) Plugin configuration (Engine) Plugins API (Engine) Volume plugins (Engine) Engine: Security AppArmor security profiles for Docker (Engine) Automation with content trust (Engine) Content trust in Docker (Engine) Delegations for content trust (Engine) Deploying Notary (Engine) Docker security (Engine) Docker security non-events (Engine) Isolate containers with a user namespace (Engine) Manage keys for content trust (Engine) Play in a content trust sandbox (Engine) Protect the Docker daemon socket (Engine) Seccomp security profiles for Docker (Engine) Secure Engine Use trusted images Using certificates for repository client verification (Engine) Engine: Tutorials Engine tutorials Network containers (Engine) Get Started Part 1: Orientation Part 2: Containers Part 3: Services Part 4: Swarms Part 5: Stacks Part 6: Deploy your app Machine Amazon Web Services (Machine) Digital Ocean (Machine) docker-machine active docker-machine config docker-machine create docker-machine env docker-machine help docker-machine inspect docker-machine ip docker-machine kill docker-machine ls docker-machine provision docker-machine regenerate-certs docker-machine restart docker-machine rm docker-machine scp docker-machine ssh docker-machine start docker-machine status docker-machine stop docker-machine upgrade docker-machine url Driver options and operating system defaults (Machine) Drivers overview (Machine) Exoscale (Machine) Generic (Machine) Get started with a local VM (Machine) Google Compute Engine (Machine) IBM Softlayer (Machine) Install Machine Machine Machine CLI overview Machine command-line completion Machine concepts and help Machine overview Microsoft Azure (Machine) Microsoft Hyper-V (Machine) Migrate from Boot2Docker to Machine OpenStack (Machine) Oracle VirtualBox (Machine) Provision AWS EC2 instances (Machine) Provision Digital Ocean Droplets (Machine) Provision hosts in the cloud (Machine) Rackspace (Machine) VMware Fusion (Machine) VMware vCloud Air (Machine) VMware vSphere (Machine) Notary Client configuration (Notary) Common Server and signer configurations (Notary) Getting started with Notary Notary changelog Notary configuration files Running a Notary service Server configuration (Notary) Signer configuration (Notary) Understand the service architecture (Notary) Use the Notary client
characters

本節(jié)中的信息解釋了 Docker 默認(rèn)網(wǎng)橋的 IPv6。這是一個(gè)在安裝 Docker 時(shí)自動(dòng)創(chuàng)建名稱(chēng)為bridgebridge網(wǎng)絡(luò)。

由于 IPv4 地址耗盡, IETF 已經(jīng)在 RFC 2460中標(biāo)準(zhǔn)化了 IPv4后繼,Internet 協(xié)議版本6。這兩種協(xié)議(IPv4和 IPv6)都駐留在 OSI模型的第3層。

IPv6 如何在 Docker 上運(yùn)行

默認(rèn)情況下,Docker 守護(hù)程序(daemon)僅為IPv4配置容器網(wǎng)絡(luò)。您可以通過(guò)運(yùn)行帶有--ipv6標(biāo)志的Docker 守護(hù)程序(daemon)來(lái)啟用 IPv4 / IPv6 雙棧支持。Docker 將docker0使用 IPv6 鏈接本地地址fe80::1設(shè)置網(wǎng)橋。

默認(rèn)情況下,創(chuàng)建的容器只會(huì)獲得鏈路本地 IPv6 地址。要將全局可路由的 IPv6 地址分配給您的容器,您必須指定一個(gè) IPv6 子網(wǎng)來(lái)從中選擇地址。啟動(dòng) Docker 守護(hù)進(jìn)程(daemon)時(shí),通過(guò)--fixed-cidr-v6參數(shù)設(shè)置 IPv6子網(wǎng):

您可以直接運(yùn)行dockerd這些標(biāo)志,但建議您將其設(shè)置在daemon.json配置文件中。以下示例daemon.json啟用 IPv6并將 IPv6子網(wǎng)設(shè)置為2001:db8:1::/64。

{  "ipv6": true,  "fixed-cid4-v6": "2001:db8:1::/64"}

Docker 容器的子網(wǎng)應(yīng)該至少有一個(gè)大小/80,以便 IPv6地址可以以容器的 MAC 地址結(jié)束,并且可以防止 Docker 層中的 NDP 鄰居緩存失效問(wèn)題。

默認(rèn)情況下,--fixed-cidr-v6參數(shù)使Docker為路由表添加一個(gè)新路由,方法是代表您運(yùn)行以下三個(gè)命令。若要防止自動(dòng)路由,請(qǐng)?jiān)O(shè)置ip-forwardfalsedaemon.json文件或啟動(dòng)Docker守護(hù)進(jìn)程--ip-forward=false旗子。然后,要獲得Docker將自動(dòng)為您創(chuàng)建的相同的路由表,請(qǐng)發(fā)出以下命令:

$ ip -6 route add 2001:db8:1::/64 dev docker0

$ sysctl net.ipv6.conf.default.forwarding=1$ sysctl net.ipv6.conf.all.forwarding=1

子網(wǎng)的所有通信量2001:db8:1::/64將通過(guò)docker0接口。

:IPv 6轉(zhuǎn)發(fā)可能會(huì)干擾現(xiàn)有的IPv 6配置:如果使用路由器廣告為主機(jī)接口獲取IPv 6設(shè)置,請(qǐng)?jiān)O(shè)置accept_ra2使用以下命令。否則,啟用IPv 6的轉(zhuǎn)發(fā)將導(dǎo)致拒絕路由器廣告。 $sysctl net.ipv6.con.eth0.接受[醫(yī)]Ra=2

二次

二次

每個(gè)新容器都將從定義的子網(wǎng)中獲得一個(gè)IPv 6地址,并將添加一個(gè)默認(rèn)路由。eth0通過(guò)守護(hù)進(jìn)程選項(xiàng)指定的地址在容器中。--default-gateway-v6%28或default-gateway-v6daemon.json%29(如有)。默認(rèn)網(wǎng)關(guān)默認(rèn)為fe80::1...

此示例提供了一種檢查運(yùn)行容器中IPv 6網(wǎng)絡(luò)設(shè)置的方法。

docker run -it alpine ash -c "ip -6 addr show dev eth0; ip -6 route show"15: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500
   inet6 2001:db8:1:0:0:242:ac11:3/64 scope global
      valid_lft forever preferred_lft forever
   inet6 fe80::42:acff:fe11:3/64 scope link
      valid_lft forever preferred_lft forever2001:db8:1::/64 dev eth0  proto kernel  metric 256fe80::/64 dev eth0  proto kernel  metric 256default via fe80::1 dev eth0  metric 1024

在這個(gè)例子中,容器被分配一個(gè)帶有子網(wǎng)的鏈接本地地址。/64%28fe80::42:acff:fe11:3/64%29和全球可路由IPv 6地址%282001:db8:1:0:0:242:ac11:3/6429%。容器將創(chuàng)建與2001:db8:1::/64通過(guò)鏈路本地網(wǎng)關(guān)連接fe80::1eth0...

服務(wù)器或虛擬機(jī)通常會(huì)獲得/64IPv 6子網(wǎng)分配%28例如。2001:db8:23:42::/6429%。在這種情況下,您可以進(jìn)一步拆分它,并提供Docker a/80使用單獨(dú)的子網(wǎng)。/80主機(jī)上其他應(yīng)用程序的子網(wǎng):

二次

二次

在此設(shè)置中,子網(wǎng)2001:db8:23:42::/642001:db8:23:42:0:0:0:02001:db8:23:42:ffff:ffff:ffff:ffff附在eth0,主人正在收聽(tīng)2001:db8:23:42::1.子網(wǎng)2001:db8:23:42:1::/80的地址范圍為2001:db8:23:42:1:0:0:02001:db8:23:42:1:ffff:ffff:ffff附在docker0并將用于集裝箱。

使用NDP代理

如果您的Docker主機(jī)是IPv 6子網(wǎng)的唯一部分,但沒(méi)有分配IPv 6子網(wǎng),則可以使用NDP代理通過(guò)IPv 6將容器連接到Internet。如果具有IPv 6地址的主機(jī)2001:db8::c001是子網(wǎng)的一部分。2001:db8::/64IaaS提供商允許您配置IPv 6地址2001:db8::c0002001:db8::c00f,您的網(wǎng)絡(luò)配置可能如下所示:

$ ip -6 addr show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:db8::c001/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::601:3fff:fea1:9c01/64 scope link
       valid_lft forever preferred_lft forever

將可配置地址范圍劃分為兩個(gè)子網(wǎng)2001:db8::c000/1252001:db8::c008/125,使用以下方法daemon.json設(shè)置。第一個(gè)子網(wǎng)將由主機(jī)上的非碼頭進(jìn)程使用,第二個(gè)子網(wǎng)將由Docker使用。

{  "ipv6": true,  "fixed-cidr-v6": "2001:db8::c008/125"}

Docker子網(wǎng)位于由路由器管理并連接到eth0所有由Docker分配地址的容器都將在路由器子網(wǎng)中找到,路由器可以直接與這些容器通信。

二次

二次

當(dāng)路由器希望向第一個(gè)容器發(fā)送IPv 6數(shù)據(jù)包時(shí),它將發(fā)送一個(gè)鄰居請(qǐng)求問(wèn)“誰(shuí)有2001:db8::c009“但是,子網(wǎng)上沒(méi)有一個(gè)主機(jī)有地址;帶有地址的容器隱藏在Docker主機(jī)后面。因此,Docker主機(jī)必須偵聽(tīng)鄰居的請(qǐng)求,并響應(yīng)它是具有地址的設(shè)備。此功能稱(chēng)為NDP代理并由主機(jī)上的內(nèi)核處理。要啟用NDP代理,請(qǐng)執(zhí)行以下命令:

$ sysctl net.ipv6.conf.eth0.proxy_ndp=1

接下來(lái),將容器的IPv 6地址添加到NDP代理表中:

$ ip -6 neigh add proxy 2001:db8::c009 dev eth0

從現(xiàn)在開(kāi)始,內(nèi)核在設(shè)備上回答鄰居請(qǐng)求地址。eth0.到此IPv 6地址的所有通信都通過(guò)Docker主機(jī)路由,Docker主機(jī)將根據(jù)其路由表通過(guò)docker0裝置:

$ ip -6 route show2001:db8::c008/125 dev docker0  metric 12001:db8::/64 dev eth0  proto kernel  metric 256

您必須執(zhí)行ip -6 neigh add proxy ...命令對(duì)您的Docker子網(wǎng)中的每個(gè)IPv 6地址執(zhí)行命令。不幸的是,沒(méi)有通過(guò)執(zhí)行一個(gè)命令來(lái)添加整個(gè)子網(wǎng)的功能。另一種方法是使用ndp代理守護(hù)進(jìn)程,如ndppd...

碼頭IPv 6集群

交換網(wǎng)絡(luò)環(huán)境

使用可路由IPv 6地址可以實(shí)現(xiàn)不同主機(jī)上容器之間的通信。讓我們看看一個(gè)簡(jiǎn)單的DockerIPv 6集群示例:

二次

二次

碼頭主機(jī)在2001:db8:0::/64子網(wǎng)。主機(jī)1被配置為從2001:db8:1::/64子網(wǎng)到它的容器。它配置了三條路由:

  • 將所有交通線(xiàn)路送至2001:db8:0::/64通孔eth0

  • 將所有交通線(xiàn)路送至2001:db8:1::/64通孔docker0

  • 將所有交通線(xiàn)路送至2001:db8:2::/64通過(guò)帶有IP的主機(jī)22001:db8::2

Host 1還充當(dāng)OSI第3層上的路由器。當(dāng)其中一個(gè)網(wǎng)絡(luò)客戶(hù)端試圖聯(lián)系主機(jī)1的路由表中指定的目標(biāo)時(shí),Host 1將相應(yīng)地轉(zhuǎn)發(fā)通信量。它充當(dāng)它所知道的所有網(wǎng)絡(luò)的路由器:2001:db8::/64,,,2001:db8:1::/64,和2001:db8:2::/64...

在主機(jī)2上,我們的配置幾乎相同。主機(jī)2的容器將從2001:db8:2::/64.2號(hào)旅館配置了三條路線(xiàn):

  • 將所有交通線(xiàn)路送至2001:db8:0::/64通孔eth0

  • 將所有交通線(xiàn)路送至2001:db8:2::/64通孔docker0

  • 將所有交通線(xiàn)路送至2001:db8:1::/64通過(guò)帶有IP的主機(jī)12001:db8:0::1

主機(jī)1的不同之處在于網(wǎng)絡(luò)2001:db8:2::/64通過(guò)其docker0接口而Host 2到達(dá)2001:db8:1::/64通過(guò)Host 1的IPv 6地址2001:db8::1...

這樣,每個(gè)容器都能聯(lián)系到其他的容器。集裝箱Container1-*共享同一個(gè)子網(wǎng),并直接聯(lián)系對(duì)方。之間的交通Container1-*Container2-*將通過(guò)Host 1和Host 2路由,因?yàn)檫@些容器不共享相同的子網(wǎng)。

在切換環(huán)境中,每個(gè)主機(jī)都必須知道到每個(gè)子網(wǎng)的所有路由。在向群集添加或刪除主機(jī)后,始終必須更新主機(jī)的路由表。

在虛線(xiàn)下面顯示的圖表中的每個(gè)配置都由Docker處理:docker0網(wǎng)橋IP地址配置、主機(jī)上到Docker子網(wǎng)的路由、容器IP地址和容器上的路由。線(xiàn)上的配置由用戶(hù)決定,可以適應(yīng)個(gè)人環(huán)境。

路由網(wǎng)絡(luò)環(huán)境

在路由網(wǎng)絡(luò)環(huán)境中,用第三層路由器替換第二層交換機(jī)?,F(xiàn)在,主機(jī)只需知道它們的默認(rèn)網(wǎng)關(guān)%28、路由器%29和到它們自己的容器的路由%28由Docker%29管理。路由器保存有關(guān)Docker子網(wǎng)的所有路由信息。當(dāng)您在此環(huán)境中添加或移除主機(jī)時(shí),您只需更新路由器中的路由表--而不是在每個(gè)主機(jī)上。

二次

二次

在這種情況下,同一主機(jī)的容器可以直接通信。不同主機(jī)上的容器之間的通信將通過(guò)它們的主機(jī)和路由器進(jìn)行路由。例如,從Container1-1Container2-1將通過(guò)Host1,,,Router,和Host2直到它到達(dá)Container2-1...

若要使IPv 6地址在本例中保持較短,請(qǐng)使用/48網(wǎng)絡(luò)分配給每個(gè)主機(jī)。主機(jī)使用/64它的子網(wǎng)用于它自己的服務(wù),一個(gè)子網(wǎng)用于Docker。當(dāng)添加第三個(gè)主機(jī)時(shí),您將為子網(wǎng)添加一個(gè)路由。2001:db8:3::/48在路由器中并在主機(jī)3上配置Docker--fixed-cidr-v6=2001:db8:3:1::/64...

請(qǐng)記住,碼頭集裝箱的子網(wǎng)至少應(yīng)該有/80這樣,IPv 6地址就可以以容器的MAC地址結(jié)束,從而防止了Docker層中NDP鄰居緩存失效的問(wèn)題。所以如果你有一個(gè)/64為您的整個(gè)環(huán)境使用/76主機(jī)和/80為了容器。這樣您就可以使用4096主機(jī)和16主機(jī)。/80每個(gè)人都有。

在虛線(xiàn)下面可視化的圖表中的每個(gè)配置都由Docker處理:docker0網(wǎng)橋IP地址配置、主機(jī)上到Docker子網(wǎng)的路由、容器IP地址和容器上的路由。線(xiàn)上的配置由用戶(hù)決定,可以適應(yīng)個(gè)人環(huán)境。

Previous article: Next article: