em Huong nop final report ạ #128
Conversation
|
Bài của em tốt, có đầu tư, chăm chút, có cả làm lab (hẳn 2 laptops) để validate thông tin, làm sinh động hơn cho bài trình bày, giúp em hiểu hơn về vấn về. Tuy nhiên, anh vẫn thấy thiếu sót về 1 phần về chỗ linux network namespace em chưa đi sâu vào phân tích, cách docker sử dụng linux network namepsace. Overall, very good ! |
|
Cùng quan điểm với Đạt, bài trình bày tốt, tập trung đúng những gì đề tài yêu cầu. Nhưng mới chỉ trả lời được WHAT - nó là cái gì, nó cung cấp cái gì
|
|
Em cảm ơn lời nhận xét chi tiết của các anh ạ, em sẽ tìm hiểu thêm những phần mà các anh gợi ý ạ. |
|
|
||
| ``` | ||
|
|
||
| - Bridge mode is the default network mode of docker. If you do not write the – net parameter, it is the bridge mode. When docker run – P is used, docker actually makes DNAT rules in iptables to realize port forwarding function.. |
There was a problem hiding this comment.
commands, arguments, snippets hay expressions em nên để trong quote (``) nhé, ví dụ --net hay docker run -P
| - Bridge mode is the default network mode of docker. If you do not write the – net parameter, it is the bridge mode. When docker run – P is used, docker actually makes DNAT rules in iptables to realize port forwarding function.. | ||
| - When the docker process starts, by default, a virtual bridge named docker0 will be created on the host, and the docker container started on this host will be connected to the virtual bridge. The virtual bridge works like a physical switch, so that all containers on the host are connected to a layer-2 network through the switch. | ||
| - The Docker bridge driver automatically installs rules in the host machine so that containers on different bridge networks cannot communicate directly with each other. | ||
| - The docker then assigns an IP address from the docker 0 subnet to the container, and set the docker 0 IP address as the default gateway of the container. Create a pair of virtual network card Veth pair devices on the host. Docker puts one end of the Veth pair device in the newly created container and names it eth0 (network card of the container). The other end is placed in the host and named after vethxxx. The network device is added to the docker 0 bridge. It can be viewed through the brctl show command. |
There was a problem hiding this comment.
docker 0 -> docker0
what is the relationship between docker0 and the host interface (enps0)?
There was a problem hiding this comment.
Do you mean how are packets forwarded between docker0 and host interface?
There is no direct link between the default docker0 bridge and the hosts interface.
Docker uses NAT MASQUERADE for outbound traffic(from container to external network) and it will follow the standard outbound routing on the host. And, in return path for this outbound traffic, the MASQUERADE will also map the connection back through.
For new inbound traffic (from external network to container), you must set up port mapping to help the container get these packets. (No NAT is established here)
For example:
docker run -d -p 1234:80 --name comment
Docker Engine will launch a daemon that listens on the host on port 1234 and forwards to the container on port 80.
No description provided.