DevOps/Docker

[Docker] 네트워크, 컨테이너간 통신

기록하는 백앤드개발자 2024. 5. 7. 10:05
반응형

ㅁ 들어가며

ㅇ Docker 컨테이너의 통신은 어떻게 하는 것인가를 공부하고 있습니다.

[Docker] Network, 호스트와 컨테이너의 구조에서 도커 네트워크의 구조를 이해하고 네트워트 설정의 특성을 정리하였습니다.

[Docker] Network 명령어 정리에서 네트워크 연결을 위한 CLI 명령어를 정리하였습니다.

ㅇ 이번 글에서는 컨테이너의 통신을 상황별로 어떻게 설정하는지 공부한 내용을 정리하였습니다.

 

ㅁ 브리지 네트워크

ㅇ Docker Container를 생성 시 네트워크의 기본은 docker0입니다.

# busybox 생성
$ docker run -itd --name=busybox busybox

# busybox 생성
$ docker run -itd --name=busybox2 busybox

# bridge network의 컨테이너 확인
$ docker network inspect bridge | jq '.[0].Containers'
{
  "2fb22348987b90b7afb66541f2c43ba0ecc5e81f3adf93a1adaab4c4b60ee61e": {
    "Name": "busybox2",
    "EndpointID": "ffe2dcf0be6b9f880e326d7f86bc85eed1ea55b358a3adb73f9a295d360ed707",
    "MacAddress": "02:42:ac:11:00:07",
    "IPv4Address": "172.17.0.7/16",
    "IPv6Address": ""
  },
  "c67da9ab113a653ff41070e01a0d34749d0d98c02889d9f1b24c3be29ef78fce": {
    "Name": "busybox",
    "EndpointID": "7198e3c4f183f77d472347060954550a7b06eb4671870e22295c63ff02684946",
    "MacAddress": "02:42:ac:11:00:06",
    "IPv4Address": "172.17.0.6/16",
    "IPv6Address": ""
  }
}

 

# busybox에서 ping 테스트
$ docker exec -it busybox  sh -c "ping 172.17.0.7"                                                                                                                                                                                                                     2 ↵  8443  18:28:54
PING 172.17.0.7 (172.17.0.7): 56 data bytes
64 bytes from 172.17.0.7: seq=0 ttl=64 time=0.274 ms
64 bytes from 172.17.0.7: seq=1 ttl=64 time=0.053 ms
64 bytes from 172.17.0.7: seq=2 ttl=64 time=0.052 ms
^C
--- 172.17.0.7 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.052/0.126/0.274 ms

# busybox2에서 ping 테스트
$ docker exec -it busybox2  sh -c "ping 172.17.0.6"                                                                                                                                                                                                                       ✔  8444  18:29:26
PING 172.17.0.6 (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.574 ms
64 bytes from 172.17.0.6: seq=1 ttl=64 time=0.052 ms
64 bytes from 172.17.0.6: seq=2 ttl=64 time=0.039 ms
^C
--- 172.17.0.6 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.039/0.221/0.574 ms

ㅇ 같은 bridge 네트워크에서는 컨테이너가 정상적으로 통신이 가능합니다.

 

ㅁ 사용자 브릿지 생성

ㅇ my-net 생성 및 확인

# my-net 생성
$ docker network create my-net

# my-net 상세정보확인
$ docker network inspect my-net
[
    {
        "Name": "my-net",
        "Id": "d70a8e18cfbf9d81e750074617a75e6a39b00583dfa9a917b6cf6b6f6efcacac",
        "Created": "2024-05-05T09:33:33.706627833Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.23.0.0/16",
                    "Gateway": "172.23.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

 

 

busybox2에 my-net 추가

# busybox2에 my-net 추가
$ docker network connect my-net busybox2

# busybox2에 my-net 추가 확인
$ docker inspect busybox2 | jq '.[0].NetworkSettings.Networks'
{
  "bridge": {
    "IPAMConfig": null,
    "Links": null,
    "Aliases": null,
    "MacAddress": "02:42:ac:11:00:07",
    "NetworkID": "14a20bd4e428c66e9af228d58cd6001b4551bb3f9597fe9be482d193d0e753c5",
    "EndpointID": "ffe2dcf0be6b9f880e326d7f86bc85eed1ea55b358a3adb73f9a295d360ed707",
    "Gateway": "172.17.0.1",
    "IPAddress": "172.17.0.7",
    "IPPrefixLen": 16,
    "IPv6Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "DriverOpts": null,
    "DNSNames": null
  },
  "my-net": {
    "IPAMConfig": {},
    "Links": null,
    "Aliases": [
      "2fb22348987b"
    ],
    "MacAddress": "02:42:ac:17:00:02",
    "NetworkID": "d70a8e18cfbf9d81e750074617a75e6a39b00583dfa9a917b6cf6b6f6efcacac",
    "EndpointID": "a23c22907a05cae9bd43dbab794049bf051695469ea149ab97f567510dac24d9",
    "Gateway": "172.23.0.1",
    "IPAddress": "172.23.0.2",
    "IPPrefixLen": 16,
    "IPv6Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "DriverOpts": {},
    "DNSNames": [
      "busybox2",
      "2fb22348987b"
    ]
  }
}

 

busybox2를 bridge에서 제거

# busybox2를 bridge에서 제거
$ docker network disconnect bridge busybox2

# 다시 확인
$ docker inspect busybox2 | jq '.[0].NetworkSettings.Networks'
{
  "my-net": {
    "IPAMConfig": {},
    "Links": null,
    "Aliases": [
      "2fb22348987b"
    ],
    "MacAddress": "02:42:ac:17:00:02",
    "NetworkID": "d70a8e18cfbf9d81e750074617a75e6a39b00583dfa9a917b6cf6b6f6efcacac",
    "EndpointID": "a23c22907a05cae9bd43dbab794049bf051695469ea149ab97f567510dac24d9",
    "Gateway": "172.23.0.1",
    "IPAddress": "172.23.0.2",
    "IPPrefixLen": 16,
    "IPv6Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "DriverOpts": {},
    "DNSNames": [
      "busybox2",
      "2fb22348987b"
    ]
  }
}

 

ping network 확인

# ping network 확인
$ docker exec -it busybox2  sh -c "ping 172.17.0.6"
PING 172.17.0.6 (172.17.0.6): 56 data bytes
^C
--- 172.17.0.6 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss

 

ㅁ 호스트 네트워크

busybox 생성

# busybox 생성
$ docker run -itd --name=busybox3 --net host busybox

 

busy3 ifconfig 분석

# busy3 ifconfig 분석
$ docker exec -it busybox3  sh -c "ifconfig"
br-d70a8e18cfbf Link encap:Ethernet  HWaddr 02:42:B0:72:1A:77
          inet addr:172.23.0.1  Bcast:172.23.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:b0ff:fe72:1a77/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2380 (2.3 KiB)  TX bytes:1380 (1.3 KiB)

docker0   Link encap:Ethernet  HWaddr 02:42:B1:B5:FE:16
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:b1ff:feb5:fe16/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2503416 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3224291 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:788636116 (752.1 MiB)  TX bytes:2719908620 (2.5 GiB)

eth0      Link encap:Ethernet  HWaddr 6E:41:BC:45:E6:1C
          inet addr:192.168.65.3  Bcast:192.168.65.255  Mask:255.255.255.0
          inet6 addr: fe80::6c41:bcff:fe45:e61c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:60188335 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45889082 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17815635870 (16.5 GiB)  TX bytes:127665754745 (118.8 GiB)

 ㄴ host 네트워크의 경우 맥북미니의 네트워크 정보와 동일하였다. 

 ㄴ busybox3는 호스트 네트워크와 동일하다면, 나의 맥북과 맥미니, 맥미니에 있는 busybox, busybox2와의 통신 테스트를 해보았다.

 

ㅁ 호스트 네트워크의 접속 테스트

 

# busybox 테스트
$ docker exec -it busybox3  sh -c "ping 172.17.0.6"
PING 172.17.0.6 (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.392 ms
64 bytes from 172.17.0.6: seq=1 ttl=64 time=0.037 ms
^C
--- 172.17.0.6 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.037/0.214/0.392 ms

# busybox2 테스트
$ docker exec -it busybox3  sh -c "ping 172.23.0.2"
PING 172.23.0.2 (172.23.0.2): 56 data bytes
64 bytes from 172.23.0.2: seq=0 ttl=64 time=0.297 ms
64 bytes from 172.23.0.2: seq=1 ttl=64 time=0.058 ms
64 bytes from 172.23.0.2: seq=2 ttl=64 time=0.044 ms
^C
--- 172.23.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.044/0.133/0.297 ms

# 맥미니 테스트
$ docker exec -it busybox3  sh -c "ping 192.168.33.74"
PING 192.168.33.74 (192.168.33.74): 56 data bytes
64 bytes from 192.168.33.74: seq=0 ttl=64 time=0.774 ms
64 bytes from 192.168.33.74: seq=1 ttl=64 time=0.589 ms
64 bytes from 192.168.33.74: seq=2 ttl=64 time=0.483 ms
^C
--- 192.168.33.74 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.483/0.615/0.774 ms

# 맥북프로 테스트
$ docker exec -it busybox3  sh -c "ping 192.168.33.29"
PING 192.168.33.29 (192.168.33.29): 56 data bytes
64 bytes from 192.168.33.29: seq=0 ttl=64 time=61.624 ms
64 bytes from 192.168.33.29: seq=1 ttl=64 time=85.164 ms
64 bytes from 192.168.33.29: seq=2 ttl=64 time=108.216 ms
^C
--- 192.168.33.29 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 61.624/85.001/108.216 ms

ㄴ 호스트 네트워크의 경우 맥북, 맥미니와 bridge에 속한 busybox, my-net에 속한 busybox2  모두와 통신이 가능하였다.

 

ㅁ 컨테이너 네트워크

busybox와 네트워크를 공유하는 busybox4 생성

# busybox4 생성
$ docker run -itd --name=busybox4 --net container:busybox busybox

 

busybox 통신 테스트

$ docker exec -it busybox4  sh -c "ping 172.17.0.6"
PING 172.17.0.6 (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.141 ms
64 bytes from 172.17.0.6: seq=1 ttl=64 time=0.061 ms
64 bytes from 172.17.0.6: seq=2 ttl=64 time=0.042 ms
^C
--- 172.17.0.6 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.042/0.081/0.141 ms

 ㄴ 성공하였다.

 

 busybox2 통신 테스트

$ docker exec -it busybox4  sh -c "ping 172.23.0.2"
PING 172.23.0.2 (172.23.0.2): 56 data bytes
^C
--- 172.23.0.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

ㄴ 실패하였다.

 

 busybox3 통신 테스트

$ docker exec -it busybox4  sh -c "ping 192.168.65.3"
PING 192.168.65.3 (192.168.65.3): 56 data bytes
64 bytes from 192.168.65.3: seq=0 ttl=64 time=0.500 ms
64 bytes from 192.168.65.3: seq=1 ttl=64 time=0.040 ms
64 bytes from 192.168.65.3: seq=2 ttl=64 time=0.044 ms
^C
--- 192.168.65.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.040/0.194/0.500 ms

 ㄴ 성공하였다.

 

맥미니 통신테스트

$ docker exec -it busybox4  sh -c "ping 192.168.33.74"
PING 192.168.33.74 (192.168.33.74): 56 data bytes
64 bytes from 192.168.33.74: seq=0 ttl=63 time=1.007 ms
64 bytes from 192.168.33.74: seq=1 ttl=63 time=0.467 ms
64 bytes from 192.168.33.74: seq=2 ttl=63 time=0.535 ms
^C
--- 192.168.33.74 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.467/0.669/1.007 ms

 ㄴ 성공하였다.

 

 맥북프로 통신테스트

$ docker exec -it busybox4  sh -c "ping 192.168.33.29"
PING 192.168.33.29 (192.168.33.29): 56 data bytes
64 bytes from 192.168.33.29: seq=0 ttl=63 time=3.654 ms
64 bytes from 192.168.33.29: seq=1 ttl=63 time=79.409 ms
64 bytes from 192.168.33.29: seq=2 ttl=63 time=17.989 ms
^C
--- 192.168.33.29 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3.654/33.684/79.409 ms

 ㄴ 성공하였다.

 

ㅁ 마무리

 Docker의 네트워크는 같은 네트워크를 공유한다면 통신이 가능하지만, 다른 네트워크에 속하면 격리되었다. 다만, Host 네트워크의 경우 모든 컨테이너와 통신이 가능하였다. 

 

ㅁ 함께 보면 좋은 사이트

Docker Network : 호스트와 컨테이너를 위한 네트워크를 구성해보자

 

반응형