[Docker] 네트워크, 컨테이너간 통신
ㅁ 들어가며
ㅇ Docker 컨테이너의 통신은 어떻게 하는 것인가를 공부하고 있습니다.
ㅇ [Docker] Network, 호스트와 컨테이너의 구조에서 도커 네트워크의 구조를 이해하고 네트워트 설정의 특성을 정리하였습니다.
ㅇ [Docker] Network 명령어 정리에서 네트워크 연결을 위한 CLI 명령어를 정리하였습니다.
ㅇ 이번 글에서는 컨테이너의 통신을 상황별로 어떻게 설정하는지 공부한 내용을 정리하였습니다.
ㅁ 브리지 네트워크
ㅇ Docker Container를 생성 시 네트워크의 기본은 docker0입니다.
# busybox 생성
$ docker run -itd --name=busybox busybox
# busybox 생성
$ docker run -itd --name=busybox2 busybox
# bridge network의 컨테이너 확인
$ docker network inspect bridge | jq '.[0].Containers'
{
"2fb22348987b90b7afb66541f2c43ba0ecc5e81f3adf93a1adaab4c4b60ee61e": {
"Name": "busybox2",
"EndpointID": "ffe2dcf0be6b9f880e326d7f86bc85eed1ea55b358a3adb73f9a295d360ed707",
"MacAddress": "02:42:ac:11:00:07",
"IPv4Address": "172.17.0.7/16",
"IPv6Address": ""
},
"c67da9ab113a653ff41070e01a0d34749d0d98c02889d9f1b24c3be29ef78fce": {
"Name": "busybox",
"EndpointID": "7198e3c4f183f77d472347060954550a7b06eb4671870e22295c63ff02684946",
"MacAddress": "02:42:ac:11:00:06",
"IPv4Address": "172.17.0.6/16",
"IPv6Address": ""
}
}
# busybox에서 ping 테스트
$ docker exec -it busybox sh -c "ping 172.17.0.7" 2 ↵ 8443 18:28:54
PING 172.17.0.7 (172.17.0.7): 56 data bytes
64 bytes from 172.17.0.7: seq=0 ttl=64 time=0.274 ms
64 bytes from 172.17.0.7: seq=1 ttl=64 time=0.053 ms
64 bytes from 172.17.0.7: seq=2 ttl=64 time=0.052 ms
^C
--- 172.17.0.7 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.052/0.126/0.274 ms
# busybox2에서 ping 테스트
$ docker exec -it busybox2 sh -c "ping 172.17.0.6" ✔ 8444 18:29:26
PING 172.17.0.6 (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.574 ms
64 bytes from 172.17.0.6: seq=1 ttl=64 time=0.052 ms
64 bytes from 172.17.0.6: seq=2 ttl=64 time=0.039 ms
^C
--- 172.17.0.6 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.039/0.221/0.574 ms
ㅇ 같은 bridge 네트워크에서는 컨테이너가 정상적으로 통신이 가능합니다.
ㅁ 사용자 브릿지 생성
ㅇ my-net 생성 및 확인
# my-net 생성
$ docker network create my-net
# my-net 상세정보확인
$ docker network inspect my-net
[
{
"Name": "my-net",
"Id": "d70a8e18cfbf9d81e750074617a75e6a39b00583dfa9a917b6cf6b6f6efcacac",
"Created": "2024-05-05T09:33:33.706627833Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.23.0.0/16",
"Gateway": "172.23.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
ㅇ busybox2에 my-net 추가
# busybox2에 my-net 추가
$ docker network connect my-net busybox2
# busybox2에 my-net 추가 확인
$ docker inspect busybox2 | jq '.[0].NetworkSettings.Networks'
{
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:11:00:07",
"NetworkID": "14a20bd4e428c66e9af228d58cd6001b4551bb3f9597fe9be482d193d0e753c5",
"EndpointID": "ffe2dcf0be6b9f880e326d7f86bc85eed1ea55b358a3adb73f9a295d360ed707",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.7",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
},
"my-net": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"2fb22348987b"
],
"MacAddress": "02:42:ac:17:00:02",
"NetworkID": "d70a8e18cfbf9d81e750074617a75e6a39b00583dfa9a917b6cf6b6f6efcacac",
"EndpointID": "a23c22907a05cae9bd43dbab794049bf051695469ea149ab97f567510dac24d9",
"Gateway": "172.23.0.1",
"IPAddress": "172.23.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": {},
"DNSNames": [
"busybox2",
"2fb22348987b"
]
}
}
ㅇ busybox2를 bridge에서 제거
# busybox2를 bridge에서 제거
$ docker network disconnect bridge busybox2
# 다시 확인
$ docker inspect busybox2 | jq '.[0].NetworkSettings.Networks'
{
"my-net": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"2fb22348987b"
],
"MacAddress": "02:42:ac:17:00:02",
"NetworkID": "d70a8e18cfbf9d81e750074617a75e6a39b00583dfa9a917b6cf6b6f6efcacac",
"EndpointID": "a23c22907a05cae9bd43dbab794049bf051695469ea149ab97f567510dac24d9",
"Gateway": "172.23.0.1",
"IPAddress": "172.23.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": {},
"DNSNames": [
"busybox2",
"2fb22348987b"
]
}
}
ㅇ ping network 확인
# ping network 확인
$ docker exec -it busybox2 sh -c "ping 172.17.0.6"
PING 172.17.0.6 (172.17.0.6): 56 data bytes
^C
--- 172.17.0.6 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss
ㅁ 호스트 네트워크
ㅇ busybox 생성
# busybox 생성
$ docker run -itd --name=busybox3 --net host busybox
ㅇ busy3 ifconfig 분석
# busy3 ifconfig 분석
$ docker exec -it busybox3 sh -c "ifconfig"
br-d70a8e18cfbf Link encap:Ethernet HWaddr 02:42:B0:72:1A:77
inet addr:172.23.0.1 Bcast:172.23.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:b0ff:fe72:1a77/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2380 (2.3 KiB) TX bytes:1380 (1.3 KiB)
docker0 Link encap:Ethernet HWaddr 02:42:B1:B5:FE:16
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:b1ff:feb5:fe16/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2503416 errors:0 dropped:0 overruns:0 frame:0
TX packets:3224291 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:788636116 (752.1 MiB) TX bytes:2719908620 (2.5 GiB)
eth0 Link encap:Ethernet HWaddr 6E:41:BC:45:E6:1C
inet addr:192.168.65.3 Bcast:192.168.65.255 Mask:255.255.255.0
inet6 addr: fe80::6c41:bcff:fe45:e61c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60188335 errors:0 dropped:0 overruns:0 frame:0
TX packets:45889082 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17815635870 (16.5 GiB) TX bytes:127665754745 (118.8 GiB)
ㄴ host 네트워크의 경우 맥북미니의 네트워크 정보와 동일하였다.
ㄴ busybox3는 호스트 네트워크와 동일하다면, 나의 맥북과 맥미니, 맥미니에 있는 busybox, busybox2와의 통신 테스트를 해보았다.
ㅁ 호스트 네트워크의 접속 테스트
# busybox 테스트
$ docker exec -it busybox3 sh -c "ping 172.17.0.6"
PING 172.17.0.6 (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.392 ms
64 bytes from 172.17.0.6: seq=1 ttl=64 time=0.037 ms
^C
--- 172.17.0.6 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.037/0.214/0.392 ms
# busybox2 테스트
$ docker exec -it busybox3 sh -c "ping 172.23.0.2"
PING 172.23.0.2 (172.23.0.2): 56 data bytes
64 bytes from 172.23.0.2: seq=0 ttl=64 time=0.297 ms
64 bytes from 172.23.0.2: seq=1 ttl=64 time=0.058 ms
64 bytes from 172.23.0.2: seq=2 ttl=64 time=0.044 ms
^C
--- 172.23.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.044/0.133/0.297 ms
# 맥미니 테스트
$ docker exec -it busybox3 sh -c "ping 192.168.33.74"
PING 192.168.33.74 (192.168.33.74): 56 data bytes
64 bytes from 192.168.33.74: seq=0 ttl=64 time=0.774 ms
64 bytes from 192.168.33.74: seq=1 ttl=64 time=0.589 ms
64 bytes from 192.168.33.74: seq=2 ttl=64 time=0.483 ms
^C
--- 192.168.33.74 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.483/0.615/0.774 ms
# 맥북프로 테스트
$ docker exec -it busybox3 sh -c "ping 192.168.33.29"
PING 192.168.33.29 (192.168.33.29): 56 data bytes
64 bytes from 192.168.33.29: seq=0 ttl=64 time=61.624 ms
64 bytes from 192.168.33.29: seq=1 ttl=64 time=85.164 ms
64 bytes from 192.168.33.29: seq=2 ttl=64 time=108.216 ms
^C
--- 192.168.33.29 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 61.624/85.001/108.216 ms
ㄴ 호스트 네트워크의 경우 맥북, 맥미니와 bridge에 속한 busybox, my-net에 속한 busybox2 모두와 통신이 가능하였다.
ㅁ 컨테이너 네트워크
ㅇ busybox와 네트워크를 공유하는 busybox4 생성
# busybox4 생성
$ docker run -itd --name=busybox4 --net container:busybox busybox
ㅇ busybox 통신 테스트
$ docker exec -it busybox4 sh -c "ping 172.17.0.6"
PING 172.17.0.6 (172.17.0.6): 56 data bytes
64 bytes from 172.17.0.6: seq=0 ttl=64 time=0.141 ms
64 bytes from 172.17.0.6: seq=1 ttl=64 time=0.061 ms
64 bytes from 172.17.0.6: seq=2 ttl=64 time=0.042 ms
^C
--- 172.17.0.6 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.042/0.081/0.141 ms
ㄴ 성공하였다.
ㅇ busybox2 통신 테스트
$ docker exec -it busybox4 sh -c "ping 172.23.0.2"
PING 172.23.0.2 (172.23.0.2): 56 data bytes
^C
--- 172.23.0.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
ㄴ 실패하였다.
ㅇ busybox3 통신 테스트
$ docker exec -it busybox4 sh -c "ping 192.168.65.3"
PING 192.168.65.3 (192.168.65.3): 56 data bytes
64 bytes from 192.168.65.3: seq=0 ttl=64 time=0.500 ms
64 bytes from 192.168.65.3: seq=1 ttl=64 time=0.040 ms
64 bytes from 192.168.65.3: seq=2 ttl=64 time=0.044 ms
^C
--- 192.168.65.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.040/0.194/0.500 ms
ㄴ 성공하였다.
ㅇ 맥미니 통신테스트
$ docker exec -it busybox4 sh -c "ping 192.168.33.74"
PING 192.168.33.74 (192.168.33.74): 56 data bytes
64 bytes from 192.168.33.74: seq=0 ttl=63 time=1.007 ms
64 bytes from 192.168.33.74: seq=1 ttl=63 time=0.467 ms
64 bytes from 192.168.33.74: seq=2 ttl=63 time=0.535 ms
^C
--- 192.168.33.74 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.467/0.669/1.007 ms
ㄴ 성공하였다.
ㅇ 맥북프로 통신테스트
$ docker exec -it busybox4 sh -c "ping 192.168.33.29"
PING 192.168.33.29 (192.168.33.29): 56 data bytes
64 bytes from 192.168.33.29: seq=0 ttl=63 time=3.654 ms
64 bytes from 192.168.33.29: seq=1 ttl=63 time=79.409 ms
64 bytes from 192.168.33.29: seq=2 ttl=63 time=17.989 ms
^C
--- 192.168.33.29 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3.654/33.684/79.409 ms
ㄴ 성공하였다.
ㅁ 마무리
Docker의 네트워크는 같은 네트워크를 공유한다면 통신이 가능하지만, 다른 네트워크에 속하면 격리되었다. 다만, Host 네트워크의 경우 모든 컨테이너와 통신이 가능하였다.
ㅁ 함께 보면 좋은 사이트
ㅇ Docker Network : 호스트와 컨테이너를 위한 네트워크를 구성해보자