도커 기본 브릿지와 사용자 정의 브릿지의 차이 (2)

이전 도커의 브릿지에 관한 글에서 사용자 정의 브릿지와 기본 브릿지의 차이들을 설명한 적이 있습니다.

 

(1) 사용자 정의 브릿지는 자동으로 컨테이너 간의 DNS 문제를 해결해 줍니다.

(2) 사용자 정의 브릿지는 더 나은 고립을 제공합니다.

(3) 컨테이너를 정지시키지 않고 네트워크에 접근/분리 할 수 있습니다.

(4) 각각의 사용자 정의 브릿지는 설정이 가능합니다.

(5) 기본 브릿지 네트워크는 연결된 컨테이너 간의 환경변수 공유가 가능합니다.

 

 

이 중에서 (2)에 대한 테스트를 해 보겠습니다.

 

 

step 1. 사용자 정의 브릿지에서의 네트워크 테스트

1] 테스트용 네트워크를 두 개 만듭니다.

[root@centos77 ~]# docker network create --driver=bridge --subnet=172.28.1.0/24 --ip-range=172.28.1.0/24 --gateway=172.28.1.254 br1

0fa223828ac8a94bfb126bdabffa53c7e92b4842a94712e3c01f4c475b185b25

[root@centos77 ~]# docker network create --driver=bridge --subnet=172.28.2.0/24 --ip-range=172.28.2.0/24 --gateway=172.28.2.254 br2

2bad75eff53b387d74f4389b08b8f9928e651d660926e83507f05153fd26f8ed

[root@centos77 ~]# docker network ls

NETWORK ID NAME DRIVER SCOPE

0fa223828ac8 br1 bridge local

2bad75eff53b br2 bridge local

7557a30b079a bridge bridge local

61f432d735cf host host local

16a3b4fdc56e none null local

[root@centos77 ~]#

 

 

2] 각각의 네트워크에 컨테이너를 두 개씩 만듭니다.

[root@centos77 ~]# docker run -it -d --name alp1-1 --network br1 alpine

74e5741f1a5f6b81237444f7dcef9a2a29b4acb1b292b79d9e1a87fbee0df292

[root@centos77 ~]# docker run -it -d --name alp1-2 --network br1 alpine

362c8774c5c4ff367213726d5df096b8611e2641a32b819558e14f6619c042ab

[root@centos77 ~]# docker run -it -d --name alp2-1 --network br2 alpine

fb02843de5e0225fa99020ffe435e4d48883a3e2a8aa63d677c477bc715dd2ad

[root@centos77 ~]# docker run -it -d --name alp2-2 --network br2 alpine

0dd96fddafc8e169f1ba2e7e54bd194b41c6247ae57d81b2c9935ff9f40e51dd

[root@centos77 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

0dd96fddafc8 alpine "/bin/sh" 4 seconds ago Up 3 seconds alp2-2

fb02843de5e0 alpine "/bin/sh" 7 seconds ago Up 6 seconds alp2-1

362c8774c5c4 alpine "/bin/sh" 13 seconds ago Up 13 seconds alp1-2

74e5741f1a5f alpine "/bin/sh" 18 seconds ago Up 16 seconds alp1-1

[root@centos77 ~]#

 

 

3] 브릿지 네트워크의 정보확인 및 도커 호스트에서의 ping 테스트

[root@centos77 ~]# docker network inspect br1

[

{

"Name": "br1",

 

...

 

"Containers": {

"362c8774c5c4ff367213726d5df096b8611e2641a32b819558e14f6619c042ab": {

"Name": "alp1-2",

"EndpointID": "7342055ba6712ba6fbd838d0509135256bff5fb757b5823b7f40259e35d97468",

"MacAddress": "02:42:ac:1c:01:02",

"IPv4Address": "172.28.1.2/24",

"IPv6Address": ""

},

"74e5741f1a5f6b81237444f7dcef9a2a29b4acb1b292b79d9e1a87fbee0df292": {

"Name": "alp1-1",

"EndpointID": "1b2f165976ec1226698cf804f1532f68dcff9ef48048965d26cfe49c987ec43c",

"MacAddress": "02:42:ac:1c:01:01",

"IPv4Address": "172.28.1.1/24",

"IPv6Address": ""

}

},

...

 

[root@centos77 ~]# docker network inspect br2

[

{

"Name": "br2",

 

...

 

"Containers": {

"0dd96fddafc8e169f1ba2e7e54bd194b41c6247ae57d81b2c9935ff9f40e51dd": {

"Name": "alp2-2",

"EndpointID": "6d4e540b177a39f50a5b4fb30eeb2e3b84ff3fc9c001711b5596f5e00cfbd7a8",

"MacAddress": "02:42:ac:1c:02:02",

"IPv4Address": "172.28.2.2/24",

"IPv6Address": ""

},

"fb02843de5e0225fa99020ffe435e4d48883a3e2a8aa63d677c477bc715dd2ad": {

"Name": "alp2-1",

"EndpointID": "4417202c0f960fde50d775ff1fbf1bb553dd93f96d917d8b0a4cef2f54d2f001",

"MacAddress": "02:42:ac:1c:02:01",

"IPv4Address": "172.28.2.1/24",

"IPv6Address": ""

}

 

...

 

[root@centos77 ~]#

 

  3]-1 br1 네트워크의 컨테이너들에 ping 테스트

[root@centos77 ~]# ping 172.28.1.1

PING 172.28.1.1 (172.28.1.1) 56(84) bytes of data.

64 bytes from 172.28.1.1: icmp_seq=1 ttl=64 time=0.048 ms

64 bytes from 172.28.1.1: icmp_seq=2 ttl=64 time=0.060 ms

64 bytes from 172.28.1.1: icmp_seq=3 ttl=64 time=0.063 ms

^C

--- 172.28.1.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2001ms

rtt min/avg/max/mdev = 0.048/0.057/0.063/0.006 ms

[root@centos77 ~]# ping 172.28.1.2

PING 172.28.1.2 (172.28.1.2) 56(84) bytes of data.

64 bytes from 172.28.1.2: icmp_seq=1 ttl=64 time=0.062 ms

64 bytes from 172.28.1.2: icmp_seq=2 ttl=64 time=0.052 ms

64 bytes from 172.28.1.2: icmp_seq=3 ttl=64 time=0.052 ms

^C

--- 172.28.1.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms

rtt min/avg/max/mdev = 0.052/0.055/0.062/0.007 ms

[root@centos77 ~]#

 

  3]-2 br2 네트워크의 컨테이너들에 ping 테스트

[root@centos77 ~]# ping 172.28.2.1

PING 172.28.2.1 (172.28.2.1) 56(84) bytes of data.

64 bytes from 172.28.2.1: icmp_seq=1 ttl=64 time=0.076 ms

64 bytes from 172.28.2.1: icmp_seq=2 ttl=64 time=0.030 ms

64 bytes from 172.28.2.1: icmp_seq=3 ttl=64 time=0.058 ms

^C

--- 172.28.2.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2000ms

rtt min/avg/max/mdev = 0.030/0.054/0.076/0.020 ms

[root@centos77 ~]# ping 172.28.2.2

PING 172.28.2.2 (172.28.2.2) 56(84) bytes of data.

64 bytes from 172.28.2.2: icmp_seq=1 ttl=64 time=0.125 ms

64 bytes from 172.28.2.2: icmp_seq=2 ttl=64 time=0.052 ms

64 bytes from 172.28.2.2: icmp_seq=3 ttl=64 time=0.056 ms

^C

--- 172.28.2.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2000ms

rtt min/avg/max/mdev = 0.052/0.077/0.125/0.035 ms

[root@centos77 ~]#

 

 

4] br1 네트워크 내부에서의 ping 테스트

[root@centos77 ~]# docker exec alp1-1 ping alp1-2

PING alp1-2 (172.28.1.2): 56 data bytes

64 bytes from 172.28.1.2: seq=0 ttl=64 time=0.142 ms

64 bytes from 172.28.1.2: seq=1 ttl=64 time=0.136 ms

64 bytes from 172.28.1.2: seq=2 ttl=64 time=0.085 ms

^C

[root@centos77 ~]# docker exec alp1-2 ping alp1-1

PING alp1-1 (172.28.1.1): 56 data bytes

64 bytes from 172.28.1.1: seq=0 ttl=64 time=0.075 ms

64 bytes from 172.28.1.1: seq=1 ttl=64 time=0.087 ms

64 bytes from 172.28.1.1: seq=2 ttl=64 time=0.089 ms

^C

[root@centos77 ~]#

 

 

5] br1 네트워크에서 br2 네트워크로의 ping 테스트

[root@centos77 ~]# docker exec alp1-1 ping alp2-1

ping: bad address 'alp2-1'

[root@centos77 ~]# docker exec alp1-1 ping alp2-2

ping: bad address 'alp2-2'

[root@centos77 ~]# docker exec alp1-1 ping 172.28.2.1

PING 172.28.2.1 (172.28.2.1): 56 data bytes

^C

[root@centos77 ~]# docker exec alp1-1 ping 172.28.2.2

PING 172.28.2.2 (172.28.2.2): 56 data bytes

^C

[root@centos77 ~]#

 

 

 

 

6] br2 네트워크 내부에서의 ping 테스트

[root@centos77 ~]# docker exec alp2-1 ping alp2-2

PING alp2-2 (172.28.2.2): 56 data bytes

64 bytes from 172.28.2.2: seq=0 ttl=64 time=0.086 ms

64 bytes from 172.28.2.2: seq=1 ttl=64 time=0.077 ms

64 bytes from 172.28.2.2: seq=2 ttl=64 time=0.078 ms

^C

[root@centos77 ~]# docker exec alp2-2 ping alp2-1

PING alp2-1 (172.28.2.1): 56 data bytes

64 bytes from 172.28.2.1: seq=0 ttl=64 time=0.067 ms

64 bytes from 172.28.2.1: seq=1 ttl=64 time=0.081 ms

64 bytes from 172.28.2.1: seq=2 ttl=64 time=0.083 ms

^C

[root@centos77 ~]#

 

 

7] br2 네트워크에서 br1 네트워크로의 ping 테스트

[root@centos77 ~]# docker exec alp2-1 ping alp1-1

ping: bad address 'alp1-1'

[root@centos77 ~]# docker exec alp2-1 ping alp1-2

ping: bad address 'alp1-2'

[root@centos77 ~]# docker exec alp2-1 ping 172.28.1.1

PING 172.28.1.1 (172.28.1.1): 56 data bytes

^C

[root@centos77 ~]# docker exec alp2-1 ping 172.28.1.2

PING 172.28.1.2 (172.28.1.2): 56 data bytes

^C

[root@centos77 ~]#

 

 

 

step 2. 기본 브릿지 네트워크와 사용자 정의 브릿지의 네트워크 테스트

1] 기본 브릿지 네트워크를 이용하는 컨테이너를 하나 만듭니다.

[root@centos77 ~]# docker run -it -d --name alp-def alpine

23f7cd8ad2355dd7a677fc8c25b6860db370a82b8c7c3718633c8600145d7080

[root@centos77 ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

23f7cd8ad235 alpine "/bin/sh" 9 seconds ago Up 8 seconds alp-def

0dd96fddafc8 alpine "/bin/sh" 12 minutes ago Up 12 minutes alp2-2

fb02843de5e0 alpine "/bin/sh" 12 minutes ago Up 12 minutes alp2-1

362c8774c5c4 alpine "/bin/sh" 12 minutes ago Up 12 minutes alp1-2

74e5741f1a5f alpine "/bin/sh" 12 minutes ago Up 12 minutes alp1-1

[root@centos77 ~]# docker network inspect bridge

[

{

"Name": "bridge",

 

...

 

"Containers": {

"23f7cd8ad2355dd7a677fc8c25b6860db370a82b8c7c3718633c8600145d7080": {

"Name": "alp-def",

"EndpointID": "2846e461fe9274a4728c9099feaa444524fa3165b52a464fc5869e5dea6f6241",

"MacAddress": "02:42:ac:12:00:02",

"IPv4Address": "172.18.0.2/24",

"IPv6Address": ""

}

},

 

...

 

[root@centos77 ~]# ping 172.18.0.2

PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.

64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.065 ms

64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.055 ms

64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.054 ms

^C

--- 172.18.0.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2000ms

rtt min/avg/max/mdev = 0.054/0.058/0.065/0.005 ms

[root@centos77 ~]#

 

 

 

2] 기본 브릿지 네트워크를 이용하는 컨테이너에서 br1 네트워크로 ping 테스트

[root@centos77 ~]# docker exec alp-def ping 172.28.1.1

PING 172.28.1.1 (172.28.1.1): 56 data bytes

^C

[root@centos77 ~]#

 

 

3] 기본 브릿지 네트워크를 이용하는 컨테이너에서 br1 네트워크로 ping 테스트

[root@centos77 ~]# docker exec alp1-1 ping 172.18.0.2

PING 172.18.0.2 (172.18.0.2): 56 data bytes

^C

[root@centos77 ~]#