当前位置: 动力学知识库 > 问答 > 编程问答 >

virtual machine - Bind physical NICs to containers for docker

问题描述:

I have 4 NICs installed in my host PC. I want to launch different docker's containers with binding different physical NICs to each container. How can I do for docker?

For VirtualBox, this can be done with creating bridge adapter for each VM of the physical NICs.

网友答案:

When you expose ports on Docker using the -P or -p options it is just creating an iptables Destination NAT or DNAT entry. You can even look at those entries by running the command below.

iptables -t nat -nL
...    
Chain DOCKER (2 references)
target     prot opt source               destination
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0      tcp dpt:8001 to:172.17.0.19:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0      tcp dpt:8002 to:172.17.0.20:80

By default docker will use the 0.0.0.0/0 (i.e. all interfaces) specification to forward ports too and from docker container hosts. However you could replace those rules to forward only from selected interfaces.

So Say I have two web-servers both wanting to listen on port 80. I would run them as follows. Note that I am not exposing any ports. This so that only our created IP Tables rule allows access to these nodes.

docker run --name web1 -t something/web-server
docker run --name web2 -t something/web-server

Run docker inspect to get the Virtual IP of the container

docker inspect web1 | grep IPAddress
IPAddress": "172.17.0.19",
docker inspect web2 | grep IPAddress
IPAddress": "172.17.0.20",

Now add in DNAT rules for the specific interfaces:

iptables -t nat -A DOCKER -p tcp -d [INTERFACE_1_IP] --dport 80 -j DNAT --to-destination 172.17.0.19:80
iptables -t nat -A DOCKER -p tcp -d [INTERFACE_2_IP] --dport 80 -j DNAT --to-destination 172.17.0.20:80
分享给朋友:
您可能感兴趣的文章:
随机阅读: