Cyberithub

Tutorial: Networking in Docker(v1.13) with Best Example

Advertisements

In this tutorial, I will take you through the concepts of networking in Docker.

A Docker container requires a host to run on. This could be either a physical machine (e.g., a bare-metal server in your on-premise datacenter) or a Virtual machine either on-prem or in the cloud. The host has the Docker service and client running,  which makes you interact with a Docker registry on the one side (to pull/push Docker images), and on the other side, allows you to start, stop, and inspect containers.

Advertisements

Networking in Docker

What is Networking

In terms of Computer Networking, it is basically the exchange of data between the nodes over a shared medium. The simplest example could be LAN(Local Area Network) and WAN(Wide Area Network) which we see now almost everywhere.

Tutorial: Networking in Docker(v1.13) with Best Example

 

Types of Networking in Docker

Bridge Mode Networking

In this mode, the Docker daemon creates docker0, a virtual Ethernet bridge that automatically forwards packets between any other network interfaces that are attached to it. By default, the daemon then connects all containers on a host to this internal network through creating a pair of peer interfaces, assigning one of the peers to become the container’s eth0 interface and other peer in the namespace of the host, as well as assigning an IP address/subnet from the private IP range to the bridge.

Advertisements
[root@localhost ~]# docker run -d -P --net=bridge nginx:1.9.1
4f4f4a015b01d14205313d1d718f7e2a35e87d35882b9a6ebf44833a3b75001d
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4f4f4a015b01 nginx:1.9.1 "nginx -g 'daemon ..." 16 seconds ago Up 16 seconds 0.0.0.0:32771->80/tcp, 0.0.0.0:32770->443/tcp keen_lewin
85e17dcc5308 nginx:1.9.1 "nginx -g 'daemon ..." 20 seconds ago Up 20 seconds 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp vibrant_shirley

Host Mode Networking

This mode effectively disables network isolation of a Docker container. Because the container shares the networking namespace of the host, it is directly exposed to the public network due to which, you need to carry out the coordination via port mapping. This is an important mode of networking in docker.

[root@localhost ~]# docker run -d --net=host ubuntu:14.04 tail -f /dev/null
12fc99d27c1ead6ccc25291fdd7025459e920234fe8c0f6bcf68b3828ce69664
[root@localhost ~]# ip addr | grep -A 2 enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:67:e6:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.104/24 brd 192.168.0.255 scope global dynamic enp0s3
valid_lft 1149sec preferred_lft 1149sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
12fc99d27c1e ubuntu:14.04 "tail -f /dev/null" 49 seconds ago Up 39 seconds youthful_nickeatt
7a128533cac0 ubuntu:14.04 "tail -f /dev/null" 35 seconds ago Up 44 seconds joyful_perry
4f4f4a015b01 nginx:1.9.1 "nginx -g 'daemon ..." 4 minutes ago Up 4 minutes 0.0.0.0:32771->80/tcp, 0.0.0.0:32770->443/tcp keen_lewin
85e17dcc5308 nginx:1.9.1 "nginx -g 'daemon ..." 4 minutes ago Up 4 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp vibrant_shirley
[root@localhost ~]# docker exec -ti 12fc99d27c1e ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:67:e6:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.104/24 brd 192.168.0.255 scope global dynamic enp0s3
valid_lft 1214sec preferred_lft 1214sec

Container Mode Networking

In this mode, you tell Docker to reuse the networking namespace of another container. In general, this mode is useful when you want to provide custom network stacks. Indeed, this mode is also what Kubernetes networking leverages. This is most widely used method of networking in docker.

Advertisements
[root@localhost ~]# docker exec -it lost_elvis ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# docker run -it --net=container:lost_elvis ubuntu:14.04 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:3/64 scope link
valid_lft forever preferred_lft forever

No Networking

This mode puts the container inside of its own network stack but doesn’t configure it. Effectively, this turns off networking and is useful for two cases: either for containers that don’t need a network (such as batch jobs writing to a disk volume) or if you want to set up your custom networking.

[root@localhost ~]# docker run -d -P --net=none nginx:1.9.1
18398ac91a61e622933de4cd47e1ad7a5988b1f39f29bb4d5c56b41e82ee736e
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
18398ac91a61 nginx:1.9.1 "nginx -g 'daemon ..." 7 seconds ago Up 7 seconds dazzling_fermi
e3f4a5f08b57 nginx:1.9.1 "nginx -g 'daemon ..." About an hour ago Up About an hour 0.0.0.0:32773->80/tcp, 0.0.0.0:32772->443/tcp relaxed_wing
12fc99d27c1e ubuntu:14.04 "tail -f /dev/null" About an hour ago Up About an hour youthful_leavitt
7a128533cac0 ubuntu:14.04 "tail -f /dev/null" About an hour ago Up About an hour naughty_lamport
4f4f4a015b01 nginx:1.9.1 "nginx -g 'daemon ..." About an hour ago Up About an hour 0.0.0.0:32771->80/tcp, 0.0.0.0:32770->443/tcp keen_lewin
85e17dcc5308 nginx:1.9.1 "nginx -g 'daemon ..." About an hour ago Up About an hour 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp vibrant_shirley
[root@localhost ~]# docker inspect 18398ac91a61 | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "",

Also Read: Manage Ports in Docker

Advertisements

Reference: Docker Documentation

Leave a Comment