Docker Networking 101
By
Avi
Docker is a neat tool where developers can build and run their applications.
Fun fact: DotCloud, a platform as a service (PaaS) company, actually created it as an internal tool!
However, the company soon realized its true potential and made it available as an open-source project in 2013. What we now know as Docker Inc. soon became popular, with tens of thousands of users and big partnerships with companies like Red Hat, IBM, Microsoft, Google, and Cisco Systems!
Today’s software development demands agility and fast change response. We assess our work in story points, participate in stand-ups, and use methodologies like Scrum. Docker can support our agility.
You must be aware the deployment phase of any software development is expensive. And this is where the Docker platform comes in. It makes deployment simpler by using OS-level virtual software to put software into containers.
The great thing about this platform is that it bundles an application and all its dependencies – like binaries, libraries, configuration files, scripts, jars, and more – into a single, easy-to-use package. It’s a simple and standardized approach that’s made life easier for software developers everywhere!
Docker Simplifies Collaboration and Networking Across Platforms
Before Docker, it was common to need a combination of technologies, such as virtual machines, configuration management tools, package management systems, and complex webs of library dependencies, to manage the movement of software in the development pipeline. To maintain and administer these tools, skilled engineers were needed; most required customized settings.
Docker has altered this by enabling all engineers participating in this process to communicate in a single language, simplifying collaboration.
Through the host machine, Docker containers communicate with one another and the outside world using Docker networking. The Container Network Model (CNM) controls the Docker Network, which uses several different network drivers. The network selection criteria will be based on the function and purpose of the container.
They are incredibly powerful because they can connect workloads from other platforms with Docker services and containers. Whether they run Windows or Linux, you can use Docker to manage your Docker hosts in a platform-neutral way.
How does Docker Networking work?
Docker has specified a fundamental networking model known as the container network model (CNM), with specifications that any software that implements a container network must meet. CNM keeps the network configuration in a console-style distributed key-value store.
The three components of the CNM are the sandbox, endpoint, and network:
- Sandbox: A sandbox houses the network configuration for the container. Within the container, it functions as a networking stack.
- Endpoint: Endpoint is an interface for a network that usually comes in pairs. We configure the pair by placing one end in the chosen network and the other in the sandbox. Also, endpoints only join one network, and a single network sandbox may contain more than one endpoint.
- Network: It comprises a collection of Endpoints with direct communication capabilities.
In a sandbox, each endpoint can have only one network connection, even if there are several endpoints present. A network is a grouping of a few or more interconnected endpoints.
The network driver in Docker networking puts CNM ideas into action. There are two different types of network drivers that Docker uses: native network drivers and remote network drivers. Native Network Drivers, commonly referred to as built-in drivers, are provided by Docker and shipped with the Docker engine. Whereas the third-party drivers by the vendors are known as remote network drivers.
It is possible to design drivers that incorporate specific features.
Docker Networks
There are majorly five networks in docker – bridge, host, overlay, none, and macvlan.
Bridge network is the default network in docker. An introduction to these networks has been given in my previous article on docker architecture.
In this article, I will show you the practical part of docker networking. You will get to know how you can check your docker network details, how to connect to a network, how to create your network, and more. So, let’s get started.
Whenever you run a docker container, a default bridge network call docker0 gets associated with the container unless any other network is specified. For example, when I run ifconfig command, you will get the details of docker0 network of bridge type along with other network details.
osboxes@worker2:~$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:f6:59:4a:5f txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::763e:c0b4:14df:b273 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:68:64:9a txqueuelen 1000 (Ethernet)
RX packets 2157 bytes 2132896 (2.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 952 bytes 151610 (151.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.102 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::20a:6c57:839d:2652 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:53:45:82 txqueuelen 1000 (Ethernet)
RX packets 10597 bytes 1497146 (1.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12058 bytes 1730219 (1.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1196 bytes 105396 (105.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1196 bytes 105396 (105.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Listing Network
Run the ls command to check all the networks running on the current host. You can see, seven networks are present currently including bridge, host and none which get created automatically when you install Docker. Depending on the containers I ran in the past, there are details of other custom networks also.
geekflare@geekflare:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
fec751a6ae21 bridge bridge local
21943b20735d docker_gwbridge bridge local
f51d1f3379e0 host host local
ppp8i7tvrxa0 ingress overlay swarm
ba68f73abeed mean-app_default bridge local
d466e75d86fa mean_default bridge local
5e5d9a192c00 none null localInspecting Network
You can run inspect command to get all the details about a network type. It gives information about the network which includes Name, Id, Created time, Scope, Driver, Config details such as Subnet and Gateway address. I will also give container details if any container is up and running. Otherwise, it will return an empty string.
geekflare@geekflare:~$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "fec751a6ae21f20a06cdc6eb823e773caec063b6bf9a388016594e59fd1db475",
"Created": "2019-08-01T10:30:27.595054009-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]Create Network
Using create command, you can create your own you own network. You need to mention the driver type with --driver flag, in below example I am using bridge type.
geekflare@geekflare:~$ docker network create --driver bridge geekflare_network
08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409Run the ls command to check if the network got created.
geekflare@geekflare:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
fec751a6ae21 bridge bridge local
21943b20735d docker_gwbridge bridge local
08e0da91f6de geekflare_network bridge local
f51d1f3379e0 host host local
ppp8i7tvrxa0 ingress overlay swarm
ba68f73abeed mean-app_default bridge local
d466e75d86fa mean_default bridge local
5e5d9a192c00 none null localNow I will run a docker container on the network I have created. I am running a simple apache server container in below command.
geekflare@geekflare:~$ docker run -it -d --network=geekflare_network httpd
38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002Running inspect command to check all the information of geekflare_network. You can find the container details this time in this inspect the output; the container name is determined_dubinsky.
geekflare@geekflare:~$ docker network inspect geekflare_network
[
{
"Name": "geekflare_network",
"Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409",
"Created": "2019-09-03T13:56:36.244295204-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.21.0.0/16",
"Gateway": "172.21.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002": {
"Name": "determined_dubinsky",
"EndpointID": "30d252720e0f381ba01d6f5414525dff8587abcf3c4920100f112898a52c8a23",
"MacAddress": "02:42:ac:15:00:02",
"IPv4Address": "172.21.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]Disconnect Network
To disconnect the network from the container, run the command below. You need to mention the network name and the container name in disconnect command.
geekflare@geekflare:~$ docker network disconnect geekflare_network determined_dubinskyThis network won’t be running determined_dubinsky container anymore; the container field will be empty.
geekflare@geekflare:~$ docker network inspect geekflare_network
[
{
"Name": "geekflare_network",
"Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409",
"Created": "2019-09-03T13:56:36.244295204-04:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.21.0.0/16",
"Gateway": "172.21.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]To create other than bridge network, you need to mention the driver name other than bridge. To create an overlay network, run the command below.
geekflare@manager1:~$ docker network create --driver overlay geekflare_network_2
ynd2858eu1cngwhpc40m3h1nx
geekflare@manager1:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
fec751a6ae21 bridge bridge local
21943b20735d docker_gwbridge bridge local
08e0da91f6de geekflare_network bridge local
f51d1f3379e0 host host local
ppp8i7tvrxa0 ingress overlay swarm
ba68f73abeed mean-app_default bridge local
d466e75d86fa mean_default bridge local
5e5d9a192c00 none null local
ynd2858eu1cn geekflare_network_2 overlay swarmTo create a host network, mention host with –driver flag. The below example returns an error because only one host network instance is allowed, which was already running before. So, this command won’t create another host network.
geekflare@manager1:~$ docker network create --driver host geekflare_network_3
Error response from daemon: only one instance of "host" network is allowedConclusion
That was all about docker networking and how you can connect, disconnect, create, inspect docker networks. Try out these commands to get familiar with Docket networking. If you are curious in learning Net Devops then check out this Udemy course.
Co-authored by: Surobhi.
-
AviAuthorAvi is a tech enthusiast with expertise in trending technologies such as DevOps, Cloud Computing, Big Data and many more. He is passionate about learning cutting-edge technologies and sharing his knowledge with others through… read more
