Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In DevOps Last updated: April 10, 2023
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Docker is a neat tool where developers can build and run their applications.

Fun fact: DotCloud, a platform as a service (PaaS) company, actually created it as an internal tool!

However, the company soon realized its true potential and made it available as an open-source project in 2013. What we now know as Docker Inc. soon became popular, with tens of thousands of users and big partnerships with companies like Red Hat, IBM, Microsoft, Google, and Cisco Systems!

Today’s software development demands agility and fast change response. We assess our work in story points, participate in stand-ups, and use methodologies like Scrum. Docker can support our agility.

You must be aware the deployment phase of any software development is expensive. And this is where the Docker platform comes in. It makes deployment simpler by using OS-level virtual software to put software into containers.

docker hub

The great thing about this platform is that it bundles an application and all its dependencies – like binaries, libraries, configuration files, scripts, jars, and more – into a single, easy-to-use package. It’s a simple and standardized approach that’s made life easier for software developers everywhere!

Docker Simplifies Collaboration and Networking Across Platforms

Before Docker, it was common to need a combination of technologies, such as virtual machines, configuration management tools, package management systems, and complex webs of library dependencies, to manage the movement of software in the development pipeline. To maintain and administer these tools, skilled engineers were needed; most required customized settings.

Docker has altered this by enabling all engineers participating in this process to communicate in a single language, simplifying collaboration.

Through the host machine, Docker containers communicate with one another and the outside world using Docker networking. The Container Network Model (CNM) controls the Docker Network, which uses several different network drivers. The network selection criteria will be based on the function and purpose of the container.

They are incredibly powerful because they can connect workloads from other platforms with Docker services and containers. Whether they run Windows or Linux, you can use Docker to manage your Docker hosts in a platform-neutral way.

How does Docker Networking work?

Docker has specified a fundamental networking model known as the container network model (CNM), with specifications that any software that implements a container network must meet. CNM keeps the network configuration in a console-style distributed key-value store.

Docker-Network -Container

The three components of the CNM are the sandbox, endpoint, and network:

  1. Sandbox: A sandbox houses the network configuration for the container. Within the container, it functions as a networking stack.
  2. Endpoint: Endpoint is an interface for a network that usually comes in pairs. We configure the pair by placing one end in the chosen network and the other in the sandbox. Also, endpoints only join one network, and a single network sandbox may contain more than one endpoint.
  3. Network: It comprises a collection of Endpoints with direct communication capabilities.

In a sandbox, each endpoint can have only one network connection, even if there are several endpoints present. A network is a grouping of a few or more interconnected endpoints.

The network driver in Docker networking puts CNM ideas into action. There are two different types of network drivers that Docker uses: native network drivers and remote network drivers. Native Network Drivers, commonly referred to as built-in drivers, are provided by Docker and shipped with the Docker engine. Whereas the third-party drivers by the vendors are known as remote network drivers.

It is possible to design drivers that incorporate specific features.

Docker Networks

There are majorly five networks in docker – bridge, host, overlay, none, and macvlan.

Bridge network is the default network in docker. An introduction to these networks has been given in my previous article on docker architecture.

In this article, I will show you the practical part of docker networking. You will get to know how you can check your docker network details, how to connect to a network, how to create your network, and more. So, let’s get started.

Whenever you run a docker container, a default bridge network call docker0 gets associated with the container unless any other network is specified. For example, when I run ifconfig command, you will get the details of docker0 network of bridge type along with other network details.

osboxes@worker2:~$ ifconfig

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255

ether 02:42:f6:59:4a:5f  txqueuelen 0  (Ethernet)

RX packets 0  bytes 0 (0.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 0  bytes 0 (0.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

inet6 fe80::763e:c0b4:14df:b273  prefixlen 64  scopeid 0x20<link>

ether 08:00:27:68:64:9a  txqueuelen 1000  (Ethernet)

RX packets 2157  bytes 2132896 (2.1 MB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 952  bytes 151610 (151.6 KB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.56.102  netmask 255.255.255.0  broadcast 192.168.56.255

inet6 fe80::20a:6c57:839d:2652  prefixlen 64  scopeid 0x20<link>

ether 08:00:27:53:45:82  txqueuelen 1000  (Ethernet)

RX packets 10597  bytes 1497146 (1.4 MB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 12058  bytes 1730219 (1.7 MB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 1000  (Local Loopback)

RX packets 1196  bytes 105396 (105.3 KB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 1196  bytes 105396 (105.3 KB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Listing Network

Run the ls command to check all the networks running on the current host. You can see, seven networks are present currently including bridge, host and none which get created automatically when you install Docker. Depending on the containers I ran in the past, there are details of other custom networks also.

geekflare@geekflare:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

Inspecting Network

You can run inspect command to get all the details about a network type. It gives information about the network which includes Name, Id, Created time, Scope, Driver, Config details such as Subnet and Gateway address. I will also give container details if any container is up and running. Otherwise, it will return an empty string.

geekflare@geekflare:~$ docker network inspect bridge

[

{

"Name": "bridge",

"Id": "fec751a6ae21f20a06cdc6eb823e773caec063b6bf9a388016594e59fd1db475",

"Created": "2019-08-01T10:30:27.595054009-04:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": null,

"Config": [

{

"Subnet": "172.17.0.0/16",

"Gateway": "172.17.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {},

"Options": {

"com.docker.network.bridge.default_bridge": "true",

"com.docker.network.bridge.enable_icc": "true",

"com.docker.network.bridge.enable_ip_masquerade": "true",

"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",

"com.docker.network.bridge.name": "docker0",

"com.docker.network.driver.mtu": "1500"

},

"Labels": {}

}

]

Create Network

Using create command, you can create your own you own network. You need to mention the driver type with --driver flag, in below example I am using bridge type.

geekflare@geekflare:~$ docker network create --driver bridge geekflare_network

08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409

Run the ls command to check if the network got created.

geekflare@geekflare:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

08e0da91f6de        geekflare_network   bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

Now I will run a docker container on the network I have created. I am running a simple apache server container in below command.

geekflare@geekflare:~$ docker run -it -d --network=geekflare_network httpd

38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002

Running inspect command to check all the information of geekflare_network. You can find the container details this time in this inspect the output; the container name is determined_dubinsky.

geekflare@geekflare:~$ docker network inspect geekflare_network

[

{

"Name": "geekflare_network",

"Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409",

"Created": "2019-09-03T13:56:36.244295204-04:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

"Config": [

{

"Subnet": "172.21.0.0/16",

"Gateway": "172.21.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {

"38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002": {

"Name": "determined_dubinsky",

"EndpointID": "30d252720e0f381ba01d6f5414525dff8587abcf3c4920100f112898a52c8a23",

"MacAddress": "02:42:ac:15:00:02",

"IPv4Address": "172.21.0.2/16",

"IPv6Address": ""

}

},

"Options": {},

"Labels": {}

}

]

Disconnect Network

To disconnect the network from the container, run the command below. You need to mention the network name and the container name in disconnect command.

geekflare@geekflare:~$ docker network disconnect geekflare_network determined_dubinsky

This network won’t be running determined_dubinsky container anymore; the container field will be empty.

geekflare@geekflare:~$ docker network inspect geekflare_network

[

{

"Name": "geekflare_network",

"Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409",

"Created": "2019-09-03T13:56:36.244295204-04:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

"Config": [

{

"Subnet": "172.21.0.0/16",

"Gateway": "172.21.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {},

"Options": {},

"Labels": {}

}

]

To create other than bridge network, you need to mention the driver name other than bridge. To create an overlay network, run the command below.

geekflare@manager1:~$ docker network create --driver overlay  geekflare_network_2

ynd2858eu1cngwhpc40m3h1nx

geekflare@manager1:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

08e0da91f6de        geekflare_network   bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

ynd2858eu1cn        geekflare_network_2   overlay             swarm

To create a host network, mention host with –driver flag. The below example returns an error because only one host network instance is allowed, which was already running before. So, this command won’t create another host network.

geekflare@manager1:~$ docker network create --driver host  geekflare_network_3

Error response from daemon: only one instance of "host" network is allowed

Conclusion

That was all about docker networking and how you can connect, disconnect, create, inspect docker networks. Try out these commands to get familiar with Docket networking. If you are curious in learning Net Devops then check out this Udemy course.

Co-authored by: Surobhi.
  • Avi
    Author
    Avi is a tech enthusiast with expertise in trending technologies such as DevOps, Cloud Computing, Big Data and many more. He is passionate about learning cutting-edge technologies and sharing his knowledge with others through… read more
Thanks to our Sponsors
More great readings on DevOps
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder