Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

Docker Networking 101

docker networking
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Let’s learn Docker Networking….

There are majorly five networks in docker – bridge, host, overlay, none, and macvlan.

Bridge network is the default network in docker. An introduction to these networks has been given in my previous article on docker architecture.

In this article, I will show you the practical part of docker networking. You will get to know how you can check your docker network details, how to connect to a network, how to create your network, and more. So, let’s get started.

Whenever you run a docker container, a default bridge network call docker0 gets associated with the container unless any other network is specified. For example, when I run ifconfig command, you will get the details of docker0 network of bridge type along with other network details.

osboxes@worker2:~$ ifconfig

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255

ether 02:42:f6:59:4a:5f  txqueuelen 0  (Ethernet)

RX packets 0  bytes 0 (0.0 B)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 0  bytes 0 (0.0 B)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

inet6 fe80::763e:c0b4:14df:b273  prefixlen 64  scopeid 0x20<link>

ether 08:00:27:68:64:9a  txqueuelen 1000  (Ethernet)

RX packets 2157  bytes 2132896 (2.1 MB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 952  bytes 151610 (151.6 KB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

inet 192.168.56.102  netmask 255.255.255.0  broadcast 192.168.56.255

inet6 fe80::20a:6c57:839d:2652  prefixlen 64  scopeid 0x20<link>

ether 08:00:27:53:45:82  txqueuelen 1000  (Ethernet)

RX packets 10597  bytes 1497146 (1.4 MB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 12058  bytes 1730219 (1.7 MB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

inet 127.0.0.1  netmask 255.0.0.0

inet6 ::1  prefixlen 128  scopeid 0x10<host>

loop  txqueuelen 1000  (Local Loopback)

RX packets 1196  bytes 105396 (105.3 KB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 1196  bytes 105396 (105.3 KB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Listing Network

Run the ls command to check all the networks running on the current host. You can see, seven networks are present currently including bridge, host and none which get created automatically when you install Docker. Depending on the containers I ran in the past, there are details of other custom networks also.

geekflare@geekflare:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

Inspecting Network

You can run inspect command to get all the details about a network type. It gives information about the network which includes Name, Id, Created time, Scope, Driver, Config details such as Subnet and Gateway address. I will also give container details if any container is up and running. Otherwise, it will return an empty string.

geekflare@geekflare:~$ docker network inspect bridge

[

{

"Name": "bridge",

"Id": "fec751a6ae21f20a06cdc6eb823e773caec063b6bf9a388016594e59fd1db475",

"Created": "2019-08-01T10:30:27.595054009-04:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": null,

"Config": [

{

"Subnet": "172.17.0.0/16",

"Gateway": "172.17.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {},

"Options": {

"com.docker.network.bridge.default_bridge": "true",

"com.docker.network.bridge.enable_icc": "true",

"com.docker.network.bridge.enable_ip_masquerade": "true",

"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",

"com.docker.network.bridge.name": "docker0",

"com.docker.network.driver.mtu": "1500"

},

"Labels": {}

}

]

Create Network

Using create command, you can create your own you own network. You need to mention the driver type with --driver flag, in below example I am using bridge type.

geekflare@geekflare:~$ docker network create --driver bridge geekflare_network

08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409

Run the ls command to check if the network got created.

geekflare@geekflare:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

08e0da91f6de        geekflare_network   bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

Now I will run a docker container on the network I have created. I am running a simple apache server container in below command.

geekflare@geekflare:~$ docker run -it -d --network=geekflare_network httpd

38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002

Running inspect command to check all the information of geekflare_network. You can find the container details this time in this inspect the output; the container name is determined_dubinsky.

geekflare@geekflare:~$ docker network inspect geekflare_network

[

{

"Name": "geekflare_network",

"Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409",

"Created": "2019-09-03T13:56:36.244295204-04:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

"Config": [

{

"Subnet": "172.21.0.0/16",

"Gateway": "172.21.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {

"38a0b0646da1a0045afcf7aa0cd6228b851f74107a6718bb19d599e896df1002": {

"Name": "determined_dubinsky",

"EndpointID": "30d252720e0f381ba01d6f5414525dff8587abcf3c4920100f112898a52c8a23",

"MacAddress": "02:42:ac:15:00:02",

"IPv4Address": "172.21.0.2/16",

"IPv6Address": ""

}

},

"Options": {},

"Labels": {}

}

]

Disconnect Network

To disconnect the network from the container, run the command below. You need to mention the network name and the container name in disconnect command.

geekflare@geekflare:~$ docker network disconnect geekflare_network determined_dubinsky

This network won’t be running determined_dubinsky container anymore; the container field will be empty.

geekflare@geekflare:~$ docker network inspect geekflare_network

[

{

"Name": "geekflare_network",

"Id": "08e0da91f6de6c640b1b6f8a8602973f310b8ee9b04961389b7dfda842ccc409",

"Created": "2019-09-03T13:56:36.244295204-04:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

"Config": [

{

"Subnet": "172.21.0.0/16",

"Gateway": "172.21.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {},

"Options": {},

"Labels": {}

}

]

To create other than bridge network, you need to mention the driver name other than bridge. To create an overlay network, run the command below.

geekflare@manager1:~$ docker network create --driver overlay  geekflare_network_2

ynd2858eu1cngwhpc40m3h1nx

geekflare@manager1:~$ docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

fec751a6ae21        bridge              bridge              local

21943b20735d        docker_gwbridge     bridge              local

08e0da91f6de        geekflare_network   bridge              local

f51d1f3379e0        host                host                local

ppp8i7tvrxa0        ingress             overlay             swarm

ba68f73abeed        mean-app_default    bridge              local

d466e75d86fa        mean_default        bridge              local

5e5d9a192c00        none                null                local

ynd2858eu1cn        geekflare_network_2   overlay             swarm

To create a host network, mention host with –driver flag. The below example returns an error because only one host network instance is allowed, which was already running before. So, this command won’t create another host network.

geekflare@manager1:~$ docker network create --driver host  geekflare_network_3

Error response from daemon: only one instance of "host" network is allowed

Conclusion

That was all about docker networking and how you can connect, disconnect, create, inspect docker networks. Try out these commands to get familiar with Docket networking. If you are curious in learning Net Devops then check out this Udemy course.

Thanks to our Sponsors
More great readings on DevOps
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder