Docker Networking

The concepts of None Network, Host Network, and Bridge Network (Mostly used)

None Network

The docker container is not attached to any network. The container cannot reach the outside world and no one from the outside world can reach the container. If you run multiple containers they are all created without being part of any network and cannot talk to each other or to the outside world.

$ docker run -d --network none nginx

http://localhost:80

Host Network

The container is attached to the host’s network. There is no network isolation between the host and the container.

https://docs.docker.com/network/host/

If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. For instance, if you run a container that binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address.

 This creates some extra limitations. For instance, if a service container binds to port 80, only one service container can run on a given swarm node.

$ docker run -d --network host nginx

Bridge Network

The Bridge Network that we are mostly used.

When Docker is installed on the Host, it creates an internal private network called bridge by default.

whenever a container is created docker creates a network namespace for it.

Docker Bridge and Host Machine

How does docker attach the container or its namespace network to the bridge network?

the container = network namespace in term of network interface.

  1. Docker create network namespace
  2. Create a pair of interfaces.
  3. Attaches one to the container (network namespace) and another to the bridge network.

How to access the container outside Docker Host?

To allow external users to access the applications hosted on containers, Docker provides a port publishing or port mapping option. when you run containers tell docker to map port 81 on the docker host to port 80 on the container. Now you could access the web application using the ip of the host and port 81. Any traffic to port 81 on the host will be forwarded to port 80 on the container.

$ docker run -d --name=nginx-container -p 81:80 nginx
  • Added container name nginx-container
curl http://192.168.0.6:81
<title>Welcome to nginx!</title>

curl http://localhost:81
<title>Welcome to nginx!</title>
  • you need to check host machine ip or use localhost.

How does docker do?

docker automatically create Net rule for us.

iptables \
    -t nat \
    -A DOCKER \
    -j DNAT \
    --dport 81 \
    --to-destination 172.17.0.3:80

Check Host machine IP

$ ifconfig
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=6407<RXCSUM,TXCSUM,VLAN_MTU,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
	ether 00:e0:4c:56:4c:09 
	inet6 fe80::46d:2cb6:193:28d4%en7 prefixlen 64 secured scopeid 0x9 
	inet 192.168.0.6 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (100baseTX <full-duplex>)
	status: active
How to check IP Address

http:// <inet-serverip>:80

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
700af02bbb84        bridge              bridge              local
57dc84595b85        host                host                local
dc93385fb517        minikube            bridge              local
64dfdea436b1        none                null                local

Check Bridge Network

$ docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "700af02bbb84a76915ee3a6aa4cbc590526303262720591451cde390ea502d00",
        "Created": "2021-01-14T04:10:11.546636693Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "48f52339c6c32159fbdc72bce3cd29a740c4deba20f38992b12d4f96654fbdba": {
                "Name": "k8s-node-app-container",
                "EndpointID": "a4d6348085abbdaf961f500499a80b4da9fb04bab8a5c13ff0cc8e293f12b1ee",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            },
            "9ba13301faeb9d96b21d202c67203ef838bb470a6606e1565b4d7261a21fb556": {
                "Name": "nginx-container",
                "EndpointID": "5a6c375fbb1adc060487b5c7cdedfab5a28087ff1c7347a876188d4d907eb74c",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

Leave a Reply

Your email address will not be published.

ANOTE.DEV