Docker - Network

> Virtualization - (Virtual Machine|Container) > Docker

1 - About

After the docker installation you have 3 networks by default. A container is created in the bridge (docker0) network by default.

docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
bb7eed89ed8f        bridge              bridge              local
c98218bf8e12        host                host                local
900385c9a1f0        none                null                local
Advertising

3 - Driver

  • built-in network drivers:bridge, overlay and macvlan.
  • plug-in network drivers

3.1 - Bridge

The bridge driver creates a private network internal to the host so containers on this network can communicate.

If you want to access them from the outside you have to grant external access by (exposing|mapping) the ports. See port. It will map the port of your container to the port of your real server (the host network). After that accessing your server on 8080 will route to your bridge network on port 8080.

docker run -p 8080:8080

Everything in the bridge network is in the private range of “Subnet”: “172.17.0.0/16”

Full Example of a fictitious app comprised of a web and db container:

# Create a bridge
docker network create -d bridge mybridge
# Create a container named db (--name) with the myDBImage image on the mybridge network (--net) as a daemon (-d)
docker run -d --net mybridge --name db myDBImage
# Create a container named web (--name) with the myWebImage image on the mybridge network (--net) as a daemon (-d)
# set the environement varaible DB (-e) and open the container's port 5000 to the host as 8000 (-p)
docker run -d --net mybridge -e DB=db -p 8000:5000 --name web myWebImage

The bridge driver is a local scope driver, which means it only provides service discovery, IPAM, and connectivity on a single host. Multi-host service discovery requires an external solution that can map containers to their host location. This is where overlay drivers help.

3.2 - Host

All containers in the host network are able to communicate with each other on the host interfaces.

From a networking standpoint this is equivalent to multiple processes running on a host without containers. Because they are using the same host interfaces, no two containers are able to bind to the same TCP port.

Ie the host ntwork does not containerize the containers networking. The container is inside your host network.

Advertising

4 - Compose

By default Compose sets up a single network for your app. Each container for a service joins the default network and is both reachable by other containers on that network, and discoverable by them at a hostname identical to the container name.

4.1 - Network Mode

The app’s network is given as name: project name + _default

version 2.0

network_mode: "bridge"
network_mode: "host"
network_mode: "none"
network_mode: "service:[service name]"
network_mode: "container:[container name/id]"

where:

4.2 - Port

Networked service-to-service communication use the CONTAINER_PORT. When HOST_PORT is defined, the service is accessible outside as well.

services:
  db:
    image: postgres
    ports:
      - "8001:5432"

The connection string to db would look like:

Advertising

5 - Management

Command Description
docker network connect Connect a container to a network
docker network create Create a network
docker network disconnect Disconnect a container from a network
docker network inspect Display detailed information on one or more networks
docker network ls List networks
docker network prune Remove all unused networks
docker network rm Remove one or more networks

5.1 - Create

A network is created on the host.

network create

docker network create [OPTIONS] NETWORK

5.2 - List

5.2.1 - All

docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
38a952454ba6        bridge              bridge              local
af83ed7a2409        dockerelk_elk       bridge              local
c11d9bd528c9        host                host                local
d06e4bcb5131        none                null                local
Advertising

5.2.2 - One

docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "38a952454ba65f5448f4d796ca5c638c32d67f35ee68fb9df521e7c51dd003b4",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

6 - Documentation / Reference