π Docker Overview
Docker is an open platform for developing, shipping and running applications. To read more about Docker CLICK.
π What is Docker Networking?
Docker Networking is a way in which Docker containers connect to other containers on the same host or different hosts and also to the outside world, i.e., through the internet.
Dockerβs networking subsystem is pluggable using drivers. Several drivers exist by default and provide core networking functionality.
There are various kinds of Docker networks such as:
Bridge Network
Host Network
None Network
MACVLAN and IPVLAN Networks
Overlay Network
πΉ About Docker Networking
In this article, we discuss the various available docker networks and try to implement those to have hands-on experience in getting started with various network types.
So, let's get started.
To view all the available networks on a system, use the given command:
docker network ls
π Bridge Network
πΉ Default Bridge Network
Whenever we install docker, it creates a default bridge network to which all the containers with no defined network can be connected.
It is a solution to provide isolation of containers from the underlying host network.
If we inspect this network, we will find the following:
docker inspect bridge
This is one of the most important parts of the output.
We see that a separate interface(docker0) is created with a specific Subnet and Gateway. Any docker container launched in this network will take up IP addresses from the specified network only.
We spin up an nginx container with no network specified:
docker run -d -p 8080:80 --name mynginx1 nginx
--name => It defines the name of the container.
-p => This option maps the container's port 80 to the host's port 8080. It allows you to access the NGINX web server running inside the container by visiting localhost:8080
on your host machine.
-d => This runs the container in detached or daemon mode, i.e., the background.
nginx => It is the name of the image we are using.
Now, let us spin up another container similarly:
docker run -d -p 8081:80 --name mynginx2 nginx
docker inspect mynginx1 mynginx2 | grep IPAddress
View their IP Addresses.
mynginx1 has IP 172.17.0.2 and mynginx2 has IP 172.17.0.3. This proves that are connected to the default host bridge.
But this has disadvantages. However, the bridge is an isolation solution from the host network. If no network is specified, we can't get isolation as all containers will connect to this default bridge only. Docker solves this issue with the help of custom bridge networks.
πΉ Custom Bridge Network
Creating a custom bridge network will create its own separate Network ID, interface, Subnet and Gateway.
This will help to create isolated infrastructures.
docker network create custom
Let us inspect this to view the above details:
docker inspect custom
Launch a container in this network and view that its IP is in the subnet of the custom bridge.
To launch use the --network tag:
docker run -d -p 8082:80 --name mynginx3 --network custombridge nginx
One can log into a container and ping other containers in the same network to test the implementation.
π Host Network
Sometimes we do not require isolation from the host, we can simply spin up the container on the host network and use the host network directly.
docker run -d --name hostnginx --network host nginx
We do not use the -p tag here because there is no connection to any other network. This will launch the container in the host network.
π None Network
This network is useful when there exists a container that requires complete isolation from any kind of network.
Use --network none in this case.
π MACVLAN and IPVLAN Networks
They are generally used for applications that are running on the host but a separate IP address, different than the physical network, is required for them.
One can use the MACVLAN network driver to assign a MAC address to each containerβs virtual network interface, making it appear to be a physical network interface directly connected to the physical network.
If we have some services (with well-defined ports) running on the system, and we want to launch these services but can not ask the container to expose it to a not well-defined port. For example, if we are already running nginx on port 80 (a well-defined port for nginx), and we want a new nginx service, we will have to expose it to a different port on the host. But as it is cumbersome to do so, we can use MACVLAN here.
To create one we can use:
docker network create -d macvlan --subnet x.x.x.x/20 --gateway x.x.x.x -o parent=eth0 macnetwork
The subnet I get from running the ifconfig on my Linux container.
Now, we can launch a different service onto this created MAC network.
docker run -d --name macnginx --network macnetwork nginx
On inspecting the network and container we find that:
macnetwork-
macnginx -
The basic difference between MACVLAN and IPVLAN is that MACVLAN assigns a different MAC address to each attached docker container and IPVLAN assigns the same MAC address to all containers attached to it.
π Overlay Network
An overlay network is used in the case of a Docker Swarm Cluster.
It is several nodes connected together to create a cluster to manage the number of containers running onto them. So, there needs to be some kind of network connection between all nodes.
An overlay network is utilized for creating an internal private network to the Docker nodes in the Docker Swarm cluster.
This will be a common network that will be present on all nodes in the Swarm cluster.
π Conclusion
I believe that this article will help to understand the basics of Docker Networking and it might become easy for the readers to improve their Docker infrastructures with this understanding. Docker is a very deep topic and having an understanding of Docker Networking right in the beginning will make the learning curve relatively less steep when one moves to advanced topics.
\...................................................................................................................................................
The above information is up to my understanding. Suggestions are always welcome.
#docker #docker container #docker network #DevOps #TrainWithShubham
#90daysofdevopsc #happylearning
Shubham Londhe Sir
Follow for many such contents: