Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Bind physical NICs to containers for docker

Tags:

docker

virtual-machine

I have 4 NICs installed in my host PC. I want to launch different docker's containers with binding different physical NICs to each container. How can I do for docker? For VirtualBox, this can be done with creating bridge adapter for each VM of the physical NICs.

like image 321
Cong Yue Avatar asked Oct 09 '14 23:10

Cong Yue

2 Answers

When you expose ports on Docker using the -P or -p options it is just creating an iptables Destination NAT or DNAT entry. You can even look at those entries by running the command below.

iptables -t nat -nL
...    
Chain DOCKER (2 references)
target     prot opt source               destination
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0      tcp dpt:8001 to:172.17.0.19:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0      tcp dpt:8002 to:172.17.0.20:80

By default docker will use the 0.0.0.0/0 (i.e. all interfaces) specification to forward ports too and from docker container hosts. However you could replace those rules to forward only from selected interfaces.

So Say I have two web-servers both wanting to listen on port 80. I would run them as follows. Note that I am not exposing any ports. This so that only our created IP Tables rule allows access to these nodes.

docker run --name web1 -t something/web-server
docker run --name web2 -t something/web-server

Run docker inspect to get the Virtual IP of the container

docker inspect web1 | grep IPAddress
IPAddress": "172.17.0.19",
docker inspect web2 | grep IPAddress
IPAddress": "172.17.0.20",

Now add in DNAT rules for the specific interfaces:

iptables -t nat -A DOCKER -p tcp -d [INTERFACE_1_IP] --dport 80 -j DNAT --to-destination 172.17.0.19:80
iptables -t nat -A DOCKER -p tcp -d [INTERFACE_2_IP] --dport 80 -j DNAT --to-destination 172.17.0.20:80
like image 196
Usman Ismail Avatar answered Sep 29 '22 03:09

Usman Ismail

Update 2018-05

After doing some research (which is not very easy if you don't know the right keywords) on this topic I believe there are updated ways to do this depending on whether you are trying to bind Linux or Windows containers to physical NIC ports (solutions not tested):

Linux: Use a macvlan network configuration. See this docker doc

Windows: Use an External Virtual Switch for each docker container. See this Microsoft doc

EDIT: There is an even easier way to do this on Windows that automatically sets up the External Virtual Switch as noted in this Microsoft doc. I have tested this method and it works great. This uses a transparent docker network type.

Hopefully this helps future googlers

like image 28
ddrake12 Avatar answered Sep 29 '22 03:09

ddrake12
Sign in to Comment

Related questions

How to push/show notifications from the guest OS to the host OS in VMware player
Genymotion increase internal storage space
How to open a browser on a Google Compute Engine VM
Unable to add user to the Hyper-V Administrators group exit code 2220
CPU Identification on Virtual Machine
"Cannot find a valid peer process to connect to" VMware Workstation 10.0.1 while booting a VM
Store `docker run` command output in BASH variable
Duplicate GUID on Virtual Machine
Is there any IPMI simulator? [closed]
UILabel (CALayer) is using large amounts of virtual memory
Approaches for (re)deploying code/bin files to (multiple) Windows Azure Virtual Machines
What does Docker Quickstart Terminal do?
Failed to connect to the VirtualBox kernel service while enabling copy-paste [closed]
Convert qcow2 to vmdk and make it ESXi 6.0 Compatible
How to detach vmdk using vboxmanage cli
Parallels desktop: access local IIS web application from OS X (host)
How to compile and run xv6 on windows?
At what point does MySQL INNODB fine tuning become a requirement?
“connect: Network is unreachable” in VirtualBox VM [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!