Menu
Trying to understand Docker Networks. Docker creates the following networks automatically:
# docker network ls NETWORK ID NAME DRIVER SCOPE 67b4afa88032 bridge bridge local c88f997a2fa7 host host local 1df2947aad7b none null local I understood that the bridge network represents the docker0 network present in all Docker installations, referring from the link.
Can someone help me in understanding other networks, host and none, If possible with examples?
258
If you want to completely disable the networking stack on a container, you can use the --network none flag when starting the container. Within the container, only the loopback device is created.
In Docker, the host is a machine responsible for running one or more containers. Docker network host, also known as Docker host networking, is a networking mode in which a Docker container shares its network namespace with the host machine.
There are three common Docker network types – bridge networks, used within a single host, overlay networks, for multi-host communication, and macvlan networks which are used to connect Docker containers directly to host network interfaces.
bridge : The default network driver. If you don't specify a driver, this is the type of network you are creating. Bridge networks are usually used when your applications run in standalone containers that need to communicate.
If you use the host network driver for a container, that container’s network stack is not isolated from the Docker host. For instance, if you run a container which binds to port 80 and you use host networking, the container’s application will be available on port 80 on the host’s IP address.
There are two types of single−host networks available for Docker Networking - “host” and “bridge” networks. Single−host networks mean that their effect is local to each individual host. In case of a host network, a particular Docker Container can directly use the Networking of the host for sending and receiving the packets.
In this network driver, the Docker containers will neither have any access to external networks nor will it be able to communicate with other containers In simple terms, None is called a loopback interface, which means it has no external network interfaces
Bridge networks are usually used when your applications run in standalone containers that need to communicate. See bridge networks. host: For standalone containers, remove network isolation between the container and the Docker host, and use the host’s networking directly. See use the host network.
Docker by default supports 3 networks:
1) None:
This mode will not configure any IP for the container and doesn’t have any access to the external network as well as for other containers. It does have the loopback address and can be used for running batch jobs.
# docker run -it --network=none ubuntu:14.04 /bin/bash root@66308c6686be:/# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) # # docker inspect 66308c6686be | grep -i ipaddr "SecondaryIPAddresses": null, "IPAddress": "", "IPAddress": "", 2) Host
In this mode container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s host name will match the host name on the host system
# docker run -it --net=host ubuntu:14.04 /bin/bash root@labadmin-VirtualBox:/# hostname labadmin-VirtualBox Even the IP configuration is same as the host system's IP configuration
root@labadmin-VirtualBox:/# ip addr | grep -A 2 eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 valid_lft forever preferred_lft forever 3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default root@labadmin-VirtualBox:/# exit exit HOST SYSTEM IP CONFIGURATION # ip addr | grep -A 2 eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 valid_lft forever preferred_lft forever 3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default In host and none mode are not configured directly but default bridge network can be configured as well as create your own user-defined bridge networks.
3) Bridge Mode
It is the Docker default networking mode which will enable the connectivity to the other interfaces of the host machine as well as among containers.
# docker run -it --network=bridge ubuntu:14.04 /bin/bash root@58b0b1f18b2e:/# ifconfig eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:0c inet addr:172.17.0.12 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2668 (2.6 KB) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Accessibility to other containers is possible in bridge mode.
root@58b0b1f18b2e:/# ping 172.17.0.11 PING 172.17.0.11 (172.17.0.11) 56(84) bytes of data. 64 bytes from 172.17.0.11: icmp_seq=1 ttl=64 time=0.143 ms 64 bytes from 172.17.0.11: icmp_seq=2 ttl=64 time=0.050 ms Connectivity to external network.
root@58b0b1f18b2e:/# ping google.com PING google.com (216.58.197.46) 56(84) bytes of data. 64 bytes from maa03s20-in-f46.1e100.net (216.58.197.46): icmp_seq=1 ttl=51 time=16.9 ms Connectivity to host machine
root@labadmin-VirtualBox:~# ip a | grep eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 root@58b0b1f18b2e:/# ping 10.0.2.15 PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data. 64 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.113 ms Along with these docker provides MACVLAN network which allows to configure multiple Layer 2(MAC) addresses on a single physical interface.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With