Docker Networking

Docker Networking

In this tutorial we are going to discuss about networking in docker. When you install Docker it creates 3 networks automatically.

  1. Bridge
  2. None
  3. Host

Bridge network is the default network a container gets attached to. If you would like to associate the container with any other network you specify the network information using the network command line parameter like this.

$ docker run nginx 
$ docker run nginx --network = none
$ docker run nginx --network = host

Now we will not look at each of these networks.

1. Bridge

Bridge is a private default internal network created by docker on the host. So, all containers get an internal IP address and these containers can access each other, using this internal IP.

All the containers connected to the internal bridge can now communicate with one another. But they can’t communicate outside the bridge network.

The Bridge networks are usually used when your applications run in standalone containers that need to communicate.

Docker Networking - Bridge

The internal IP address usually in the range 172.17 series.

To access any of these containers from the outside world map the ports of these containers to ports on the dock our host As we have discussed previous tutorials.

2. None

In this type of network, the containers have no access to external networks and are not attached to other containers or networks. None is used when you wish to disable the networking stack on a particular container. 

None only has a loopback interface, which means that there are no external network interfaces. 

Docker Networking - None
3. Host

This host network removes the network isolation between the docker host and the docker containers to use the host’s networking directly.

Meaning if you were to run a web server on Port 5000 in a web container it is automatically as accessible on the same port externally without requiring any port mapping as the web container uses the hosts network.

So with this, you will not be able to run multiple web containers on the same host, on the same port as the port is now common to all containers in the host network.

Docker Networking - Host

We just discussed the default bridge network with the network id 172.17.0.1 (docker0). So all containers associated to this default network will be able to communicate to each other.

But what if we wish to isolate the containers within the docker host? For example the first two web containers on internal network 172 and the second two containers on a different internal network like 182.

By default Docker only creates one internal bridge network. We could create our own internal network using the command following command

$ docker network create --driver bridge --subnet 182.18.0.0/16 my-custom-network

$ docker network ls
NETWORK ID     NAME                 DRIVER    SCOPE
2f410c36112e   bridge               bridge    local
544fekeu7782   my-custom-network    bridge    local
954ddcf90cec   host                 host      local
855600c41467   none                 null      local
Inspect Network

How do we see the network settings and the IP address assigned to an existing container. Using the docker inspect command with the id or name of the container and you will find a section on network settings.

$ docker inspect trusting_wing
[
    {
        "Id": "b97f1460606c291c7a6ddd9cc7b40c8a4ef6659795780cfcc6c9add0bc2ace1d",
        "Created": "2021-01-12T04:58:58.345250413Z",
        "Path": "docker-entrypoint.sh",
        "Args": [
            "redis-server"
        ],
        .....
        .....
        .....
        .....
        .....
        "IPAddress": "172.17.0.2",
        "IPPrefixLen": 16,
        "IPv6Gateway": "",
        "MacAddress": "02:42:ac:11:00:02",
        "Networks": {
            "bridge": {
                "IPAMConfig": null,
                "Links": null,
                "Aliases": null,
                "NetworkID": "2f410c36112ece9c5755f6ad9e3b35cfb44209bf006bcc98d6becf6717083d5b",
                "EndpointID": "c0ffd268793bc3d5bd07d2bf5f0a358fac5d1c33acfee29ef5d0a2e30f66bbf0",
                "Gateway": "172.17.0.1",
                "IPAddress": "172.17.0.2",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "MacAddress": "02:42:ac:11:00:02",
                "DriverOpts": null
            }
        }
    }
]
Embedded DNS

Containers can reach each other using their names. For example, I have a web server and MySQL database container running on the same node. how can I get my web server to access the database on the database container.

One thing I could do is to use the internal IP address assigned to the MySQL container, which in this case is 172.17.0.3.

But that is not very ideal because it is not guaranteed that the container will get the same IP when the system reboots. The right way to do it is to use the container name.

All containers in a docker host can resolve each other with the name of the container. Docker has a built in DNS server that helps the containers to resolve each other using the container name.

Please Note that the built in DNS server always runs at address 127.0.0.11.

So how does Docker implement networking. What’s the technology behind it. How were the containers isolated within the host?

Docker users network Name spaces, that creates a separate namespace for each container. It then uses virtual Ethernet pairs to connect containers together.

Docker Networking

Scroll to top