Basics of Docker Networking

Docker automatically sets up the bridge by default and automatically allocates every container a dynamic ip address out of subnet ranges

When you install Docker, it creates three networks automatically. You can list these networks using the docker network ls command:

$ docker network ls
NETWORK ID          NAME                DRIVER
7fca4eb8c647        bridge              bridge
9f904ee27bf5        none                null
cf03ee007fb4        host                host

Historically, these three networks are part of Docker’s implementation. When you run a container you can use the–network flag to specify which network you want to run a container on. These three networks are still available to you.

The bridge network represents the docker0 network present in all Docker installations. Unless you specify otherwise with the docker run –network=<NETWORK> option, the Docker daemon connects containers to this network by default. You can see this bridge as part of a host’s network stack by using the ifconfig command on the host.

The default bridge network in detail

The default bridge network is present on all Docker hosts. The docker network inspect command returns information about a network:

 $ docker network inspect bridge

The Engine automatically creates a Subnet and Gateway to the network. The docker run command automatically adds new containers to this network.

 $ docker run -itd --name=container1 busybox

 $ docker run -itd --name=container2 busybox

Inspecting the bridge network again after starting two containers shows both newly launched containers in the network. Their ids show up in the “Containers” section of docker network inspect:

docker network inspect bridge 

The docker network inspect command above shows all the connected containers and their network resources on a given network. Containers in this default network are able to communicate with each other using IP addresses. Docker does not support automatic service discovery on the default bridge network. If you want to communicate with container names in this default bridge network, you must connect the containers via the legacy docker run –link option.

Commands to see the List of network interface in docker host OS, Centos?

$ ip link show

What is docker0?

docker0 is the bridge, there is only one for all containers.

What is veth*?

Virtual Ethernet (vEth) is a virtual interface within a network switch that dynamically provisions virtual machine (VM) operations based on network policies stored in the switch.p>

Now, Run new docker ubuntu container.

$ docker run -it -d ubuntu /bin/bash

Now, Lets login to any running Ubuntu container.

$ docker exec -it 07f109634db1 /bin/bash

$ docker exec -it 07f109634db1 /bin/bash

Run

$ ifconfig

if ifconfig command is not found, run following…

$ apt-get update

$ apt-get install -y net-tools

Now run and observe the IP assigned to Container

$ ifconfig

Now run the following commands and observe the gateways in which it passes through.

$ traceroute google.com

if traceroute is not installed..

$ sudo apt-get install traceroute

Port Mapping in Docker

Run the commands and observer the output. Specifically Chain Docker section.

$ iptables -t nat -L -n

Lets assign automatic port to the container

$ docker run -itd -P httpd

One more, just for fun

$ docker run -itd -P httpd

Now, run the following commands and observe the output, specifically PORT mapping sections

$ docker ps

Now, Lets assign specific port to our container.

$ docker run -itd -p 8080:80 httpd

$ docker ps

$ curl localhost:8080

Run the commands and observer the output again and see whats the difference with last output. Specifically Chain Docker section.

$ iptables -t nat -L -n