Docker Learning V

Hello everyone, I was not able to continue series of my docker blog for a while because of some job transformation process. I am sorry for this in advance.

In this blog I will be talking about below topics.

• Docker Network Overview
• Bridge network & example
• Host network & example
• None network & example
• Macvlan network & example
• Overlay network & example
• Command Line Reference

Let’s get started.

Docker networks are virtual networks created within Docker that enable communication between containers running on the same host or across multiple hosts. They provide isolation between containers and allow them to securely communicate using container names as hostnames.

Docker has by default 3 different types of network. You can list these networks by running docker network ls command.

docker network ls command output

Docker Network Types

Docker Network Types

Bridge Network

Default network type in Docker, allows communication between containers on the same host. Bridge networks are usually used when your applications run in standalone containers that need to communicate

User-defined bridge networks are best when you need multiple containers to communicate on the same Docker host.

# Inspecting the network
docker network inspect bridge

Each container in Docker is assigned its own unique IP address. These ip addresses are in private IP ranges and include IP addresses that should not be found directly on a computer on the internet.

In following example, two containers are created and connected to a user-created bridge network named “my_network”. The containers are able to communicate with each other using their container names as hostnames, thanks to the bridge network. You can use a similar approach to create and connect multiple containers to a bridge network for your own applications in Docker.

Step 1: Create a Docker bridge network

docker network create my_network

Step 2: Launch a container with the bridge network

docker run -d --name my_container --network my_network nginx

This launches a Docker container named “my_container” using the official nginx image, and connects it to the “my_network” bridge network.

Step 3: Launch another container with the bridge network

docker run -d --name my_other_container --network my_network httpd

This launches another Docker container named “my_other_container” using the official httpd image, and connects it to the same “my_network” bridge network.

Step 4: Verify network connectivity

docker exec -it my_container ping my_other_container

This runs a ping command inside the “my_container” container to ping the “my_other_container” container over the “my_network” bridge network. If the ping is successful, it confirms that the containers can communicate with each other through the bridge network.

Step 5: Clean up

docker stop my_container my_other_container
docker network rm my_network

Host Network

In certain scenarios, it may be required to directly access the network interface cards of the host server from within a container, instead of going through Network Address Translation (NAT) that is typical in Docker networks. The container runs in the host’s network namespace, rather than having its own isolated network namespace, allowing it to directly access the host’s network interfaces.

Host networks allows containers to share the host’s network stack, bypassing Docker’s network isolation.

Host networks are best when the network stack should not be isolated from the Docker host, but you want other aspects of the container to be isolated.

In following example, the “my_container” container is launched using the host network type, which allows the container to share the host’s network stack. As a result, the container’s services are directly accessible from the host’s network, without any Network Address Translation (NAT) or port mapping. However, it’s important to note that using the host network type may pose security risks as the container has direct access to the host’s network interfaces, so use it cautiously in secure environments.

Step 1: Launch a container with host network

docker run -d --name my_container --network host nginx

Step 2: Access the container’s services

You can now access the services running inside the container using the host’s IP address and the exposed ports. For example, if the nginx web server is running inside the container and listening on port 80, you can access it in a web browser using http://localhost or http://<host_IP> in your browser, where <host_IP> is the IP address of your host machine.

Step 3: Clean up

docker stop my_container
docker rm my_container

None Network

By default, containers in Docker are not accessible from outside the host machine unless ports are explicitly opened for external access. But sometimes if we want the containers to not be able to access outside or even operate in the internal network, we should choose the network drive NONE.

In following example, the “my_container” container is launched using the none network type, which means it has no network connectivity. Containers connected to the none network type are isolated from the host machine’s network and cannot communicate with external networks. This can be useful in situations where you want to create a completely isolated container without any network access for enhanced security or testing purposes.

Step 1: Launch a container with none network

docker run -d --name my_container --network none nginx

This launches a Docker container named “my_container” using the official nginx image, and connects it to the none network type.

Step 2: Verify network connectivity

docker exec -it my_container ping google.com

This attempts to run a ping command inside the “my_container” container to ping google.com. Since the container is connected to the none network type, which means it has no network connectivity, the ping will likely fail.

Step 3: Clean up

docker stop my_container
docker rm my_container

Macvlan Networks

Allows containers to have their own MAC addresses and appear as physical devices on the host’s network. Docker daemon routes traffic to containers by their MAC addresses

Macvlan networks are best when you are migrating from a VM setup or need your containers to look like physical hosts on your network, each with a unique MAC address.

In following example, the “my_container” container is launched using the macvlan network type, which allows the container to have its own unique MAC address and IP address on the physical network, making it appear as a separate physical device on the network. This can be useful in scenarios where you need to assign specific IP addresses or MAC addresses to containers for networking purposes, such as running containers with static IP addresses or connecting them to external networks directly.

Step 1: Create a macvlan network

docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 my_macvlan

This creates a Docker macvlan network named “my_macvlan” with a specified subnet, gateway, and parent interface (in this case, “eth0”).

Step 2: Launch a container with macvlan network

docker run -d --name my_container --network my_macvlan --ip=192.168.1.10 nginx

This launches a Docker container named “my_container” using the official nginx image, and connects it to the “my_macvlan” network with a specified IP address of 192.168.1.10.

Step 3: Access the container’s services

You can now access the services running inside the container using the assigned IP address (192.168.1.10 in this example) from other devices on the same network as the parent interface (eth0 in this example). For example, you can open a web browser and enter http://192.168.1.10 to access the nginx web server running inside the container.

Step 4: Clean up

docker stop my_container
docker rm my_container
docker network rm my_macvlan

Overlay Networks

Overlay networks are a type of Docker network that enables communication between containers running on different Docker nodes or hosts. This allows for container-to-container communication across multiple Docker hosts in a distributed or swarm mode environment. Overlay networks are created on top of the existing physical network infrastructure, providing a virtualized network that spans across Docker nodes, allowing containers to communicate with each other as if they were running on the same host.

Overlay networks are created using Docker Swarm, which is Docker’s native clustering and orchestration solution. Docker Swarm enables the creation of a swarm mode cluster that consists of multiple Docker nodes, and overlay networks can be created and managed as part of the swarm mode cluster.

Overlay networks are best when you need containers running on different Docker hosts to communicate, or when multiple applications work together using swarm services.

In following example, an overlay network named “my_overlay_network” is created in a Docker Swarm mode cluster. Then, a service named “my_service” is launched using the nginx image, and it is connected to the “my_overlay_network” overlay network. The service is then scaled to have 3 replicas, and the nginx service running in the containers can be accessed using the service name “my_service”. This demonstrates how Docker overlay networks can be used to enable container-to-container communication across different Docker nodes in a swarm mode cluster.

Step 1: Initialize Docker Swarm

docker swarm init

Step 2: Create an overlay network

docker network create -d overlay my_overlay_network

Step 3: Launch services connected to the overlay network

docker service create --name my_service --network my_overlay_network nginx

Step 4: Scale the service

docker service scale my_service=3

This scales the “my_service” service to have 3 replicas, which means it will create 3 containers running the nginx service, and all of them will be connected to the “my_overlay_network” overlay network.

Step 5: Access the services

You can now access the nginx service running in the containers on the overlay network using the service name “my_service” as the DNS name. For example, you can open a web browser and enter http://my_service to access the nginx web server running inside the containers.

Step 6: Clean up

docker service rm my_service
docker network rm my_overlay_network
docker swarm leave --force

Command Line Reference

Docker networks are used to facilitate communication and connectivity between containers. Here are some important Docker network commands:

Following command is used to create a new Docker network. You can specify the network type, such as bridge, overlay, macvlan, etc., and configure various network settings like IP address ranges, DNS resolution, and more.

# template -> docker network create
docker network create --driver overlay
docker network create --driver bridge

Following command lists all the Docker networks that are currently available on your system. You can see the names, types, and other details of the networks.

docker network ls

Following command provides detailed information about a specific Docker network. You can use it to check the configuration, endpoints, containers attached to the network, and more.

docker network inspect

Following command is used to connect/disconnect a container to a Docker network. You need to specify the network name and the container name or ID. This allows containers to communicate with each other using their container names or aliases.

docker network connect
docker network disconnect

Following command is used to remove a Docker network. You need to specify the network name or ID. Note that you cannot remove a network that has containers connected to it. You must disconnect the containers first using docker network disconnect before removing the network.

docker network rm

Following command is used to remove all unused Docker networks from your system. This can help clean up your system and free up resources.

docker network prune

Thank you for your patience and for reading up to this point. If you have any questions, please feel free to reach out to me!