Contents


Using docker containers networks

Comments

Overview of the docker container networks

To build web applications that act in concert securely, use the docker networks feature. Networks, by definition, provide complete isolation for containers. Hence, it is important to have control on the networks that your applications run on. Docker container networks give you that control.

This section provides an overview of the default networking behavior that the docker engine delivers natively. It describes the type of networks that are created by default and how to create your own, user-defined networks.

Default networks

When you install docker, it creates three networks automatically. You can list these networks by using the docker network ls command.

$ docker network ls
NETWORK ID          NAME                DRIVER
7fca4eb8c647        bridge              bridge
9f904ee27bf5        none                null
cf03ee007fb4        host                host

These three networks are part of docker implementation. When you run a container, you can use the --net flag to specify which network you want to run a container on. These three networks are still available to you.

  • The bridge network represents the docker0 network that is present in all docker installations. Unless you specify otherwise with the docker run --net=<NETWORK> option, the docker daemon connects containers to this network by default. You can see this bridge as part of a network stack of the host by using the ifconfig command on the host.
  • The none network adds a container to a container-specific network stack. That container lacks a network interface.
  • The host network adds a container on the hosts network stack. You can find that the network configuration inside the container is identical to the host.

User-defined networks

You can create your own user-defined networks that better isolate containers. Docker provides some default network drivers for creating these networks. You can create a new bridge network or overlay a network. You can also create a network plugin or remote network written to your own specifications.
You can create multiple networks. You can add containers to more than one network. Containers can only communicate within networks but not across networks. A container that is attached to two networks can communicate with member containers in either network. When a container is connected to multiple networks, the external connectivity is provided through the first non-internal network, in lexical order.

Creating an overlay docker network on Power

Docker creates a bridge network by default that corresponds to docker0 bridge. You can also create your own network. The docker network command has many options which you can use to manage networks.

[root@localhost ~]# docker network create test-network
e2f569d57eb8506602fdfc3e8a20b12073782dcfd6046ce4ef76de8db3275d21

[root@localhost ~]# docker network inspect test-network
[
    {
        "Name": "test-network",
        "Id": "e2f569d57eb8506602fdfc3e8a20b12073782dcfd6046ce4ef76de8db3275d21",
        "Scope": "local",
        "Driver": "bridge",
        "IPAM": {
            "Driver": "default",
            "Config": [
                {}
            ]
        },
        "Containers": {},
        "Options": {}
    }
]

[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER
e12f674fea62        bridge              bridge              
0151f24befe9        host                host                
e2f569d57eb8        test-network        bridge              
e72a1d986a84        none                null

Also, there are other options that you can use such as --subnet, --gateway, and --ip-range. You can view more information by using the docker network –help or the docker network [COMMAND] –help commands.
You can connect a container to a network by explicitly mentioning the network when you create a container.

[root@localhost ~]# docker run -itd --name=test1 --net=test-network ppc64le/busybox /bin/sh
7699fe682353835166482d1416a70f0361ddf88940bd7102e2f84f6d46b3d113
[root@localhost ~]# docker network inspect test-network
[
    {
        "Name": "test-network",
        "Id": "e2f569d57eb8506602fdfc3e8a20b12073782dcfd6046ce4ef76de8db3275d21",
        "Scope": "local",
        "Driver": "bridge",
        "IPAM": {
            "Driver": "default",
            "Config": [
                {}
            ]
        },
        "Containers": {
            "7699fe682353835166482d1416a70f0361ddf88940bd7102e2f84f6d46b3d113": {
                "EndpointID": "cf1f3e319a1c1ec83c3eaf0d5380b9ee50c1f2d37e713425996ada6788f8e77a",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {}
    }
]

You can also dynamically attach the container to the network.

[root@localhost ~]# docker run -itd --name=test2 ppc64le/busybox /bin/sh
69d79cddbdf8a920d24993bfc16e8d064479327d8cc23f10ae25e96a2b9b057a

[root@localhost ~]# docker network connect test-network test2
[root@localhost ~]# docker network inspect test-network
[
    {
        "Name": "test-network",
        "Id": "e2f569d57eb8506602fdfc3e8a20b12073782dcfd6046ce4ef76de8db3275d21",
        "Scope": "local",
        "Driver": "bridge",
        "IPAM": {
            "Driver": "default",
            "Config": [
                {}
            ]
        },
        "Containers": {
            "69d79cddbdf8a920d24993bfc16e8d064479327d8cc23f10ae25e96a2b9b057a": {
                "EndpointID": "5dc4877e71eca2243167e97153d56c5334d98991fcc3eb2f7f968d0b68416255",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            },
            "7699fe682353835166482d1416a70f0361ddf88940bd7102e2f84f6d46b3d113": {
                "EndpointID": "cf1f3e319a1c1ec83c3eaf0d5380b9ee50c1f2d37e713425996ada6788f8e77a",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {}
    }
]

Connect

The IBM Linux Technology Center (LTC) is a team of IBM open source software developers who work in cooperation with the Linux open source development community. The LTC serves as a center of technical competency for Linux. Connect with us.

Follow us on TwitterJoin the communityRead my blog


Downloadable resources


Comments

Sign in or register to add and subscribe to comments.

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Linux
ArticleID=1035404
ArticleTitle=Using docker containers networks
publish-date=08032016