Docker containers and network interfaces

A Docker network defines a communication trust zone where communication is unrestricted between containers in that network.

Each network is associated with a bridge interface on the host, and firewall rules are defined to filter traffic between these interfaces. Typically, containers within a zone that share the same Docker network and host bridge interface can communicate with each other. An exception to this general rule is that apps run on the same dockerApps network, but are isolated from each other by the firewall.

Docker interfaces

To view a list of Docker interfaces, type the following command:

docker network ls

Here's an example of the output:

[root@q1dk00 ~]# docker network ls 
NETWORK ID    NAME    DRIVER SCOPE 
943dd35a4747 appProxy bridge local 
9e2ba36111d1 dockerApps bridge local
514471d98b42 dockerInfra bridge local

The dockerApps interface is used to apply rules for communication between apps.

The appProxy interface displays the nginx_framework_apps_proxy container.

The dockerInfra interface is used to host service launcher and qoauth. Apps are isolated from most infrastructure components but they must be able to connect to service launcher and qoauth to manage secrets and authorization.

Information about Docker interfaces

Type the following command to get information about Docker interfaces:

docker inspect <docker_container_ID> | grep NetworkMode

Here's an example of the output:

"NetworkMode": "appProxy"

This example shows how you use the docker inspect <docker_container_ID> command and pipe it to less to view more network details:

docker inspect d9b3e58649de | less

Here's an example of the output:

"Networks": {
                           "dockerApps": {
                               "IPAMConfig": null,
                               "Links": null,
                               "Aliases": [
                                   "d9b3e58649de" 
                               ], "NetworkID":
 "79bc4716da5139a89cfa5360a3b72824e67701523768822d11b53caeaa5e349e", 
                               "EndpointID": 
"9dba9d9a174b037f72333945b72cdf60c3719fdb9a3a10a14a8ee3cc0e92a856", 
                               "Gateway": "172.18.0.1", 
                               "IPAddress": "172.18.0.2", 
                               "IPPrefixLen": 16,
                               "IPv6Gateway": "2003:db8:1::1",
                               "GlobalIPv6Address": "2003:db8:1::2",
                               "GlobalIPv6PrefixLen": 64,
                               "MacAddress": "02:42:ac:12:00:02"
                        }

The output in this example shows the configuration of the network that is used by the specified container (d9b3e58649de), and shows the Docker network interface name (dockerApps) and the IP address of the network that is assigned to the Docker container.