CozyFex
Posts Tags Categories English
CozyFex

Contents

Docker Network

CozyFex included in kubernetes k8s orchestration network docker
   630 words   3 minutes 

Docker Network Mode

ModeCommandDescription
NONEdocker run --network none nginxThe container is isolated.
HOSTdocker run --network host nginxThe container uses host network.
BRIDGEdocker run nginxThe container uses bridge network that.

NONE

NONE
The containers are being isolated. So they can’t connect out of the container.
1
2

docker run --network none nginx
docker run --network none nginx
/docker-network/docker-network-none.png

HOST

HOST
The containers are running on host network, so the containers are using same ports between host and containers.
Below example, the first container is running, but second container is fail to running because it tries to use a port 80 that is used in first container.
The nginx is using a port 80 as a default.
You can connect to http://192.168.1.10:80
1
2
3
4
5

# It's UP
docker run --network host nginx

# It's gonna DOWN
docker run --network host nginx
/docker-network/docker-network-host.png

BRIDGE

BRIDGE
The docker make a BRIDGE for the docker network.
And each container has they own network.
That means each container can use a 80 port.
You can connect below links in local network.
http://172.17.0.2:80
http://172.17.0.3:80
1
2

docker run nginx
docker run nginx
/docker-network/docker-network-bridge.png

How to Work Docker Bridge?

Docker Bridge Network
In this section, we will discover the docker bridge network process.
You can more detail my past network posts

Create a Bridge in Docker Network NS bridge

Check Docker Namespace List

1

docker network ls

1
2
3
4

NETWORK ID     NAME      DRIVER    SCOPE
014bb41965bc   bridge    bridge    local
6d0dbe525ff9   host      host      local
004833fb1e77   none      null      local

Crate Bridge

1

ip link add docker0 type bridge

1

ip link

1
2
3
4
5
6

...
...
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
   link/ether 02:42:88:56:50:83 brd ff:ff:ff:ff:ff:ff
...
...
/docker-network/docker-network-create-bridge.png

Assign IP to the Bridge

1

ip addr add 172.17.0.1 dev docker0

1

ip link

1
2
3
4
5
6
7

...
...
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
   link/ether 02:42:88:56:50:83 brd ff:ff:ff:ff:ff:ff
   inet 172.17.0.1/24 brd 172.17.0.255 scope global docker0
...
...
/docker-network/docker-network-bridge-assign-ip.png

Create a Container and Network Namespace

/docker-network/docker-network-container-ns.png

Check Network Namespace

1
2
3

ip netns

b3165c10a92b

1
2
3
4

docker inspect 56bf13ceac4d | grep -i sandbox

            "SandboxID": "b3165c10a92b50edce4c8aa5f37273e180907ded31",
            "SandboxKey": "/var/run/docker/netns/b3165c10a92b",

Create a vEth(Virtual Ethernet) Pairs(Pipe, Virtual Cabe)

1

ip link add eth0@if8 type veth peer name vethbb1c343@if7
/docker-network/docker-network-veth.png

Attach vEth to the Bridge

1

ip link set vethbb1c343@if7 master docker0
/docker-network/docker-network-veth-bridge.png

Attach vEth to the Container Namespace

1

ip link set eth0@if8 netns b3165c10a92b
/docker-network/docker-network-veth-bridge-ns.png

Assign IP to the Container vEth

1

ip -n b3165c10a92b addr add 172.17.0.3/24 dev eth0@if8

1

ip -n b3165c10a92b link

1
2
3
4
5
6
7

...
...
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
...
...
/docker-network/docker-network-container-ip.png

Bring the Bridge Up

1
2
3

ip link set docker0 up
ip link set vethbb1c343@if7 up
ip -n b3165c10a92b link set eth0@if8 up
/docker-network/docker-network-up.png

Enable NAT

In Local

1
2
3

curl http://172.17.0.3:80

Welcome to nginx!

Out of Local

Use Bridge Network
1
2
3

curl http://172.17.0.3:80

curl: (7) Failed to connect... No route to host
Use Host Network
1
2
3

curl http://192.168.1.10:8080

curl: (7) Failed to connect... No route to host

Docker Port Forward

1

docker run -p 8080:80 nginx

1
2
3

curl http://192.168.1.10:8080

Welcome to nginx!

Manually Port Forward

1
2
3
4
5
6

iptables \
  –t nat \
  -A PREROUTING \
  -j DNAT \
  --dport 8080 \
  --to-destination 172.17.0.3:80

Check Port Forward List

1

iptables -nvL -t nat

1
2
3
4

Chain DOCKER (2 references)
target      prot    opt     source      destination
RETURN      all     --      anywhere    anywhere
DNAT        tcp     --      anywhere    anywhere        tcp dpt:8080 to:172.17.0.3:80
Updated on 2021-05-30
Read Markdown
 kubernetesnetworkdockernonehostbridge
Back | Home