Basic Networking with Docker
Networks can be configured to provide complete isolation for containers, which enable building web applications that work together securely.
Docker network
To view Docker networks, run:
docker network ls
To get further details on networks, run:
docker network inspect
Default behavior
Docker creates three networks automatically on install: bridge, none, and host. Specify which network a container should use with the --net flag. If you create a new network my_network (more on this later), you can connect your container (my_container) with:
docker run my_container --net=my_network
Bridge
All Docker installations represent the docker0 network with bridge; Docker connects to bridge by default. Run ifconfig on the Linux host to view the bridge network.
When you run the following command in your console, Docker returns a JSON object describing the bridge network (including information regarding which containers run on the network, the options set, and listing the subnet and gateway).
docker network inspect bridge
Docker automatically creates a subnet and gateway for the bridge network, and docker run automatically adds containers to it. If you have containers running on your network, docker network inspect displays networking information for your containers.
Any containers on the same network may communicate with one another via IP addresses. Docker does not support automatic service discovery on bridge. You must connect containers with the --link option in your docker run command.
The Docker bridge supports port mappings and docker run --link allowing communications between containers on the docker0 network. However, these error-prone techniques require unnecessary complexity. Just because you can use them, does not mean you should. It’s better to define your own networks instead.
None
This offers a container-specific network stack that lacks a network interface. This container only has a local loopback interface (i.e., no external network interface).
Host
This enables a container to attach to your host’s network (meaning the configuration inside the container matches the configuration outside the container).
Defining your own networks
You can create multiple networks with Docker and add containers to one or more networks. Containers can communicate within networks but not across networks. A container with attachments to multiple networks can connect with all of the containers on all of those networks. This lets you build a “hub” of sorts to connect to multiple networks and separate concerns.
Creating a bridge network
Bridge networks (similar to the default docker0 network) offer the easiest solution to creating your own Docker network. While similar, you do not simply clone the default0 network, so you get some new features and lose some old ones. Follow along below to create your own my_isolated_bridge_network and run your Postgres container my_psql_db on that network:
$ docker network create --driver bridge my_isolated_bridge_network
3b7e1ad19ee8bec9628b18f9f3691adecd2ea3395ec248f8fa57a2ec85aa71c1
$ docker network inspect my_isolated_bridge_network
[
{
"Name": "my_isolated_bridge_network",
"Id": "3b7e1ad19ee8bec9628b18f9f3691adecd2ea3395ec248f8fa57a2ec85aa71c1",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
$ docker network ls
NETWORK ID NAME DRIVER
fa1ff6106123 bridge bridge
803369ddc1ae host host
3b7e1ad19ee8 my_isolated_bridge_network bridge
01cc882aa43b none null
$ docker run --net=my_isolated_bridge_network --name=my_psql_db postgres
$ docker network inspect my_isolated_brige_network
[
{
"Name": "my_isolated_bridge_network",
"Id": "3b7e1ad19ee8bec9628b18f9f3691adecd2ea3395ec248f8fa57a2ec85aa71c1",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {
"b4ba8821a2fa3d602ebf2ff114b4dc4a9dbc178784dad340e78210a1318b717b": {
"Name": "my_psql_db",
"EndpointID": "4434c2c253afed44898aa6204a1ddd9b758ee66f7b5951d93ca2fc6dd610463c",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
Any other container you create on this network can immediately connect to any other container on this network. The network isolates containers from other (including external) networks. However, you can expose and publish container ports on the network, allowing portions of your bridge access to an outside network.
Connect and Disconnect network
Consider container container1 is running with none network and you want to remove none network and add bridge network to container1
1. docker network disconnect none container1
2. docker network connect bridge container1
Create a network with a given subnet
Create the bridge network br1
docker network create -d bridge --subnet=192.168.0.0/16 --gateway=192.168.0.1 br1
docker network create -d bridge --subnet=172.168.0.0/16 --gateway=172.168.0.1 br2
COMMENTS