Docker Networking

Connecting Docker Containers with each other and with outside world.
Types of Docker networking

Bridge Networking

Docker creates virtual network called bridge network on docker host and assigns IP addresses to all containers inside the nwtwork. Now any container can reach other container using IP and port.

Example: Run 2 different Alpine containers on same docker host and commmunicate between them

    |------------------- Host ----------------------|
    | |------ Bridge network(172.17.0.*) --------|  |
    | | Container-1(172.17.0.2)                  |  |
    | | Container-2(172.17.0.3)                  |  |
    | |       Host(172.17.0.1)                   |  |
    | |------------------------------------------|  |
    |-----------------------------------------------|
    

1. Start Docker desktop. Start Windows Powershell and list the network.

ps> docker network ls
NETWORK ID      NAME       DRIVER     SCOPE
17e324f45964    bridge     bridge     local   //Default bridge network
6ed54d316334    host       host       local
7092879f2cc8    none       null       local
                

2. Start 2 alpine containers, running ash(This is default alpine shell rather than bash).

$ docker run -dit --name alpine1 alpine ash 
$ docker run -dit --name alpine2 alpine ash

$ docker container ls                        //Check containers have started or not?
CONTAINER ID        IMAGE      COMMAND     CREATED          STATUS             PORTS        NAMES
602dbf1edc81        alpine     "ash"       4 seconds ago    Up 3 seconds                   alpine2
da33b7aa74b0        alpine     "ash"       17 seconds ago   Up 16 seconds                  alpine1
            

3. inspect Brigde network to see to what containers are connected to?

$ docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "17e324f459648a9baaea32b248d3884da102dde19396c25b30ec800068ce6b10",
        "Created": "2017-06-22T20:27:43.826654485Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"         //Gateway between docker host and Bridge N/W
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Containers": {
            "602dbf1edc81813304b6cf0a647e65333dc6fe6ee6ed572dc0f686a3307c6a2c": {
                "Name": "alpine2",
                "EndpointID": "03b6aafb7ca4d7e531e292901b43719c0e34cc7eef565b38a6bf84acf50f38cd",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",         // IP of container 2
                "IPv6Address": ""
            },
            "da33b7aa74b0bf3bda3ebd502d404320ca112a268aafe05b4851d1e3312ed168": {
                "Name": "alpine1",
                "EndpointID": "46c044a645d6afc42ddd7857d19e9dcfb89ad790afb5c239a35ac0af5e8a5bc5",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",         // IP of container 1
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
            

2. None Networking

This completely disables the networking stack on the container. Within the container, only the loopback device is created

$ docker run --rm -dit  --network none  --name no-net-alpine   alpine:latest   ash

//Check the container’s network stack... no eth0 created
$ docker exec no-net-alpine ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0
3: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN qlen 1
    link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
    
//Stop the container. It is removed automatically because it was created with the --rm flag
$ docker stop no-net-alpine
                    

3. Host Networking

Container's network stack is same as host network stack. IP Address of container is same as host OS. Useful in situtation where container needs to listen/read/write on large number of ports.
Advantages 1. Expose 1 port and IP access the service. Example: 50 Game servers are running in Docker containers on same host. Requests are routed using kubernets to free game server.
Disadvantages: Host networking driver only work on linux not on Windows and MAC.

Example: Nginx container binds directly to port 80 on the Docker host:
Start ngnix in container with host networking, ngnix listens on port 80 which is same as docker host.

# docker run --rm -d --network host --name my_nginx nginx         //Create and start container as detached process
# ip addr show 
# sudo netstat -tulpn | grep :80                                  //Check which process is binded to port 80.
# docker container stop my_nginx                                  //Stop the container, it will be removed automatically since start with -rm switch