Within Docker, there are five network specifications available. We will cover the differences of each and give some examples of setting the driver up.
These are like the networking in VirtualBox. The networking is for the containers to communicate with one another, whether on the same host.
Be sure you are familiar with the five types and practice them.
Five Network Types
Each network type has its own abilities, which can make one driver more suitable for a container than another. Let's look at the types:
NOTE: Do not confuse the network Overlay with the file access called Overlay.
View Types
Once Docker is installed and running, it has all five network drivers available. To see the network drivers, use the command:
docker network ls
I show the output in Figure 1.
FIGURE 1
Here we can see the five types are all available.
The names of the networks are:
View Container Network Information
If you should open a new container, such as Ubuntu:
docker run --name OS -it ubuntu /bin/bash
If you open another terminal on the same Host and run the command 'docker ps', there should be a listing for the Ubuntu Docker container named 'OS'.
If you want to see information about the container, then run 'docker container inspect OS | grep IPAddress'. My result is '172.17.0.2'. To see a full listing of the JSON file, use the command 'docker container inspect OS | less'.
It is possible to get to the information, such as to get to the 'Gateway'. The command is 'docker container inspect --format="{{.NetworkSettings.Networks.bridge.Gateway}}" OS'. The response, in my case, is '172.17.0.1'. The format is a listing of the JSON section titles, each separated by a period.
What if we wanted to create a new driver and specify a different default IP Address?
Create Your Own Bridge Network Driver Specs
We first need to create a new network driver with the following command:
docker network create --driver=<type> --subnet=<subnet> <device-name>
NOTE: Docker only allows the existing network driver for the 'host' and 'null'.
I'm hoping you realize you use 'overlay' and 'ingress' for swarms. We will use 'bridge' and 'Docker Gateway Bridge' as our two left for standard use.
So, let's create a new network driver and use it for our examples. For the first example, we'll use a driver type of 'bridge'. The subnet will be '10.0.10.0/24'. We will call the network device 'bridge-1'. The command will be:
docker network create --driver=bridge --subnet=10.0.10.0/24 bridge-1
NOTE: you can delete the network driver with the command 'docker network rm <device-name>. Use the parameter '-f' to force the removal if an issue occurs. Remove the driver from containers before removing the driver from the Host.
If you run 'ifconfig' on the Host, you see that a new driver exists. In my case, you can see this in Figure 2.
FIGURE 2
The IP Address of the device is the first address in the subnet created. We consider this device the Gateway of the subnet. Since this is a bridge, we should get access to the Host's network and so access to the Internet.
In the Ubuntu container, we can perform:
apt update
apt install net-tools
ifconfig
The command will install 'net-tools' which include the command 'ifconfig'. Your container should have two devices 'eth0' and 'lo'. The device 'eth0' should have an address of '172.17.0.2'. This is the first address available on the subnet, after the Gateway, and used by 'OS'.
From a second terminal, we can connect the container to the newly created driver with:
docker network connect bridge-1 OS
Now, from the Ubuntu container, we can now run 'ifconfig' and a second adapter has appeared named 'eth1'. The IP Address for the new device is '10.0.10.2'. After we connect the new network device to the container, the old device remains connected. We can disconnect the 'bridge' network with the command from a second terminal:
docker network disconnect bridge OS
In the Ubuntu container, we can run 'ifconfig' and see that 'eth0' has disappeared. The connections for the container is the new network device named 'bridge-1'.
From the Host I can ping '10.0.10.2', but from other systems on the same network as the Host, I cannot ping the Ubuntu container. To make this work, we must expose a port.
To expose a Port, we will pull 'httpd' into Docker as an image. We will then start the 'httpd' container and expose the Port with the command:
docker run --name web -d -p 80:80 httpd
We can then connect the new container to the device 'bridge-1' with:
docker network connect bridge-1 web
We can disconnect the 'bridge' device:
docker network disconnect bridge web
If you want to see the IP Address of the container, you can use one of the previous methods we covered. The command is:
docker container inspect web | grep IPAddress
My result is '10.0.10.3' for 'web'.
From an Internet Browser on Server1, you can open the local Host's IP Address and see the text 'It works!'. The Host's IP Address and the Port number can access the 'web' container. For HTTP, the default is Port 80, which is what we are forwarding to on 'Server1'. I forwarded port 80 on Server1 to Port 80 on the container 'web'.
Since we are using a 'bridge' network device, we can access the container from other systems on the Host's network as long as we expose a Port. To test this, start Server2 and open a web browser. In the web browser, use the address of Server1.
Without the open Port, you could not access a container on another Host using a 'bridge' type.
Create Your Own Overlay Network Driver Specs
Keep in mind that the 'Overlay' and 'Ingress' we use these network drivers in a swarm.
We can create a new network driver called 'overlay-1' with a subnet of '10.0.20.0/24'.
docker network create --driver=overlay --subnet=10.0.20.0/24 overlay-1
Using the command 'docker network ls', you can see the new driver.
We can now create a service that we will replicate to only two of the three Nodes in the swarm.
docker service create --name web -p 80:80 --network overlay-1 --replicas 2 httpd
You can see that we put the replicas directly on the new network driver and will not need to perform 'connect' and 'disconnect' commands.
Since I only replicated to one other Node, the system replicates the 'overlay-1' driver to one Node as well. My Server3 Node does not have the network driver 'overlay-1' since it was not replicated to from the command we used.
Using a browser, you can connect to the 'httpd' service using the IP Address of the Host on 'Docker1' and 'Docker2'.
If you want to determine which servers the service is running on, use:
docker service ps web
The result on my server are 'docker1' and 'docker2'.
Conclusion
You should now understand and be able to manage and create network drivers.
Network drivers can affect how you interact with your containers on the network.
These are like the networking in VirtualBox. The networking is for the containers to communicate with one another, whether on the same host.
Be sure you are familiar with the five types and practice them.
Five Network Types
Each network type has its own abilities, which can make one driver more suitable for a container than another. Let's look at the types:
- Overlay - allows for communication between systems in a swarm. This is the default driver for all nodes in a swarm.
- Bridge - containers can communicate with one another through a private network between hosts.
- Host - containers are accessible by open ports on the host, by containers on that host.
- Ingress - same as Overlay, but the network traffic is load balanced. The swarm is accessible by a single name, but not by individual IP Addresses.
- Docker Gateway Bridge - containers have access to Hosts physical network to other Nodes in a swarm. After adding a new Node, it extends the network to the new host.
- None - there is no network. Containers can only access other containers that are on the same host.
NOTE: Do not confuse the network Overlay with the file access called Overlay.
View Types
Once Docker is installed and running, it has all five network drivers available. To see the network drivers, use the command:
docker network ls
I show the output in Figure 1.
FIGURE 1
Here we can see the five types are all available.
The names of the networks are:
- Overlay web_default
- Bridge bridge
- Host host
- Ingress ingress
- Docker Gateway Bridge docker_gwbridge
- None none
- Overlay - 10.0.1.0/24
- Bridge - 172.17.0.0/16
- Host - none
- Ingress - 10.0.0.0/24
- Docker Gateway Bridge - 172.18.0.0/16
- None - none
View Container Network Information
If you should open a new container, such as Ubuntu:
docker run --name OS -it ubuntu /bin/bash
If you open another terminal on the same Host and run the command 'docker ps', there should be a listing for the Ubuntu Docker container named 'OS'.
If you want to see information about the container, then run 'docker container inspect OS | grep IPAddress'. My result is '172.17.0.2'. To see a full listing of the JSON file, use the command 'docker container inspect OS | less'.
It is possible to get to the information, such as to get to the 'Gateway'. The command is 'docker container inspect --format="{{.NetworkSettings.Networks.bridge.Gateway}}" OS'. The response, in my case, is '172.17.0.1'. The format is a listing of the JSON section titles, each separated by a period.
What if we wanted to create a new driver and specify a different default IP Address?
Create Your Own Bridge Network Driver Specs
We first need to create a new network driver with the following command:
docker network create --driver=<type> --subnet=<subnet> <device-name>
NOTE: Docker only allows the existing network driver for the 'host' and 'null'.
I'm hoping you realize you use 'overlay' and 'ingress' for swarms. We will use 'bridge' and 'Docker Gateway Bridge' as our two left for standard use.
So, let's create a new network driver and use it for our examples. For the first example, we'll use a driver type of 'bridge'. The subnet will be '10.0.10.0/24'. We will call the network device 'bridge-1'. The command will be:
docker network create --driver=bridge --subnet=10.0.10.0/24 bridge-1
NOTE: you can delete the network driver with the command 'docker network rm <device-name>. Use the parameter '-f' to force the removal if an issue occurs. Remove the driver from containers before removing the driver from the Host.
If you run 'ifconfig' on the Host, you see that a new driver exists. In my case, you can see this in Figure 2.
FIGURE 2
The IP Address of the device is the first address in the subnet created. We consider this device the Gateway of the subnet. Since this is a bridge, we should get access to the Host's network and so access to the Internet.
In the Ubuntu container, we can perform:
apt update
apt install net-tools
ifconfig
The command will install 'net-tools' which include the command 'ifconfig'. Your container should have two devices 'eth0' and 'lo'. The device 'eth0' should have an address of '172.17.0.2'. This is the first address available on the subnet, after the Gateway, and used by 'OS'.
From a second terminal, we can connect the container to the newly created driver with:
docker network connect bridge-1 OS
Now, from the Ubuntu container, we can now run 'ifconfig' and a second adapter has appeared named 'eth1'. The IP Address for the new device is '10.0.10.2'. After we connect the new network device to the container, the old device remains connected. We can disconnect the 'bridge' network with the command from a second terminal:
docker network disconnect bridge OS
In the Ubuntu container, we can run 'ifconfig' and see that 'eth0' has disappeared. The connections for the container is the new network device named 'bridge-1'.
From the Host I can ping '10.0.10.2', but from other systems on the same network as the Host, I cannot ping the Ubuntu container. To make this work, we must expose a port.
To expose a Port, we will pull 'httpd' into Docker as an image. We will then start the 'httpd' container and expose the Port with the command:
docker run --name web -d -p 80:80 httpd
We can then connect the new container to the device 'bridge-1' with:
docker network connect bridge-1 web
We can disconnect the 'bridge' device:
docker network disconnect bridge web
If you want to see the IP Address of the container, you can use one of the previous methods we covered. The command is:
docker container inspect web | grep IPAddress
My result is '10.0.10.3' for 'web'.
From an Internet Browser on Server1, you can open the local Host's IP Address and see the text 'It works!'. The Host's IP Address and the Port number can access the 'web' container. For HTTP, the default is Port 80, which is what we are forwarding to on 'Server1'. I forwarded port 80 on Server1 to Port 80 on the container 'web'.
Since we are using a 'bridge' network device, we can access the container from other systems on the Host's network as long as we expose a Port. To test this, start Server2 and open a web browser. In the web browser, use the address of Server1.
Without the open Port, you could not access a container on another Host using a 'bridge' type.
Create Your Own Overlay Network Driver Specs
Keep in mind that the 'Overlay' and 'Ingress' we use these network drivers in a swarm.
We can create a new network driver called 'overlay-1' with a subnet of '10.0.20.0/24'.
docker network create --driver=overlay --subnet=10.0.20.0/24 overlay-1
Using the command 'docker network ls', you can see the new driver.
We can now create a service that we will replicate to only two of the three Nodes in the swarm.
docker service create --name web -p 80:80 --network overlay-1 --replicas 2 httpd
You can see that we put the replicas directly on the new network driver and will not need to perform 'connect' and 'disconnect' commands.
Since I only replicated to one other Node, the system replicates the 'overlay-1' driver to one Node as well. My Server3 Node does not have the network driver 'overlay-1' since it was not replicated to from the command we used.
Using a browser, you can connect to the 'httpd' service using the IP Address of the Host on 'Docker1' and 'Docker2'.
If you want to determine which servers the service is running on, use:
docker service ps web
The result on my server are 'docker1' and 'docker2'.
Conclusion
You should now understand and be able to manage and create network drivers.
Network drivers can affect how you interact with your containers on the network.
