Juniper - Docker Network
Resources
Contents
Network Types Available to Docker
Docker uses a pluggable networking sub-system and by default have:
bridge- creates a Linux virtual bridge and attaches the container to the bridge porthost- attaches the container to the host networknone- container has only a loopback interfaceOrchestrators such as K8's and OpenShift may implement network functionality through Docker network plugins to enable multi-host networking which giver more options available. We will focus on options available on a default single host deployment
Bridge Networks
The above is the default bridge when you install docker. Its called 'docker0' and any containers created will be assigned an IP address from this range of 172.17.0.0/16). From the above diagram we see 2 apps deployed, each with an assigned IP of 172.17.0.2/16 and 172.17.0.3/16. The docker itself will get the .1 address
Now the link between the container and the bridge - on the CONTAINER end it will have an interface of eth0 and then from the perspective of the Linux Kernel, these will be 'virtual Ethernet" interfaces (v ethxx) and followed on by randomly generated set of numbers.
Be default it also does SOURCE NAT using the IP tables function and thus allowing access TO the internet What we will also see when we do "port-mapping" to expose a container port that's actually going to result in a DESTINATION NAT rule which will allow access from the internet (public) to reach these containers through specific PORTS on an interface on the HOST operating system.
Docker CLI
-Check if we have any containers running: docker container list
-Check to see the networks available: docker network list
-Check from the perspective of the Linux kernel: ip a will see 'docker0' which represents the 'bridge0' network you see in the above command. This has the IP of 172.17.0.1 which is the DG for all containers attached to that default network.
-Check virtual bridges using the the bridge utility (apt install bridge-utils) : brctl show
which will show available bridges (default will show docker0 bridge with no attached interfaces)
-Check ip tables - specifically the NAT table: sudo iptables -t nat --list here we can see that there is one bridge in place 'docker0' and a rule (source based NAT) which will masquerade any 172.16.17.0/16 IP address to the docker 0 bridge IP
Create Custom Network
We are going to use the 'docker network create' command with a few options: --driver (here we will chose the 'bridge' driver, - we can see what drivers are available from the 'docker network list' and look for 'DRIVER". It is the 'default' driver but we will specify it anyway -o (custom options) for this driver , and name this bridge interface "com.docker.network.bridge.name=appbr0" --subnet=172.200.0.0/16 and name of this NETWORK we will call 'app_net'
docker network create --driver=bridge -o "com.docker.network.bridge.name=appbr0" --subnet 172.200.0/16 app_net
Here we can see a new network called "app_net" was created using the "bridge driver " as well as the IP address allocated to it with the first usable address allocated as the DG of any containers attached to THAT particular bridge.
Using the 'bridge utils' brctl show we can see the new bridge interface (appbr0) shown below
We can also inspect the details of any of the networks using the
docker network inspect <network-name>
docker network inspect bridge
docker network inspect app_netThis is displayed in JSON format
Last updated
Was this helpful?