# Juniper - Docker Network
## Resources
* [Docker Networking - Juniper](https://www.youtube.com/watch?v=MGBAXJnoqbA\&t=2s)
### Contents
| Table Of Contents |
| ----------------------------------------------------------------------- |
| [Network Types Available to Docker](#network-types-available-to-docker) |
| [Docker CLI](#docker-cli) |
| [Create Custom Network](#create) |
## Network Types Available to Docker
Docker uses a pluggable networking sub-system and by default have:
* **`bridge`** - creates a Linux virtual bridge and attaches the container to the bridge port
* **`host`** - attaches the container to the host network
* **`none`** - container has only a loopback interface
* Orchestrators such as K8's and OpenShift may implement network functionality through Docker network plugins to enable multi-host networking which giver more options available.\ We will focus on options available on a default single host deployment
## Bridge Networks
The above is the default bridge when you install docker. Its called 'docker0' and any containers created will be assigned an IP address from this range of 172.17.0.0/16).\
From the above diagram we see 2 apps deployed, each with an assigned IP of **172.17.0.2/16** and **172.17.0.3/16**. The docker itself will get the .1 address
Now the link between the container and the bridge - on the CONTAINER end it will have an interface of eth0 and then from the perspective of the Linux Kernel, these will be 'virtual Ethernet" interfaces (v ethxx) and followed on by randomly generated set of numbers.
Be **default** it also does **SOURCE NAT** using the IP tables function and thus allowing access **TO** the internet\
What we will also see when we do **"port-mapping"** to expose a container port that's actually going to result in a **DESTINATION NAT** rule which will allow access from the internet (public) to reach these containers through specific **PORTS** on an interface on the **HOST** operating system.
### Docker CLI
-Check if we have any containers running: `docker container list` \
-Check to see the networks available: `docker network list`\
-Check from the perspective of the Linux kernel: `ip a` will see 'docker0' which represents the 'bridge0' network you see in the above command. This has the IP of 172.17.0.1 which is the DG for all containers attached to that default network.\
-Check virtual bridges using the the bridge utility (`apt install bridge-utils`) : `brctl show`\
which will show available bridges (default will show docker0 bridge with no attached interfaces)\
-Check ip tables - specifically the NAT table: `sudo iptables -t nat --list` here we can see that there is one bridge in place 'docker0' and a rule (source based NAT) which will masquerade any 172.16.17.0/16 IP address to the docker 0 bridge IP
### Create Custom Network
We are going to use the 'docker network create' command with a few options:\ --driver (here we will chose the 'bridge' driver, - we can see what drivers are available from the 'docker network list' and look for 'DRIVER". It is the 'default' driver but we will specify it anyway\
-o (custom options) for this driver , and name this bridge interface "com.docker.network.bridge.name=appbr0" --subnet=172.200.0.0/16 and name of this NETWORK we will call 'app\_*net'*
```
docker network create --driver=bridge -o "com.docker.network.bridge.name=appbr0" --subnet 172.200.0/16 app_net
```
Here we can see a new network called "app\_net" was created using the "bridge driver " as well as the IP address allocated to it with the first usable address allocated as the DG of any containers attached to THAT particular bridge.
Using the 'bridge utils' brctl show we can see the new bridge interface (appbr0) shown below
We can also inspect the details of any of the networks using the \ `docker network inspect `
```
docker network inspect bridge
docker network inspect app_net
```
This is displayed in JSON format
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://devops.microcisco.com/docker/what-is-docker/juniper-docker-network.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.